Warning
Until Role-Based Access Control is added to Pulp, REST API is not safe for multi-user use.
Sensitive credentials can be read by any user, e.g. Remote.password, Remote.client_key.
- Added setting ALLOWED_CONTENT_CHECKSUMS to support limiting the checksum-algorithms Pulp uses. #5216
- Added progress-reports to the PulpExport task. #6541
- Improve performance and memory consumption of orphan cleanup. #6581
- Extra require: s3, azure, prometheus and test #6844
- Added the toc_info attribute with filename/sha256sum to PulpExport, to enable direct access to the export-TOC. #7221
- Taught export-process to clean up broken files if the export fails. #7246
- Added the django-cleanup handlers for removing files stored within FileField #7316
- Added deprecations section to the changelog. #7415
- Address some problems with stuck tasks when connection to redis is interrupted. #6449
- Fixed a bug where creating an incomplete repository version (via canceled or failed task) could cause future operations to fail. #6463
- Added validation for unknown serializers' fields #7245
- Fixed: PulpTemporaryFile stored in the wrong location #7319
- Fixed an edge case where canceled tasks might sometimes be processed and marked completed. #7389
- Fixed pulp-export scenario where specifying full= could fail silently. #7403
- Fixed OpenAPI creation response status code to 201 #7444
- The
AccessPolicy.permissions_assignmentcan now be null, which some viewset endpoints may require. #7448 - Taught export to insure export-dir was writeable by group as well as owner. #7459
- Fixed orphan cleanup for subrepositories (e.g. an add-on repository in RPM distribution tree repository). #7460
- Fixed issue with reserved resources not being displayed for waiting tasks. #7497
- Fixed broken bindings resulting from drf-spectacular 0.9.13 release. #7510
- Fix filesystem exports failing due to undefinied
validate_pathmethod. #7521 - Fix a bug that prevented users from adding permissions for models have conflicting names across different django apps. #7541
- Added pulp 2 obsolete concepts (consumers, applicability). #6255
- Enabled the automatic removal of files, which are stored in FileField, when a corresponding model's delete() method is invoked #7316
- Add add_and_remove task to pulpcore.plugin.tasking #7351
- Added deprecations section to the plugin api changelog. #7415
- The
AccessPolicy.permissions_assignmentcan now be null, which some viewset endpoints may require. #7448
- Added an example how to use a serializer to create validated objects. #5927
- Document the URLField OpenAPI issue #6828
- Added all exported models to the autogenerated API reference. #7045
- Updated docs recommending plugins to rely on a 1-release deprecation process for backwards
incompatible changes in the
pulpcore.plugin. #7413 - Adds plugin writer docs on how to ship snippets which override default webserver routes provided by the installer. #7471
- Revises the "installation plugin custom tasks" documentation to reflect that plugin writers can contribute their custom installation needs directly to the installer. #7523
No significant changes.
No significant changes.
- Remove customized operation_id from OrphansView #7446
- Fixing groups API validation #7329
- Fix custom operation_id's from OpenAPI #7341
- OpenAPI: do not discard components without properties #7347
Added table-of-contents to export and gave import a toc= to find/reassemble pieces on import. #6737
Added ability to associate a Remote with a Repository so users no longer have to specify Remote when syncing. #7015
The /pulp/api/v3/access_policies/ endpoint is available for reading and modifying the AccessPolicy used for Role Based Access Control for all Pulp endpoints. This allows for complete customization of the Authorization policies.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7160
The /pulp/api/v3/access_policies/ endpoint also includes a permissions_assignment section which customizes the permissions assigned to new objects. This allows for complete customization for how new objects work with custom define Authorization policies. #7210
The /pulp/api/v3/users/ endpoint is available for reading the Users, Group membership, and Permissions.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7231
The /pulp/api/v3/groups/ endpoint is available for reading the Groups, membership, and Permissions.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7232
The /pulp/api/v3/tasks/ endpoint now provides a user-isolation behavior for non-admin users. This policy is controllable at the /pulp/api/v3/access_policies/ endpoint.
