Re: [Pulp-list] pulp-rpm-client 3.15.0
Since the client_key is write_only, the only solution currently would be to update the client_key with your entitlement cert. You could do this instead of checking the client_key, or every time before sync or when you hit a 403. I imagine that these solutions may not suffice for you though. In which case, can you file a feature request and we can look at possible solutions? https://pulp.plan.io/projects/pulp/issues/new David On Thu, Sep 9, 2021 at 1:36 PM Bin Li (BLOOMBERG/ 120 PARK) < [email protected]> wrote: > It makes sense to make it private. Redhat subscription manager frequent > updated the entitlement cert. We don't know if the client_key in pulp is > valid until we get the 403 error. We'd like update the key automatically. > Is there an alternative way to compare the client key so we always have a > valid key? > > From: [email protected] At: 09/09/21 12:56:46 UTC-4:00 > To: Bin Li (BLOOMBERG/ 120 PARK ) > Cc: [email protected] > Subject: Re: [Pulp-list] pulp-rpm-client 3.15.0 > > The remote fields client_key, username, and password became no longer > readable in pulp 3.11. You can still set/update them but we considered > exposing them in the API as a security vulnerability. > > https://docs.pulpproject.org/pulpcore/changes.html#id330 > https://pulp.plan.io/issues/8202 > > David > > > On Thu, Sep 9, 2021 at 12:42 PM Bin Li (BLOOMBERG/ 120 PARK) < > [email protected]> wrote: > >> We are using pulpcore.client.pulp_rpm to query pulp remote objects to >> compare the client_key to make sure we always have valid entitlement in >> pulp. We current running 3.7.3 >> >> After we upgraded to 3.15.2 and installed pulp-rpm-client 3.15.0. We got >> the following error >> AttributeError: 'RpmRpmRemoteResponse' object has no attribute >> 'client_key'. >> >> Should the 'RpmRpmRemoteResponse' has client_key attribute as previous >> releases? >> >> >> class RpmRpmRemoteResponse(builtins.object) >> | RpmRpmRemoteResponse(pulp_href=None, pulp_created=None, name=None, >> url=None, ca_cert=None, client_cert=None, tls_validation=None, >> proxy_url=None, pulp_labels=None, pulp_last_updated=None, >> download_concurrency=None, max_retries=None, policy=None, >> total_timeout=None, connect_timeout=None, sock_connect_timeout=None, >> sock_read_timeout=None, headers=None, rate_limit=None, >> sles_auth_token=None, local_vars_configuration=None) >> >> >> class RpmRpmRemote(builtins.object) >> | RpmRpmRemote(name=None, url=None, ca_cert=None, client_cert=None, >> client_key=None, tls_validation=None, proxy_url=None, proxy_username=None, >> proxy_password=None, username=None, password=None, pulp_labels=None, >> download_concurrency=None, max_retries=None, policy=None, >> total_timeout=None, connect_timeout=None, sock_connect_timeout=None, >> sock_read_timeout=None, headers=None, rate_limit=None, >> sles_auth_token=None, local_vars_configuration=None) >> >> >> >> ___ >> Pulp-list mailing list >> [email protected] >> https://listman.redhat.com/mailman/listinfo/pulp-list > > > ___ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
Re: [Pulp-list] pulp-rpm-client 3.15.0
It makes sense to make it private. Redhat subscription manager frequent updated the entitlement cert. We don't know if the client_key in pulp is valid until we get the 403 error. We'd like update the key automatically. Is there an alternative way to compare the client key so we always have a valid key? From: [email protected] At: 09/09/21 12:56:46 UTC-4:00To: Bin Li (BLOOMBERG/ 120 PARK ) Cc: [email protected] Subject: Re: [Pulp-list] pulp-rpm-client 3.15.0 The remote fields client_key, username, and password became no longer readable in pulp 3.11. You can still set/update them but we considered exposing them in the API as a security vulnerability. https://docs.pulpproject.org/pulpcore/changes.html#id330 https://pulp.plan.io/issues/8202 David On Thu, Sep 9, 2021 at 12:42 PM Bin Li (BLOOMBERG/ 120 PARK) wrote: We are using pulpcore.client.pulp_rpm to query pulp remote objects to compare the client_key to make sure we always have valid entitlement in pulp. We current running 3.7.3 After we upgraded to 3.15.2 and installed pulp-rpm-client 3.15.0. We got the following error AttributeError: 'RpmRpmRemoteResponse' object has no attribute 'client_key'. Should the 'RpmRpmRemoteResponse' has client_key attribute as previous releases? class