[Pulp-dev] Name uniqueness problem in Pulp 3 REST API

Tue Jul 21 15:37:22 UTC 2020

On Tue, Jul 21, 2020 at 11:22 AM Brian Bouterse <bmbouter at redhat.com> wrote:

> I'm concerned if we don't make a change, here's the user experience I'm
> worried about.
>
> 1. User A creates repo 'rhel7'
> 2. user B can't see repo 'rhel7' because of queryset scoping
> 3. user B goes to create 'rhel7'
> 4. user B is told 'rhel7' already exists
>
> Users should be able to use simple names. I don't know what the answer is
> to the import/export implementation conflict, but let's brainstorm some.
> For the benefit of our users, I don't think that implementation should
> interfere with this basic use.
>

User B creates rhel7 because they're not allowed to see User A's rhel7.
User B has a role added. Now User B gets to see two rhel7s.

> Side note: from early on in Pulp3, pk's not names have been the primary
> identifier. I'm unclear on how we got away from that.
>

I'm a little confused - unique=True and unique_together=() are in a fair
number of models, in pulpcore and pulp_rpm.  Artifacts are identified by
hash, so we don't duplicate them. Do different users get to upload the same
Artifact, just because their RBAC roles are different?

One thing that maybe we need to think about - is RBAC in pulp about
"mutiple logins for users controlled by one
entity/organization/admin/company that 'owns' the pulp instance", or does
it include "multiple organizations that should never know the others'
users/content exists"? The first is multi-user, the second I've seen
described as multi-*tenant*, and feels like more the usecase you're
concerned about. in my head, a single pulp-instance might be multi-user,
but *not* multi-tenant - mayhap that's wrong.

G

>
>
> On Tue, Jul 21, 2020 at 9:03 AM Matthias Dellweg <mdellweg at redhat.com>
> wrote:
>
>> I always understood the "lifting the uniqueness" as allowing to have
>> the same name used for different resource types. So the new
>> natrual_key (aka unique_together) would be ["name", "type"].
>>
>> On Tue, Jul 21, 2020 at 2:55 PM David Davis <daviddavis at redhat.com>
>> wrote:
>> >
>> > Agreed.
>> >
>> > David
>> >
>> >
>> > On Tue, Jul 21, 2020 at 8:42 AM Grant Gainey <ggainey at redhat.com>
>> wrote:
>> >>
>> >> On Tue, Jul 21, 2020 at 8:14 AM Dennis Kliban <dkliban at redhat.com>
>> wrote:
>> >>>
>> >>> Does anyone else have an opinion? If not, I am going to start by
>> writing a task to remove this name uniqueness constraint for repositories.
>> >>
>> >>
>> >> Import/export relies on non-pulp_id-uniqueness to identify Things. I
>> was assuming we were talking about adding pulp_type to the Repository
>> uniqueness-constraint, so that a given name/type would be unique (which
>> would require a single change to RepositoryResource)
>> >>
>> >> If we're talking about just removing the uniqueness-constraint
>> altogether, then life gets a lot harder.
>> >>
>> >> G
>> >> --
>> >> Grant Gainey
>> >> Principal Software Engineer, Red Hat System Management Engineering
>> >> _______________________________________________
>> >> Pulp-dev mailing list
>> >> Pulp-dev at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/pulp-dev
>> >
>> > _______________________________________________
>> > Pulp-dev mailing list
>> > Pulp-dev at redhat.com
>> > https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>>
>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>
>> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>

-- 
Grant Gainey
Principal Software Engineer, Red Hat System Management Engineering
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20200721/442556f3/attachment.htm>