New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds ALLOWED_IMPORT_PATHS for file:// urls #520
Conversation
413fe5f
to
dd8fed9
Compare
@gmbnomis What do you think of this PR? Note also I wanted to have the validation occur at sync time, but what I realized is that sync code is fully in the control of the plugin so every plugin would need to add it. Is preventing any file:// from saving enough? What do you recommend? |
I feel like we should probably call out in the docs that ALLOWED_IMPORT_PATH is only checked at Remote creation/update and not before sync. Users might mistakenly think they can edit it on the fly. |
dd8fed9
to
854fee2
Compare
I added a note to the docs about it only be checked at creation or update time. |
Actually I realized we could put an additional check in the FileDownloader here and then I could remove this note and make it better. Wdyt? |
854fee2
to
fcdfe9b
Compare
""" | ||
from pulpcore.app.serializers import RemoteSerializer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not great, but I tried to work around the circular import several ways and it was still there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe leave a comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Anytime I see these I think circular import. I will if you want tho just lmk.
fcdfe9b
to
6000ddc
Compare
Remote.url now validate to only allow file:// paths that are a subpath of a configured ALLOWED_IMPORT_PATHS setting. This setting comes with docs. URLs starting with other protocol handlers, e.g. http:// or https:// are unaffected. https://pulp.plan.io/issues/5974 closes #5974
6000ddc
to
b7db663
Compare
Remote.url now validate to only allow file:// paths that are a subpath
of a configured ALLOWED_IMPORT_PATHS setting. This setting comes with
docs. URLs starting with other protocol handlers, e.g. http:// or
https:// are unaffected.
https://pulp.plan.io/issues/5974
closes #5974