Don't leak overwrite kwarg into plugin validated_data#7717
Merged
Conversation
daviddavis
force-pushed
the
fix/overwrite-default-leak
branch
from
f95c106 to
87063e9
Compare
The overwrite field on NoArtifactContentSerializer was declared with
default=True, which causes DRF to inject overwrite=True into
validated_data even when the caller omits it. This broke plugins that
splat **validated_data into a content model constructor (e.g. pulp_deb
sync), producing:
TypeError: Package() got unexpected keyword arguments: 'overwrite'
Drop the field-level default and rely on the existing
validated_data.pop('overwrite', True) in create() to preserve the
'absent => True' semantics. No behavior change for API callers.
AI-Generated: github-copilot
daviddavis
force-pushed
the
fix/overwrite-default-leak
branch
from
87063e9 to
4ab9f97
Compare
ggainey
approved these changes
May 14, 2026
Backport to 3.111: 💚 backport PR created✅ Backport PR branch: Backported as #7718 🤖 @patchback |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The
overwritefield added in #7550 (commit f6dc7b9) onNoArtifactContentSerializerwas declared withdefault=True. DRF auto-injects any field with adefault=...intovalidated_dataeven when the caller does not supply it, so plugins that splat**serializer.validated_datainto a content model constructor were broken by the unexpectedoverwrite=Truekwarg.For example, in pulp_deb's sync stage (
pulp_deb/app/tasks/synchronizing.py:1057):The Django
Packagemodel has nooverwritefield, so:This caused 10 functional
test_synctests in pulp_deb to fail.The other inherited control fields on
NoArtifactContentSerializer(repository,pulp_labels) don't trigger the same issue because none of them declare adefault=, so DRF only puts them intovalidated_datawhen explicitly supplied.overwritewas the only one that leaked unconditionally.Fix
Remove the
default=Truefrom the field declaration. The existingvalidated_data.pop("overwrite", True)inNoArtifactContentSerializer.create()already encodes the "absent ⇒ True" semantics, so there is no behavior change for REST API callers:overwritevalidated_data["overwrite"] = True,popreturnsTrue→ silent overwritevalidated_data,pop("overwrite", True)returnsTrue→ silent overwriteoverwrite: falseFalseinvalidated_data→ check runsoverwrite: trueTrueinvalidated_data→ silent overwriteVerification
pulp_file/tests/functional/api/test_overwrite_content.pystill pass.test_syncfailures are resolved by this change alone.AI attribution
AI-Generated: github-copilot