NOTE: The user-isolation behavior is in "tech preview" and production systems are recommended to continue using the build-in
adminuser only. #7301Extended endpoint /pulp/api/v3/groups/:pk/users to add and remove users from a group.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7310
Extended endpoints /pulp/api/v3/groups/:pk/model_permissions and /pulp/api/v3/groups/:pk/object_permissions to add and remove permissions from a group.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7311
- WorkerDirectory.delete() no longer recursively trys to delete itself when encountering a permission error #6504
- Stopped preventing removal of PulpExport/Exporter when last-export existed. #6555
- First time on demand content requests appear in the access log. #7002
- Fixed denial of service caused by extra slashes in content urls. #7066
- Set a default DJANGO_SETTINGS_MODULE env var in content app #7179
- Added plugin namespace to openapi href identifier. #7209
- By default, html in field descriptions filtered out in REST API docs unless 'include_html' is set. #7299
- Fixed plugin filtering in bindings to work independently from "bindings" parameter. #7306
- Made password variable consistent with Ansible installer example playbook #7065
- Fixed various docs bugs in the pulpcore docs. #7090
- Adds documentation about SSL configuration requirements for reverse proxies. #7285
- Fixed REST API docs. #7292
- Removed unnecessary fields from the import/export transfer. #6515
- Upgrading the api documentation from OpenAPI v2 to OpenAPI v3. - Methods signatures for bindings may change. #7108
- Changed default
download_concurrencyon Remotes from 20 to 10 to avoid connection problems. Also updated existing Remotes withdownload_concurrencyof 20 to 10. #7212
Adding PulpTemporaryFile for handling temporary files between the viewset and triggered tasks #6749
RepositorySyncURLSerializerwill now check remote on the repository before it raises an exception if the remote param is not set. #7015Added a hook on
Repositorycalledartifacts_for_version()that plugins can override to modify the logic behindRepositoryVersion.artifacts. For now, this is used when exporting artifacts. #7021Enabling plugin writers to have more control on HttpDownloader response codes 400+ by subclassing HttpDownloader and overwriting raise_for_status method #7117
BaseModel now inherits from LifecycleModel provided by django-lifecycle allowing any subclass to also use it instead of signals. #7151
A new pulpcore.plugin.models.AutoDeleteObjPermsMixin object can be added to models to automatically delete all user and group permissions for an object just before the object is deleted. This provides an easy cleanup mechanism and can be added to models as a mixin. Note that your model must support django-lifecycle to use this mixin. #7157
A new model pulpcore.plugin.models.AccessPolicy is available to store AccessPolicy statements in the database. The model's statements field stores the list of policy statements as a JSON field. The name field stores the name of the Viewset the AccessPolicy is protecting.
Additionally, the pulpcore.plugin.access_policy.AccessPolicyFromDB is a drf-access-policy which viewsets can use to protect their viewsets with. See the :ref:`viewset_enforcement` for more information on this. #7158
Adds the TaskViewSet and TaskGroupViewSet objects to the plugin api. #7187
Enabled plugin writers to create immutable repository ViewSets #7191
A new pulpcore.plugin.models.AutoAddObjPermsMixin object can be added to models to automatically add permissions for an object just after the object is created. This is controlled by data saved in the permissions_assignment attribute of the pulpcore.plugin.models.AccessPolicy allowing users to control what permissions are created. Note that your model must support django-lifecycle to use this mixin. #7210
Added ability for plugin writers to set a
content_mappingproperty on content resources to provide a custom mapping of content to repositories. #7252Automatically excluding
pulp_id,pulp_created, andpulp_last_updatedforQueryModelResources. #7277Viewsets that subclass
pulpcore.plugin.viewsets.NamedModelViewSet` can declare the ``queryset_filtering_required_permissionclass attribute naming the permission required to view an object. See the :ref:`queryset_scoping` documentation for more information. #7300
- Making operation_id unique #7233
- Making ReDoc OpenAPI summary human readable #7237
- OpenAPI schema generation from CLI #7258
- Allow pulpcore.plugin.models.AutoAddObjPermsMixin.add_for_object_creator to skip assignment of permissions if there is no known user. This allows endpoints that do not use authorization but still create objects in the DB to execute without error. #7312
- Omit a view/viewset from the OpenAPI schema #7133
- Added plugin writer docs for
BaseContentResource. #7296
- Newlines in certificate string (ca_cert, client_cert, client_key) on Remotes are not required to be escaped. #6735
- Replaced drf-yasg with drf-spectacular. - This updates the api documentation to openapi v3. - Plugins may require changes. - Methods signatures for bindings may change. #7108
- Moving containers from pulpcore to pulp-operator #7171
