From 9361aa3f6da5ae9c0bfd9aaa04fcde4c7d92bc54 Mon Sep 17 00:00:00 2001 From: Ian Ballou Date: Fri, 13 Dec 2024 21:13:28 +0000 Subject: [PATCH] Fixes #38103 - disallow direct container tar uploads --- .../katello/api/v2/content_uploads_controller.rb | 1 + lib/katello/repository_types/docker.rb | 1 - test/controllers/api/v2/content_uploads_controller_test.rb | 7 +++++++ test/controllers/api/v2/repositories_controller_test.rb | 4 ++-- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/app/controllers/katello/api/v2/content_uploads_controller.rb b/app/controllers/katello/api/v2/content_uploads_controller.rb index d28e457c7ce..920025f2336 100644 --- a/app/controllers/katello/api/v2/content_uploads_controller.rb +++ b/app/controllers/katello/api/v2/content_uploads_controller.rb @@ -15,6 +15,7 @@ class Api::V2::ContentUploadsController < Api::V2::ApiController param :content_type, RepositoryTypeManager.uploadable_content_types(false).map(&:label), :required => false, :desc => N_("content type ('deb', 'docker_manifest', 'file', 'ostree_ref', 'rpm', 'srpm')") def create fail Katello::Errors::InvalidRepositoryContent, _("Cannot upload Ansible collections.") if @repository.ansible_collection? + fail Katello::Errors::InvalidRepositoryContent, _("Cannot upload container content via Hammer/API. Use podman push instead.") if @repository.docker? content_type = params[:content_type] || ::Katello::RepositoryTypeManager.find(@repository.content_type)&.default_managed_content_type&.label RepositoryTypeManager.check_content_matches_repo_type!(@repository, content_type) if ::Katello::RepositoryTypeManager.generic_content_type?(content_type) diff --git a/lib/katello/repository_types/docker.rb b/lib/katello/repository_types/docker.rb index 2cfc69629d9..b73a3c33cba 100644 --- a/lib/katello/repository_types/docker.rb +++ b/lib/katello/repository_types/docker.rb @@ -27,7 +27,6 @@ :priority => 1, :pulp3_service_class => ::Katello::Pulp3::DockerManifest, :removable => true, - :uploadable => true, :primary_content => true content_type Katello::DockerManifestList, :priority => 2, diff --git a/test/controllers/api/v2/content_uploads_controller_test.rb b/test/controllers/api/v2/content_uploads_controller_test.rb index 171571c8033..f917920272e 100644 --- a/test/controllers/api/v2/content_uploads_controller_test.rb +++ b/test/controllers/api/v2/content_uploads_controller_test.rb @@ -46,6 +46,13 @@ def test_create_generic_upload_request assert_response :success end + def test_create_container_upload_request + container_repo = katello_repositories(:busybox) + post :create, params: { :repository_id => container_repo.id, :size => 100, :checksum => 'test_checksum2' } + assert_response :error + assert_match 'Cannot upload container content via Hammer/API. Use podman push instead.', @response.body + end + def test_create_collection_upload_request ansible_collection_repo = katello_repositories(:pulp3_ansible_collection_1) post :create, params: { :repository_id => ansible_collection_repo.id, :size => 100, :checksum => 'test_checksum' } diff --git a/test/controllers/api/v2/repositories_controller_test.rb b/test/controllers/api/v2/repositories_controller_test.rb index 430838cf9f8..7c704194b59 100644 --- a/test/controllers/api/v2/repositories_controller_test.rb +++ b/test/controllers/api/v2/repositories_controller_test.rb @@ -929,8 +929,8 @@ def test_upload_content_bad_type post :upload_content, params: { :id => @repository.id, :content_type => 'cheese' } assert_response 422 - response = "{\"displayMessage\":\"Invalid params provided - content_type must be one of deb,docker_manifest,file,ostree_ref,python_package,rpm,srpm\"," \ - "\"errors\":[\"Invalid params provided - content_type must be one of deb,docker_manifest,file,ostree_ref,python_package,rpm,srpm\"]}" + response = "{\"displayMessage\":\"Invalid params provided - content_type must be one of deb,file,ostree_ref,python_package,rpm,srpm\"," \ + "\"errors\":[\"Invalid params provided - content_type must be one of deb,file,ostree_ref,python_package,rpm,srpm\"]}" assert_match response, @response.body end