Pulpcore

REST API

Features

- Added a repository filter to publications.
[1912](https://github.com/pulp/pulpcore/issues/1912)

- The status API endpoint now shows the python package name that provides a given plugin.
[1982](https://github.com/pulp/pulpcore/issues/1982)

- Queryset scoping can be customized by the user using the new field `queryset_scoping` on a
ViewSet's AccessPolicy.
[2114](https://github.com/pulp/pulpcore/issues/2114)

- Enabled administrators to work with a customized GnuPG home directory and keyring during the
creation of a signing service. The introduced optional arguments `--gnupghome` and `--keyring`
are available under the `pulpcore-manager add-signing-service` command.
[2476](https://github.com/pulp/pulpcore/issues/2476)

- Added the setting `REDIRECT_TO_OBJECT_STORAGE` to allow using cloud storage with or without
redirecting urls.

Added support for sftp storage via the `pulpcore.app.models.storage.PulpSFTPStorage` class.
[2537](https://github.com/pulp/pulpcore/issues/2537)

- Added more details to an error message that is shown when none of the allowed content checksums
hashers could be used.
[2550](https://github.com/pulp/pulpcore/issues/2550)

- Add contains_permission query parameter to the roles API that allows clients to get back a list
of roles that have any permission in a list of permissions.
[2715](https://github.com/pulp/pulpcore/issues/2715)

- Master Content endpoint, `/pulp/api/v3/content/`, has a new access policy that allows any
authenticated user to view content. The endpoint now scopes the content based on repositories
the user can see.
[2724](https://github.com/pulp/pulpcore/issues/2724)

- New AccessPolicies have been added to ContentGuard, Distribution, Publication, Repository,
and RepositoryVersions master ViewSets. Queryset scoping has been enabled for each ViewSet.
[2725](https://github.com/pulp/pulpcore/issues/2725)

- New AccessPolicy for ContentRedirectContentGuard ViewSet has been added.
[2726](https://github.com/pulp/pulpcore/issues/2726)

- Added dump-permissions management command to list deprecated permissions not yet translated into
roles. This is the only way to get to this information after the 3.20 release.
[2741](https://github.com/pulp/pulpcore/issues/2741)

- Add ?for_object_type query parameter to Roles API that accepts an object HREF and returns a list
of roles that only contain permissions for the given object type.
[2747](https://github.com/pulp/pulpcore/issues/2747)

- Add role description and permissions to group and user role serializer.
[2765](https://github.com/pulp/pulpcore/issues/2765)

Bugfixes

- Leading and trailing whitespace characters are no longer trimmed in passwords within remotes.
[2068](https://github.com/pulp/pulpcore/issues/2068)

- Fixed generation of the redirect url to the object storage
[2075](https://github.com/pulp/pulpcore/issues/2075)

- Taught PulpImport to stream imports rather than reading files into memory in one chunk.

This largely alleviates the memory-pressure that results from importing multiple
large repositories in parallel.
[2307](https://github.com/pulp/pulpcore/issues/2307)

- Made the API root endpoint accessible for anonymous users once again.
[2340](https://github.com/pulp/pulpcore/issues/2340)

- Removed il8n from the logs written so they will always show up in English for speedy resolution of
error messages. All user facing strings are still expected to be il8n.
[2477](https://github.com/pulp/pulpcore/issues/2477)

- Replaced "//" with "/" in base_url when CONTENT_PATH_PREFIX is "" or "/".
[2553](https://github.com/pulp/pulpcore/issues/2553)

- Fixed does_batch method in sync pipeline to allow waiting on content that is already resolved.
[2557](https://github.com/pulp/pulpcore/issues/2557)

- Fixed OOM error after uploading large chunked files.
[2573](https://github.com/pulp/pulpcore/issues/2573)

- Ensure downloader resets file on retry.
[2576](https://github.com/pulp/pulpcore/issues/2576)

- Taught PulpImport to retry more than once in the event of creation-collisions.

This fixes a rare import-failure during high-concurrency, high-content-overlap imports.
[2589](https://github.com/pulp/pulpcore/issues/2589)

- Improved the error message when HTTP proxies reject requests from Pulp.
[2654](https://github.com/pulp/pulpcore/issues/2654)

- Fix ?ordering=role on user and group role apis so that it sorts results by role name.
[2703](https://github.com/pulp/pulpcore/issues/2703)

- Add options to the role_util functions to make them work the same as guardian did.
[2739](https://github.com/pulp/pulpcore/issues/2739)

- Fixed a bug that disallowed administrators to create a signing service via the pulpcore-manager
utility.
[2798](https://github.com/pulp/pulpcore/issues/2798)

- Reduced duplicate SQL queries for `AccessPolicy` when accessing any view.
[2802](https://github.com/pulp/pulpcore/issues/2802)