- Added start_versions= to export to allow for arbitrary incremental exports. #6763
- Added GroupProgressReport to track progress in a TaskGroup. #6858
- Provide a user agent string with all aiohttp requests by default. #6954
- Fixed 'integer out of range' error during sync by changing RemoteArtifact size field to BigIntegerField. #6717
- Added a more descriptive error message that is shown when CONTENT_ORIGIN is not properly configured #6771
- Including requirements.txt on MANIFEST.in #6888
- Corrected a number of filters to be django-filter-2.3.0-compliant. #6915
- Locked Content table to prevent import-deadlock. #7073
- Updating installation docs #6836
- Fixed a number of typos in the import/export workflow docs. #6919
- Fixed docs which claim that admin user has a default password. #6992
- Fixed broken link to content plugins web page #7017
- Removes the Write models from the OpenAPI schema. Brings back the models that were accidentally removed from the OpenAPI schema in 3.4.0 release. #7087
- Views can specify the tag name with pulp_tag_name #6832
- Added GroupProgressReport to track progress in a TaskGroup. #6858
- Exported the symbols serializers.SingleContentArtifactField and files.PulpTemporaryUploadedFile. #7088
- Implemented incremental-exporting for PulpExport. #6136
- Added support for S3 and other non-filesystem storage options to pulp import/export functionality. #6456
- Optimized imports by having repository versions processed using child tasks. #6484
- Added repository type check during Pulp imports. #6532
- Added version checking to import process. #6558
- Taught PulpExport to export by RepositoryVersions if specified. #6566
- Task groups now have an 'all_tasks_dispatched' field which denotes that no more tasks will spawn as part of this group. #6591
- Taught export how to split export-file into chunk_size bytes. #6736
- Remote fields username and password show up in: REST docs, API responses, and are available in the bindings. #6346
- Fixed a bug, where the attempt to cancel a completed task lead to a strange response. #6465
- Fixed KeyError during OpenAPI schema generation. #6468
- Added a missing trailing slash to distribution's base_url #6507
- Fixed a bug where the wrong kind of error was being raised for href parameters of mismatched types. #6521
- containers: Fix pulp_rpm 3.3.0 install by replacing the python3-createrepo_c RPM with its build-dependencies, so createrep_c gets installed & built from PyPI #6523
- Fixed OpenAPI schema for importer and export APIs. #6556
- Normalized export-file-path for PulpExports. #6564
- Changed repository viewset to use the general_update and general_delete tasks. This fixes a bug where updating specialized fields of a repository was impossible due to using the wrong serializer. #6569
- Only uses multipart OpenAPI Schema when dealing with file fields #6702
- Fixed a bug that prevented write_only fields from being present in the API docs and bindings #6775
- Added proper headers for index.html pages served by content app. #6802
- Removed Content-Encoding header from pulpcore-content responses. #6831
- Adding docs for importing and exporting from Pulp to Pulp. #6364
- Add some documentation around TaskGroups. #6641
- Introduced a brief explanation about pulp_installer #6674
- Added a warning that the REST API is not safe for multi-user use until RBAC is implemented. #6692
- Updated the required roles names #6758
- Changed repositories field on
/pulp/api/v3/exporters/core/pulp/from UUIDs to hrefs. #6457 - Imports now spawn child tasks which can be fetched via the
child_tasksfield of the import task. #6484 - Content of ssl certificates and keys changed to be return their full value instead of sha256 through REST API. #6691
- Replaced PulpExport filename/sha256 fields, with output_info_file, a '<filename>': '<hash>' dictionary. #6736
- Added new NoArtifactContentUploadSerializer and NoArtifactContentUploadViewSet to enable plugin writers to upload content without storing an Artifact #6281
- Added view_name_pattern to DetailRelatedField and DetailIdentityField to properly identify wrong resource types. #6521
- Added support for Distributions to provide non-Artifact content via a content_handler. #6570
- Added constants to the plugin API at
pulpcore.plugin.constants. #6579 - TaskGroups now have an 'all_tasks_dispatched' field that can be used to notify systems that no further tasks will be dispatched for a TaskGroup. Plugin writers should call ".finish()" on all TaskGroups created once they are done using them to set this field. #6591
- Added
RemoteFilterto the plugin API as it was missing but used by plugin_template. #6563
- Fields: username and password will be returned to the rest API user requesting a Remote #6346
- Rehomed QueryModelResource to pulpcore.plugin.importexport. #6514
- The :meth:`pulpcore.content.handler.Handler.list_directory` function now returns a set of strings where it returned a string of HTML before. #6570
- Fixed partial and general update calls for SecretCharField on the Remote. #6565
- Fixed bug where
TaskGroupwas showing up as null forcreated_resourcesin tasks. #6573
- Add TaskGroup to the plugin API. #6603
- Added support for repairing a RepositoryVersion by redownloading corrupted artifact files.
