[Pulp-dev] [pulp 3] mutable Artifacts are too complicated

[Dennis Kliban]

As I was writing code that performs validation for Artifacts I realized how
complex the validation gets when we allow users to create Artifacts and
then update them in the future, but only one time.

The upload REST API becomes strange also:

1. Artifact with sha256 hash 123456 is created without a file (deferred
download)
2. User performs a POST to /api/v3/artifacts/ with an Artifact that has
sha256 hash 123456 and gets a 400 response saying that the artifact already
exists and can be updated by performing a PUT on the Artifact resource.
3. User performs PUT on Artifact with sha256 123456 and includes a file.
The file is uploaded and Artifact is now storing a path to the file.
4. User performs another PUT on the file to update it again and receives a
400 response saying the Artifact cannot be modified.

or

1. Artifact with sha256 hash 123456 is created without a file (deferred
download)
2. User performs a POST to /api/v3/artifacts/ with an Artifact that has
sha256 hash 123456 and gets a 201 response saying the Artifact was created.
      - This is very misleading because the Artifact already existed


Neither of these scenarios is appealing to me. The REST API would be
simplified if we made Artifacts immutable. Either a plugin creates an
Artifact once or an Artifact is created using the REST API. After that it
can only be retrieved or deleted.

Any information, such as expected size and checksum should be stored in a
separate table - together with the URL of the remote artifact. We could
call it RemoteArtifact.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20170720/209dced3/attachment.htm>