- Fixed docs regarding the default for orphan protection time.
[2810](https://github.com/pulp/pulpcore/issues/2810)

- Started showing errors when users try to export remote artifacts.
[2817](https://github.com/pulp/pulpcore/issues/2817)

- Restore multiple-retry logic for PulpImport.
[2854](https://github.com/pulp/pulpcore/issues/2854)

Improved Documentation

- Cleared out some of the paragraphs from the "Pull Request Walkthrough" section.
[1852](https://github.com/pulp/pulpcore/issues/1852)
- Added a troubleshooting section that includes information on how to enable DEBUG logging.
[1944](https://github.com/pulp/pulpcore/issues/1944)
- Removed some out of date references to Redmine (the previous issue tracker). We use Github Issues
now.
[2642](https://github.com/pulp/pulpcore/issues/2642)
- Added a note about explicitly setting `content_object` to null when assigning model-level
permissions.
[2758](https://github.com/pulp/pulpcore/issues/2758)
- Fixed `extlinks` use in docs to be Sphinx==5.0.0 compatible.
[2782](https://github.com/pulp/pulpcore/issues/2782)
- Update installation instructions about "User and database configuration" for the Database setup to point to a matching Django documentation.
[2877](https://github.com/pulp/pulpcore/issues/2877)

Removals

- Removed the group permission endpoints `api/v3/groups/:id/model_permissions/` and
`api/v3/groups/:id/object_permissions/`. Permissions should be managed via roles exclusively.
[2050](https://github.com/pulp/pulpcore/issues/2050)
- Removed django-guardian from the stack. The `guardian.backends.ObjectPermissionBackend` should
not be used anymore.
[2051](https://github.com/pulp/pulpcore/issues/2051)
- Deprecated creation hook interface was removed. Creation hook need to be registered with the view
set by the plugin writer before being used. Creation hooks can no longer be added with the
deprecated name `permission_assignments`.
[2559](https://github.com/pulp/pulpcore/issues/2559)

Misc

- [2070](https://github.com/pulp/pulpcore/issues/2070), [#2244](https://github.com/pulp/pulpcore/issues/2244), [#2605](https://github.com/pulp/pulpcore/issues/2605), [#2643](https://github.com/pulp/pulpcore/issues/2643)

Plugin API

Features

- Plugins are required to provide the `python_package_name` as a string attribute on their subclass
of `PulpPluginAppConfig`.
[1982](https://github.com/pulp/pulpcore/issues/1982)

- Exposed the method `raise_for_unknown_content_units` which raises `ValidationError` for content
units that were not found in the database.
[2052](https://github.com/pulp/pulpcore/issues/2052)

- Plugins now have to enable default queryset scoping by setting the `queryset_scoping` field on the
AccessPolicy to `{"function": "scope_queryset"}`.

Default queryset scoping behavior can be changed by supplying a new `scope_queryset` method.

Extra queryset scoping functions can be declared on plugin ViewSets and used by setting the
AccessPolicy's `queryset_scoping` field.
[2114](https://github.com/pulp/pulpcore/issues/2114)

- DeclarativeArtifact now accepts a `urls` option which permits multiple URLs
to be provided for a single artifact. If multiple URLs are provided, the download
stage will try each of them in turn upon encountering failures.
[2175](https://github.com/pulp/pulpcore/issues/2175)

- Exposed the function `pulpcore.plugin.util.verify_signature` for verifying signatures created
by signing services.
[2476](https://github.com/pulp/pulpcore/issues/2476)

- Added `pulpcore.plugin.content.ArtifactResponse` to plugin API. Use this response to stream an
artifact from the object storage if redirecting is impossible.
[2537](https://github.com/pulp/pulpcore/issues/2537)

- Queryset scoping is now performed when the ViewSet's AccessPolicy field `scope_queryset` is set to
a function on the ViewSet.

`NamedModelViewSet` now has default scoping method `scope_queryset` that will scope the request
off of `queryset_filtering_required_permission` if present. If ViewSet is a master ViewSet then
scoping will be performed by calling each child's scoping method if present.
[2723](https://github.com/pulp/pulpcore/issues/2723)

- Content ViewSets default `scope_queryset` method will scope based on repositories the user can see.
[2724](https://github.com/pulp/pulpcore/issues/2724)

- Added the ability to specify an upload for the single shot upload serializer. This allows to
upload files in chunks and attach them with content in repositories without creating orphans.
[2786](https://github.com/pulp/pulpcore/issues/2786)

- Added new access condition `has_required_repo_perms_on_upload` for RBAC plugins to use to require
users to specify a repository when uploading content. If not used when uploading content, non-admin
users will not be able to see their uploaded content if queryset scoping is enabled.
[2796](https://github.com/pulp/pulpcore/issues/2796)

Bugfixes

- Reworked the ordering framework to use django-filters.