Sending a POST request to
/pulp/api/v3/repositories/<plugin>/<type>/<repository-uuid>/versions/<version-number>/repair/will trigger a task that scans all associated artfacts and attempts to fetch missing or corrupted ones again. #5613 - Added support for exporting pulp-repo-versions. POSTing to an exporter using the
/pulp/api/v3/exporters/core/pulp/<exporter-uuid>/exports/API will instantiate a PulpExport entity, which will generate an export-tar.gz file at<exporter.path>/export-<export-uuid>-YYYYMMDD_hhMM.tar.gz#6135 - Added API for importing Pulp Exports at
POST /importers/core/pulp/<uuid>/imports/. #6137 - Added the new setting CHUNKED_UPLOAD_DIR for configuring a default directory used for uploads #6253
- Exported SigningService in plugin api #6256
- Added name filter for SigningService #6257
- Relationships between tasks that spawn other tasks will be shown in the Task API. #6282
- Added a new APIs for PulpExporters and Exports at
/exporters/core/pulp/and/exporters/core/pulp/<uuid>/exports/. #6328 - Added PulpImporter API at
/pulp/api/v3/importers/core/pulp/. PulpImporters are used for importing exports from Pulp. #6329 - Added an
ALLOWED_EXPORT_PATHSsetting with list of filesystem locations that exporters can export to. #6335 - Indroduced ordering keyword, which orders the results by specified field. Pulp objects will by default be ordered by pulp_created if that field exists. #6347
- Task Groups added -- Plugin writers can spawn tasks as part of a "task group", which facilitates easier monitoring of related tasks. #6414
- Improved the overall performance while syncing very large repositories #6121
- Made chunked uploads to be stored in a local file system instead of a default file storage #6253
- Fixed 500 error when calling modify on nonexistent repo. #6284
- Fixed bug where user could delete repository version 0 but not recreate it by preventing users from deleting repo version 0. #6308
- Fixed non unique content units on content list #6347
- Properly sort endpoints during generation of the OpenAPI schema. #6372
- Improved resync performance by up to 2x with a change to the content stages. #6373
- Fixed bug where 'secret' fields would be set to the sha256 checksum of the original value. #6402
- Fixed pulp containers not allowing commands to be run via absolute path. #6420
- Documented bindings installation for a dev environment #6221
- Added documentation for how to write changelog messages. #6336
- Cleared up a line in the database settings documentation that was ambiguous. #6384
- Updated docs to reflect that S3/Azure are supported and no longer tech preview. #6443
- Added tech preview note to docs for importers/exporters. #6454
- Renamed ansible-pulp to pulp_installer (to avoid confusion with pulp-ansible) #6461
- Fixed missing terms in documentation. #6485
- Changing STATIC_URL from /static/ to /assets/ for avoiding conflicts #6128
- Exporting now requires the configuration of the
ALLOWED_EXPORT_PATHSsetting. Without this configuration, Pulp will not export content to the filesystem. #6335
- Tasks can now be spawned from inside other tasks, and these relationships can be explored via the "parent_task" field and "child_tasks" related name on the Task model. #6282
- Added a new Export model, serializer, and viewset. #6328
- Added models Import and Importer (as well as serializers and viewsets) that can be used for importing data into Pulp. #6329
- NamedModelViewSet uses a default ordering of -pulp_created using the StableOrderingFilter. Users using the ordering keyword will be the primary ordering used when specified. #6347
- Added two new repo validation methods (validate_repo_version and validate_duplicate_content). #6362
- enqueue_with_reservation() provides a new optional argument for "task_group". #6414
- Fixed bug where RepositoryVersion.artifacts returns None. #6439
- Add plugin writer docs on adding MANIFEST.in entry to include
webserver_snippetsin the Python package. #6249 - Updated the metadata signing plugin writers documentation. #6342
- Changed master model from FileSystemExporter to Exporter. Plugins will still need to extend FileSystemExporter but the master table is now core_exporter. This will require that plugins drop and recreate their filesystem exporter tables. #6328
- RepositoryVersion add_content no longer checks for duplicate content. #6362
No significant changes.
