theforeman · ehelms · Dec 2, 2020 · Nov 11, 2020 · Nov 16, 2020 · Nov 20, 2020
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -123,7 +123,10 @@
 #   Django remote user environment variable
 #
 # @param allowed_import_path
-#   Allowed paths that pulp can sync from using file:// protocol
+#   Allowed paths that pulp can use for content imports, or sync from using file:// protocol
+#
+# @param allowed_export_path
+#   Allowed paths that pulp can use for content exports
 #
 # @param worker_count
 #   Number of pulpcore workers. Defaults to 8 or the number of CPU cores, whichever is smaller. Enabling more than 8 workers, even with additional CPU cores
@@ -175,6 +178,7 @@
   Integer[0] $redis_db = 8,
   Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
   Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
+  Array[Stdlib::Absolutepath] $allowed_export_path = [],
   String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
   Integer[0] $worker_count = min(8, $facts['processors']['count']),
   Boolean $service_enable = true,

diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb
@@ -30,6 +30,54 @@
           is_expected.to contain_file('/var/lib/pulp/upload')
         end
 
+        context 'with allowed import paths' do
+          let :params do
+            {
+              allowed_import_path: ['/test/path', '/test/path2'],
+            }
+          end
+
+          it do
+            is_expected.to compile.with_all_deps
+            is_expected.to contain_concat__fragment('base')
+              .with_content(%r{ALLOWED_IMPORT_PATHS = \["/test/path", "/test/path2"\]})
+
+          end
+        end
+
+        context 'with empty allowed import paths' do
+          it do
+            is_expected.to compile.with_all_deps
+            is_expected.to contain_concat__fragment('base')
+              .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
+
+          end
+        end
+
+        context 'with allowed export paths' do
+          let :params do
+            {
+              allowed_export_path: ['/test/path', '/test/path2'],
+            }
+          end
+
+          it do
+            is_expected.to compile.with_all_deps
+            is_expected.to contain_concat__fragment('base')
+              .with_content(%r{ALLOWED_EXPORT_PATHS = \["/test/path", "/test/path2"\]})
+
+          end
+        end
+
+        context 'with empty allowed export paths' do
+          it do
+            is_expected.to compile.with_all_deps
+            is_expected.to contain_concat__fragment('base')
+              .with_content(%r{ALLOWED_EXPORT_PATHS = \[\]})
+
+          end
+        end
+
         it 'sets up static files' do
           is_expected.to contain_class('pulpcore::static')
           is_expected.to contain_file('/var/lib/pulp/assets')
@@ -323,30 +371,6 @@
         end
       end
 
-      context 'with allowed import paths' do
-        let :params do
-          {
-            allowed_import_path: ['/test/path', '/test/path2'],
-          }
-        end
-
-        it do
-          is_expected.to compile.with_all_deps
-          is_expected.to contain_concat__fragment('base')
-            .with_content(%r{ALLOWED_IMPORT_PATHS = \["/test/path", "/test/path2"\]})
-
-        end
-      end
-
-      context 'with empty allowed import paths' do
-        it do
-          is_expected.to compile.with_all_deps
-          is_expected.to contain_concat__fragment('base')
-            .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
-
-        end
-      end
-
       context 'with custom static dirs' do
         let :params do
           {

diff --git a/templates/settings.py.erb b/templates/settings.py.erb
@@ -38,8 +38,8 @@ REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
     'pulpcore.app.authentication.PulpRemoteUserAuthentication'
 )
 
-<%# This setting whitelists paths that can be used for repository sync with file protocol. Katello uses the path /var/lib/pulp/sync_imports/ to run tests -%>
 ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>
+ALLOWED_EXPORT_PATHS = <%= scope['pulpcore::allowed_export_path'] %>
 
 # Derive HTTP/HTTPS via the X-Forwarded-Proto header set by Apache
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')