Plugins should not declare filter-backends on viewsets.
[2703](https://github.com/pulp/pulpcore/issues/2703)

Improved Documentation

- Updated plugin writers RBAC guide to explain more roles and less permissions. Removed mentions of
django-guardian.
[2463](https://github.com/pulp/pulpcore/issues/2463)
- Added docs on the expectation that all user-facing strings are i8ln wrapped with gettext, but log
messages are not.
[2477](https://github.com/pulp/pulpcore/issues/2477)

Removals

- The `pulpcore.plugin.exceptions.MissingResource` object has been removed. Instead let 404
errors propagate upwards for DRF to handle, or use the DRF exception `NotFound`.
[1812](https://github.com/pulp/pulpcore/issues/1812)
- Removed django-guardian from the stack. This includes the removal of `AutoDeleteObjPermsMixin`
from the plugin api.
[2051](https://github.com/pulp/pulpcore/issues/2051)
- Removed the `custom_file_object` argument to `pulpcore.plugin.download.BaseDownloader`. Now all
downloaded data will be written to a random file in the current working directory. Further
customization of where downloaded data can be written to can be done through subclassing.
[2137](https://github.com/pulp/pulpcore/issues/2137)
- Constructor signature of DigestValidationError and SizeValidationError has changed - the
"actual" and "expected" values are now required and "url" which was previously a positional
argument is now a keyword argument.
[2244](https://github.com/pulp/pulpcore/issues/2244)
- The pulpcore.plugin.constants.API_ROOT has been removed. Use the `V3_API_ROOT` and
`V3_API_ROOT_NO_FRONT_SLASH` settings instead.
[2556](https://github.com/pulp/pulpcore/issues/2556)
- Plugins using the `SingleArtifactContentUploadSerializer` must place a super call when
overwriting `deferred_validate`. They can only assume the existance of the `Artifact` in the
database, after this call.
[2786](https://github.com/pulp/pulpcore/issues/2786)

Misc

- [2634](https://github.com/pulp/pulpcore/issues/2634), [#2742](https://github.com/pulp/pulpcore/issues/2742)

REST API

Bugfixes

- Taught PulpImport to stream imports rather than reading files into memory in one chunk.

This largely alleviates the memory-pressure that results from importing multiple
large repositories in parallel.
[2307](https://github.com/pulp/pulpcore/issues/2307)

- Fixed does_batch method in sync pipeline to allow waiting on content that is already resolved.
[2557](https://github.com/pulp/pulpcore/issues/2557)

- Ensure downloader resets file on retry.
[2576](https://github.com/pulp/pulpcore/issues/2576)

- Taught PulpImport to retry more than once in the event of creation-collisions.

This fixes a rare import-failure during high-concurrency, high-content-overlap imports.
[2589](https://github.com/pulp/pulpcore/issues/2589)

- Improved the error message when HTTP proxies reject requests from Pulp.
[2654](https://github.com/pulp/pulpcore/issues/2654)

- Restore multiple-retry logic for PulpImport.
[2854](https://github.com/pulp/pulpcore/issues/2854)

- Improve content app performance on head requests
[2924](https://github.com/pulp/pulpcore/issues/2924)

Improved Documentation

- Removed some out of date references to Redmine (the previous issue tracker). We use Github Issues
now.
[2642](https://github.com/pulp/pulpcore/issues/2642)
- Fixed `extlinks` use in docs to be Sphinx==5.0.0 compatible.
[2782](https://github.com/pulp/pulpcore/issues/2782)

Misc

- [2605](https://github.com/pulp/pulpcore/issues/2605)

Plugin API

No significant changes.

REST API

Features

- Content app now logs where it gets on-demand and streamed content from.
[2059](https://github.com/pulp/pulpcore/issues/2059)
- Reclaim disk space can now accept ["*"] for `repo_hrefs` to specify all repositories for reclaim.
[2065](https://github.com/pulp/pulpcore/issues/2065)
- Added a filter to allow searching for user roles by their description.
[2276](https://github.com/pulp/pulpcore/issues/2276)
- Add swagger view and make OpenAPI human readable
[2291](https://github.com/pulp/pulpcore/issues/2291)
- Adds a `TASK_DIAGNOSTICS` setting which will enable each task to write out diagnostic information
such as memory usage of the task to a data file in `/var/tmp/pulp/<task_UUID>/`. This is disabled
by default.
[2329](https://github.com/pulp/pulpcore/issues/2329)
- Added a `/pulp/api/v3/distributions/` endpoint to list all distributions.
[2379](https://github.com/pulp/pulpcore/issues/2379)

Bugfixes

- Added reason for 404 error when accessing distributions without a publication.
[1910](https://github.com/pulp/pulpcore/issues/1910)