- Added a
pulpcore-managerscript that isdjango-adminonly configured withDJANGO_SETTINGS_MODULE="pulpcore.app.settings". This can be used for things like applying database migrations or collecting static media. #5859 - Resolve DNS faster with aiodns #6190
- Considering base version when removing duplicates #5964
- Renames /var/lib/pulp/static/ to /var/lib/pulp/assets/. #5995
- Disabled the trimming of leading and trailing whitespace characters which led to a situation where a hash of a certificate computed in Pulp was not equal to a hash generated locally #6025
- Repository.latest_version() considering deleted versions #6147
- Stopped HttpDownloader sending basic auth credentials to redirect location if domains don't match. #6227
- Updated docs to suggest to use
pulpcore-managercommand instead ofdjango-admindirectly. #5859
- Renaming Repository.last_version to Repository.next_version #6147
- Adding not equal lookup to model field filters. #5868
- Adds plugin writer docs on adding custom url routes and having the installer configure the reverse proxy to route them. #6209
- Content with duplicate repo_key_fields raises an error #5567
- Resolve content app errors
django.db.utils.InterfaceError: connection already closed. #6045 - Fix a bug that could cause an inability to detect an invalid signing script during the validation #6077
- Fixing broken S3 redirect #6154
- Pin idna==2.8` to avoid a version conflict caused by the idna 2.9 release. #6169
- A new method
_reset_db_connectionhas been added tocontent.Handler. It can be called before accessing the db to ensure that the db connection is alive. #6045
- Allow administrators to add a signing service #5943
- Adds
pulpcore.app.authentication.PulpDoNotCreateUsersRemoteUserBackendwhich can be used to verify authentication in the webserver, but will not automatically create users likedjango.contrib.auth.backends.RemoteUserBackenddoes. #5949 - Allow Azure blob storage to be used as DEFAULT_FILE_STORAGE for Pulp #5954
- Allow to filter publications by
repository_versionandpulp_created#5968 - Adds the
ALLOWED_IMPORT_PATHSsetting which can specify the file path prefix thatfile:///remote paths can import from. #5974 - Allow the same artifact to be published at multiple relative paths in the same publication. #6037
- Files stored on S3 and Azure now download with the correct filename. #4733
- Adds operation_summary to the OpenAPI schema definition of repository modify operation #6002
- Temporarily pinned redis-py version to avoid a task locking issue. #6038
- Rewrote the Authentication page for more clarity on how to configure Pulp's authentication. #5949
- Removed the
django.contrib.auth.backends.RemoteUserBackendas a default configured backend insettings.AUTHENTICATION_BACKENDS. Also removedpulpcore.app.authentication.PulpRemoteUserAuthenticationfrom the DRF configuration ofDEFAULT_AUTHENTICATION_CLASSES. #5949 - Importing from file:/// now requires the configuration of the
ALLOWED_IMPORT_PATHSsetting. Without this configuration, Pulp will not import content fromfile:///locations correctly. #5974
- Allow awaiting for resolution on DeclarativeContent. #5668
- Add a previous() method to RepositoryVersion. #5734
- Enable plugin writers to sign selected content with signing scripts provided by administrators #5946
- Add a batching content iterator
content_batch_qs()toRepositoryVersion. #6024
The
`Handler._handle_file_response` has been removed. It was renamed to ``_serve_content_artifactand has the following signature:def _serve_content_artifact(self, content_artifact, headers):
Remove get_or_create_future and does_batch from DeclarativeContent. Replaced by awaiting for resolution on the DeclarativeContent itself. #5668
- Fix bug where content shows as being added and removed in the same version. #5707
- Fix bug where calling Repository new_version() outside of task raises exception. #5894
- Adjusts setup.py classifier to show 3.0 as Production/Stable. #5896
- Importing from file:/// paths no longer destroys the source repository. #5941
- Webserver auth no longer prompts for csrf incorrectly. #5955
- Removed
pulpcore.app.middleware.PulpRemoteUserMiddlewarefrom the default middleware section. Also replacedrest_framework.authentication.RemoteUserAuthenticationwithpulpcore.app.authentication.PulpRemoteUserAuthenticationin the Django Rest Framework portion of the config. #5955
- Added an optional parameter base_version to RepositoryVersion add() and removed() methods. #5706
- Saving an Artifact from a source that is outside of settings.MEDIA_ROOT will copy the file instead of moving the file as it did in previous versions. This causes data imported from file:/// sources to be left in tact. #5941
Note
Task names, e.g. pulpcore.app.tasks.orphan.orphan_cleanup, are subject to change in future
releases 3.y releases. These are represented in the Task API as the "name" attribute. Please
check future release notes to see when these names will be considered stable. Otherwise, the
REST API pulpcore provides is considered semantically versioned.
- Pulp will do validation that a new repository version contains only content which is supported by the Repository type. Using the same a-priori knowledge of content types, increase performance of duplicate removal. #5701
- Improve speed and memory performance. #5688
- Fix an incorrect license claim in the docs. Pulp is GPLv2+. #4592
- Labeling 3.0 features as tech preview. #5563
- Simplified docs index page. #5714
- Add text to Promotion page. #5721
- Fixes and updates to the glossry page. #5726
- Added a new required field called CONTENT_TYPES to the Repository model. #5701