Since the client_key is write_only, the only solution currently would be to update the client_key with your entitlement cert. You could do this instead of checking the client_key, or every time before sync or when you hit a 403.
I imagine that these solutions may not suffice for you though. In which case, can you file a feature request and we can look at possible solutions? https://pulp.plan.io/projects/pulp/issues/new David On Thu, Sep 9, 2021 at 1:36 PM Bin Li (BLOOMBERG/ 120 PARK) < [email protected]> wrote: > It makes sense to make it private. Redhat subscription manager frequent > updated the entitlement cert. We don't know if the client_key in pulp is > valid until we get the 403 error. We'd like update the key automatically. > Is there an alternative way to compare the client key so we always have a > valid key? > > From: [email protected] At: 09/09/21 12:56:46 UTC-4:00 > To: Bin Li (BLOOMBERG/ 120 PARK ) <[email protected]> > Cc: [email protected] > Subject: Re: [Pulp-list] pulp-rpm-client 3.15.0 > > The remote fields client_key, username, and password became no longer > readable in pulp 3.11. You can still set/update them but we considered > exposing them in the API as a security vulnerability. > > https://docs.pulpproject.org/pulpcore/changes.html#id330 > https://pulp.plan.io/issues/8202 > > David > > > On Thu, Sep 9, 2021 at 12:42 PM Bin Li (BLOOMBERG/ 120 PARK) < > [email protected]> wrote: > >> We are using pulpcore.client.pulp_rpm to query pulp remote objects to >> compare the client_key to make sure we always have valid entitlement in >> pulp. We current running 3.7.3 >> >> After we upgraded to 3.15.2 and installed pulp-rpm-client 3.15.0. We got >> the following error >> AttributeError: 'RpmRpmRemoteResponse' object has no attribute >> 'client_key'. >> >> Should the 'RpmRpmRemoteResponse' has client_key attribute as previous >> releases? >> >> >> class RpmRpmRemoteResponse(builtins.object) >> | RpmRpmRemoteResponse(pulp_href=None, pulp_created=None, name=None, >> url=None, ca_cert=None, client_cert=None, tls_validation=None, >> proxy_url=None, pulp_labels=None, pulp_last_updated=None, >> download_concurrency=None, max_retries=None, policy=None, >> total_timeout=None, connect_timeout=None, sock_connect_timeout=None, >> sock_read_timeout=None, headers=None, rate_limit=None, >> sles_auth_token=None, local_vars_configuration=None) >> >> >> class RpmRpmRemote(builtins.object) >> | RpmRpmRemote(name=None, url=None, ca_cert=None, client_cert=None, >> client_key=None, tls_validation=None, proxy_url=None, proxy_username=None, >> proxy_password=None, username=None, password=None, pulp_labels=None, >> download_concurrency=None, max_retries=None, policy=None, >> total_timeout=None, connect_timeout=None, sock_connect_timeout=None, >> sock_read_timeout=None, headers=None, rate_limit=None, >> sles_auth_token=None, local_vars_configuration=None) >> >> >> >> _______________________________________________ >> Pulp-list mailing list >> [email protected] >> https://listman.redhat.com/mailman/listinfo/pulp-list > > >
_______________________________________________ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
