Pulp 3.10 is now Generally Available!
We are happy to announce the release of Pulpcore 3.10!
Let’s take a look at some of the main features of this release. For a list of bug fixes, see the changelog
Pre-validation import parameters
A synchronous import-check command has been added to validate a number of possible causes of import/export failure. This command does not do tests that require database access or long-running tasks such as verifying checksums. All parameters are optional. #7549
For more information, check out the Pulp Import and Export workflow documentation.
Update to the default Pulp deployment layout
MEDIA_ROOT is now its own directory. This change has the advantage of limiting the file permissions and the SELinux file contexts in a shared Pulp 2 and Pulp 3 deployment. This also adds compatibility with the django_extensions' unreferenced_files command, which lists all files in MEDIA_ROOT that are not in the database.
Other paths are kept on the same absolute paths.
The settings and logging documentation has been updated to reflect these changes. #7178
New generic list endpoint
This release includes new endpoints that you can use to list all Content, ContentGuards, and Repositories. #7204
Update to the SigningService
A new public_key field has been added to the SigningService. This field preserves the value of the public key. A new pubkey_fingerprint field was introduced as well, which identifies the
public key. #7700
As a result of this, the following deprecation notice has been added for this release:
The public key needs to be specified during the new instance creation.
Other ways of providing the public key are considered deprecated as of the release.
New name filtering options
In previous versions, you could only query the API to search for exact names. With this release, new querying parameters have been added, such as name__icontains, name__contains, and name__startswith, to make searching for objects easier. #8094
New filter capability for user and group endpoints
You can now filter lists of users and groups. #7975
The users endpoint now has the following filter options:
fields = {
"username": ["exact", "iexact", "in", "contains", "icontains"],
"first_name": ["exact", "iexact", "in", "contains", "icontains"],
"last_name": ["exact", "iexact", "in", "contains", "icontains"],
"email": ["exact", "iexact", "in", "contains", "icontains"],
"is_active": ["exact"],
"is_staff": ["exact"],
}
The group endpoint now has the following filter options:
fields = {
"id": ["exact", "in"],
"name": ["exact", "iexact", "in", "contains", "icontains"],
}
Add your own labels to objects
With the addition of the pulp_labels field, you can create labels to add your own key/data for your resources in Pulp. You can also modify and remove these labels if needed.
The pulp_label_select filter was added so that you can now filter by the labels you assign.
The Label and LabelSerializer have also been added to the Plugin API. #8065
For more information, see the Labels documentation.
New optional Header field added for aiohttp ClientSession
You now have the option to specify headers in aiohttp ClientSession. Headers must be provided as a dictionary or a JSON field. You can set headers for an entire client session or per request. #8083
RBAC
There have been a number of features added that relate to the ongoing effort to add role based access control (RBAC) functionality to Pulp.
- Users with view group permissions can view groups. #8159
- Users with change group permissions can modify groups. 8160
- Authenticated users can create and view artifacts. #8193
- Filtering has been added for access policies. #8189
New AccessPolicy.customized field.
The AccessPolicy.customized field is a read-only field that defaults to False.
If True, this indicates that the user has modified the default access policy. #8182
This will be useful for:
- Users to see how a system’s RBAC has been modified
- Plugin writers who want to ship changes or bugfixes to default policies they previously shipped and don’t want to overwrite a user’s custom policy.
Mandatory version attributes for plugins
Plugins are required to define a version attribute on their subclass of PulpPluginAppConfig. Starting with pulpcore==3.10, if the version attribute is undefined while Pulp loads, Pulp will refuse to start. #7930
New Plugin API features
- You can use the
rate_limitoption to specify the rate limit, in seconds, for a remote. #7965 DistributionFilteris now accessible to plugin writers. #8059LabelandLabelSerializerare now available in the Plugin API. #8065LabelSelectFilterhas been added to filter resources by labels. #8067- The
NAME_FILTER_OPTIONShas been added to the Plugin API to gain more consistency across plugins when filtering by name or similar CharFields. #8117 - A
ReadOnlyRepositoryViewsethas been added to the plugin API. This allows only aGETmethod to be used on a repository type that is not managed by the user. #8103 - The
has_repo_attr_obj_permsandhas_repo_attr_model_or_obj_permschecks have been added to the list of global access checks that are available for all plugins to use. #8161
Removals
The default permission class changed from IsAuthenticated to IsAdminUser. Any endpoints that should be accessible by all known to the system users need to specify the permission_classes accordingly #8018
As part of #7908 in the Pulpcore 3.9 release, UnsupportedDigestValidationError was added to pulpcore.plugin.exceptions but still accessible via pulpcore.plugin.models. With this release UnsupportedDigestValidationError has been removed from pulpcore.plugin.models and exists only in pulpcore.plugin.exceptions.
Deprecations
As part of the changes mentioned above around the SigningService, access to the path of the public key of a signing service was deprecated. The value of the public key is now expected to be saved in the model instance as SigningService.public_key. 7700
The pulpcore.plugin.storage.get_plugin_storage_path() method has been present for some time but is not used anywhere. It is now deprecated. #7935