RpmRpmRemoteResponse(builtins.object) | RpmRpmRemoteResponse(pulp_href=None, pulp_created=None, name=None, url=None, ca_cert=None, client_cert=None, tls_validation=None, proxy_url=None, pulp_labels=None, pulp_last_updated=None, download_concurrency=None, max_retries=None, policy=None, total_timeout=None, connect_timeout=None, sock_connect_timeout=None, sock_read_timeout=None, headers=None, rate_limit=None, sles_auth_token=None, local_vars_configuration=None) class RpmRpmRemote(builtins.object) | RpmRpmRemote(name=None, url=None, ca_cert=None, client_cert=None, client_key=None, tls_validation=None, proxy_url=None, proxy_username=None, proxy_password=None, username=None, password=None, pulp_labels=None, download_concurrency=None, max_retries=None, policy=None, total_timeout=None, connect_timeout=None, sock_connect_timeout=None, sock_read_timeout=None, headers=None, rate_limit=None, sles_auth_token=None, local_vars_configuration=None) ___ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list ___ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
Re: [Pulp-list] pulp-rpm-client 3.15.0
The remote fields client_key, username, and password became no longer readable in pulp 3.11. You can still set/update them but we considered exposing them in the API as a security vulnerability. https://docs.pulpproject.org/pulpcore/changes.html#id330 https://pulp.plan.io/issues/8202 David On Thu, Sep 9, 2021 at 12:42 PM Bin Li (BLOOMBERG/ 120 PARK) < [email protected]> wrote: > We are using pulpcore.client.pulp_rpm to query pulp remote objects to > compare the client_key to make sure we always have valid entitlement in > pulp. We current running 3.7.3 > > After we upgraded to 3.15.2 and installed pulp-rpm-client 3.15.0. We got > the following error > AttributeError: 'RpmRpmRemoteResponse' object has no attribute > 'client_key'. > > Should the 'RpmRpmRemoteResponse' has client_key attribute as previous > releases? > > > class RpmRpmRemoteResponse(builtins.object) > | RpmRpmRemoteResponse(pulp_href=None, pulp_created=None, name=None, > url=None, ca_cert=None, client_cert=None, tls_validation=None, > proxy_url=None, pulp_labels=None, pulp_last_updated=None, > download_concurrency=None, max_retries=None, policy=None, > total_timeout=None, connect_timeout=None, sock_connect_timeout=None, > sock_read_timeout=None, headers=None, rate_limit=None, > sles_auth_token=None, local_vars_configuration=None) > > > class RpmRpmRemote(builtins.object) > | RpmRpmRemote(name=None, url=None, ca_cert=None, client_cert=None, > client_key=None, tls_validation=None, proxy_url=None, proxy_username=None, > proxy_password=None, username=None, password=None, pulp_labels=None, > download_concurrency=None, max_retries=None, policy=None, > total_timeout=None, connect_timeout=None, sock_connect_timeout=None, > sock_read_timeout=None, headers=None, rate_limit=None, > sles_auth_token=None, local_vars_configuration=None) > > > > ___ > Pulp-list mailing list > [email protected] > https://listman.redhat.com/mailman/listinfo/pulp-list ___ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
[Pulp-list] pulp-rpm-client 3.15.0
We are using pulpcore.client.pulp_rpm to query pulp remote objects to compare the client_key to make sure we always have valid entitlement in pulp. We current running 3.7.3 After we upgraded to 3.15.2 and installed pulp-rpm-client 3.15.0. We got the following error AttributeError: 'RpmRpmRemoteResponse' object has no attribute 'client_key'. Should the 'RpmRpmRemoteResponse' has client_key attribute as previous releases? class RpmRpmRemoteResponse(builtins.object) | RpmRpmRemoteResponse(pulp_href=None, pulp_created=None, name=None, url=None, ca_cert=None, client_cert=None, tls_validation=None, proxy_url=None, pulp_labels=None, pulp_last_updated=None, download_concurrency=None, max_retries=None, policy=None, total_timeout=None, connect_timeout=None, sock_connect_timeout=None, sock_read_timeout=None, headers=None, rate_limit=None, sles_auth_token=None, local_vars_configuration=None) class RpmRpmRemote(builtins.object) | RpmRpmRemote(name=None, url=None, ca_cert=None, client_cert=None, client_key=None, tls_validation=None, proxy_url=None, proxy_username=None, proxy_password=None, username=None, password=None, pulp_labels=None, download_concurrency=None, max_retries=None, policy=None, total_timeout=None, connect_timeout=None, sock_connect_timeout=None, sock_read_timeout=None, headers=None, rate_limit=None, sles_auth_token=None, local_vars_configuration=None) ___ Pulp-list mailing list [email protected] https://listman.redhat.com/mailman/listinfo/pulp-list
