Add RBAC and domain support

fixes #154

.github/workflows/scripts/install.sh

@@ -88,7 +88,7 @@ if [ "$TEST" = "s3" ]; then
   sed -i -e '$a s3_test: true\
 minio_access_key: "'$MINIO_ACCESS_KEY'"\
 minio_secret_key: "'$MINIO_SECRET_KEY'"\
-pulp_scenario_settings: {"allowed_content_checksums": ["md5", "sha224", "sha256", "sha384", "sha512"]}\
+pulp_scenario_settings: {"allowed_content_checksums": ["md5", "sha224", "sha256", "sha384", "sha512"], "domain_enabled": true}\
 pulp_scenario_env: {}\
 ' vars/main.yaml
   export PULP_API_ROOT="/rerouted/djnd/"

CHANGES/154.feature

@@ -0,0 +1 @@
+Added support for RBAC and domains.

pulp_gem/app/__init__.py

@@ -8,3 +8,4 @@ class PulpGemPluginAppConfig(PulpPluginAppConfig):
     label = "gem"
     version = "0.4.0.dev"
     python_package_name = "pulp-gem"
+    domain_compatible = True

pulp_gem/app/migrations/0012_alter_gemdistribution_options_and_more.py

@@ -0,0 +1,69 @@
+# Generated by Django 4.2.4 on 2023-10-04 10:25
+
+from django.db import migrations, models
+import django.db.models.deletion
+import pulpcore.app.util
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0110_apiappstatus"),
+        ("gem", "0011_alter_gemcontent_platform"),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name="gemdistribution",
+            options={
+                "default_related_name": "%(app_label)s_%(model_name)s",
+                "permissions": [
+                    ("manage_roles_gemdistribution", "Can manage roles on gem distributions")
+                ],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="gempublication",
+            options={
+                "default_related_name": "%(app_label)s_%(model_name)s",
+                "permissions": [
+                    ("manage_roles_gempublication", "Can manage roles on gem publications")
+                ],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="gemremote",
+            options={
+                "default_related_name": "%(app_label)s_%(model_name)s",
+                "permissions": [("manage_roles_gemremote", "Can manage roles on gem remotes")],
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="gemrepository",
+            options={
+                "default_related_name": "%(app_label)s_%(model_name)s",
+                "permissions": [
+                    ("sync_gemrepository", "Can start a sync task"),
+                    ("modify_gemrepository", "Can modify content of the repository"),
+                    ("manage_roles_gemrepository", "Can manage roles on gem repositories"),
+                    ("repair_gemrepository", "Can repair repository versions"),
+                ],
+            },
+        ),
+        migrations.AlterUniqueTogether(
+            name="gemcontent",
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name="gemcontent",
+            name="_pulp_domain",
+            field=models.ForeignKey(
+                default=pulpcore.app.util.get_domain_pk,
+                on_delete=django.db.models.deletion.PROTECT,
+                to="core.domain",
+            ),
+        ),
+        migrations.AlterUniqueTogether(
+            name="gemcontent",
+            unique_together={("_pulp_domain", "checksum")},
+        ),
+    ]

pulp_gem/app/models.py

@@ -6,12 +6,14 @@
 from django.db import models
 
 from pulpcore.plugin.models import (
+    AutoAddObjPermsMixin,
     Content,
     Publication,
     Distribution,
     Remote,
     Repository,
 )
+from pulpcore.plugin.util import get_domain_pk
 
 from pulp_gem.specs import analyse_gem
 
@@ -30,6 +32,7 @@ class GemContent(Content):
     TYPE = "gem"
     repo_key_fields = ("name", "version", "platform")
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     name = models.TextField(blank=False, null=False)
     version = models.TextField(blank=False, null=False)
     platform = models.TextField(blank=False, null=False)
@@ -81,21 +84,28 @@ def __str__(self):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = ("checksum",)
+        unique_together = (
+            "_pulp_domain",
+            "checksum",
+        )
 
 
-class GemDistribution(Distribution):
+class GemDistribution(Distribution, AutoAddObjPermsMixin):
     """
     A Distribution for GemContent.
     """
 
     TYPE = "gem"
+    SERVE_FROM_PUBLICATION = True
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_gemdistribution", "Can manage roles on gem distributions"),
+        ]
 
 
-class GemPublication(Publication):
+class GemPublication(Publication, AutoAddObjPermsMixin):
     """
     A Publication for GemContent.
     """
@@ -104,9 +114,12 @@ class GemPublication(Publication):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_gempublication", "Can manage roles on gem publications"),
+        ]
 
 
-class GemRemote(Remote):
+class GemRemote(Remote, AutoAddObjPermsMixin):
     """
     A Remote for GemContent.
     """
@@ -133,9 +146,12 @@ def get_remote_artifact_content_type(self, relative_path=None):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_gemremote", "Can manage roles on gem remotes"),
+        ]
 
 
-class GemRepository(Repository):
+class GemRepository(Repository, AutoAddObjPermsMixin):
     """
     A Repository for GemContent.
     """
@@ -146,3 +162,9 @@ class GemRepository(Repository):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("sync_gemrepository", "Can start a sync task"),
+            ("modify_gemrepository", "Can modify content of the repository"),
+            ("manage_roles_gemrepository", "Can manage roles on gem repositories"),
+            ("repair_gemrepository", "Can repair repository versions"),
+        ]

pulp_gem/app/serializers.py

@@ -23,6 +23,7 @@
     RepositorySerializer,
     SingleContentArtifactField,
 )
+from pulpcore.plugin.util import get_domain_pk
 
 from pulp_gem.app.models import (
     GemContent,
@@ -126,7 +127,9 @@ def deferred_validate(self, data):
         return data
 
     def retrieve(self, validated_data):
-        return GemContent.objects.filter(checksum=validated_data["checksum"]).first()
+        return GemContent.objects.filter(
+            _pulp_domain=get_domain_pk(), checksum=validated_data["checksum"]
+        ).first()
 
     class Meta:
         fields = MultipleArtifactContentSerializer.Meta.fields + (