- Fixed validation order of required settings to occur before plugin settings are loaded.
[1968](https://github.com/pulp/pulpcore/issues/1968)

- Fix delete repository version causing "duplicate key value violates unique constraint" error.
[2047](https://github.com/pulp/pulpcore/issues/2047)

- Fixed two instances of Pulp not writing to the task worker's temporary directory.
[2061](https://github.com/pulp/pulpcore/issues/2061)

- Reduced memory usage during tasks like sync by holding fewer objects in-memory unnecessarily.
[2069](https://github.com/pulp/pulpcore/issues/2069)

- Fixed migration 0064_add_new_style_task_columns to purge extraneous ReservedResource and
TaskReservedResource entries, which could block sync and publish tasks post-upgrade.

Also taught the migration to bulk-update the Task changes. In large installations, this
should have a positive impact on the time it takes to apply the migration.
[2101](https://github.com/pulp/pulpcore/issues/2101)

- Taught task-purge to process tasks in batches of 1000. This prevents large purges from using
large amounts of memory as a result of reading all the affected Tasks into memory at once.
[2215](https://github.com/pulp/pulpcore/issues/2215)

- This fix prevents the lost track of a content removed version when deleting a repository version that deletes a content that is added back in the subsequent version, but deleted again in a later version.
[2267](https://github.com/pulp/pulpcore/issues/2267)

- Added transactions around repository version operations to prevent data loss.
[2268](https://github.com/pulp/pulpcore/issues/2268)

- Loosened the version-restrictions on PulpImport to only require X.Y matching.
[2269](https://github.com/pulp/pulpcore/issues/2269)

- Fix a mistake in a previous migration which may have caused improperly encrypted remote fields.
[2327](https://github.com/pulp/pulpcore/issues/2327)

- Fixed improper fields being listed in `RepositoryVersion` repair API.
[2330](https://github.com/pulp/pulpcore/issues/2330)

- Fixes duplicate key error `Key (content_artifact_id, remote_id)` when creating `RemoteArtifacts`
during syncs in pulp_container and possibly other plugins.
[2381](https://github.com/pulp/pulpcore/issues/2381)

- Declared proper dependency on user model in migration 0040.
[2403](https://github.com/pulp/pulpcore/issues/2403)

- Fixed a rare deadlock when sync'ing overlapping content in high-concurrency envs.
[2420](https://github.com/pulp/pulpcore/issues/2420)

- Fixed a (rare) deadlock around bulk_update() during syncs with overlapping content.
[2430](https://github.com/pulp/pulpcore/issues/2430)

- Fixed a bug where notifications to workers may go unnoticed. This may lead to idle workers while
there are tasks waiting.
[2506](https://github.com/pulp/pulpcore/issues/2506)

Improved Documentation

- Updates and revises docs on webserver based authentication.
[2260](https://github.com/pulp/pulpcore/issues/2260)
- Adds docs on recording and building graphs from the memory data saved by the `TASK_DIAGNOSTICS`
setting.
[2329](https://github.com/pulp/pulpcore/issues/2329)

Removals

- Removed the Django UI Admin site. It was added to provide RBAC permissions management before there
were APIs that could provide that. It was tech preview and now there are APIs for user and group
management, along with role and permission assignment. It is being removed because the direct DB
access it provides has caused some issues for users, especially since its not integrated with the
validation provided by Django Rest Framework, which Pulp uses.
[2374](https://github.com/pulp/pulpcore/issues/2374)

Plugin API

Features

- Exposed the `PulpRemoteUserAuthentication` class to plugin writers. This will allow the use of
remote authentication methods when building protected endpoints.
[2262](https://github.com/pulp/pulpcore/issues/2262)
- Added new global access conditions `has_publication_param_model_or_obj_perms` and
`has_repo_or_repo_ver_param_model_or_obj_perms` for RBAC checks.
[2364](https://github.com/pulp/pulpcore/issues/2364)
- Changed the `reusable_conditions` module configuration for access policies to being a list to
enable plugins to add custom modules to it.
[2495](https://github.com/pulp/pulpcore/issues/2495)

Bugfixes

- Adjusted the default size of the queues between pipelines to be 1 instead of 1000. The batchers in
the stage will still accumulate up to 500 (by default) items so batching is still in-effect there
where it matters.
[2069](https://github.com/pulp/pulpcore/issues/2069)

REST API

No significant changes.

Plugin API

No significant changes.

---

REST API

Bugfixes

- Fixed a warning that gets raised when cache is enabled: `RuntimeWarning: coroutine 'AsyncCache.delete' was never awaited`.
[4967](https://github.com/pulp/pulpcore/issues/4967)

Plugin API

No significant changes.

---

REST API

No significant changes.

Plugin API

No significant changes.

---