search

pulp / pulpcore

Pulp 3 pulpcore package https://pypi.org/project/pulpcore/
GNU General Public License v2.0
252 stars 107 forks source link

`SECRET_KEY` is a boolean by default, causing `pulpcore-manager check --deploy` to fail #5529

Open lubosmj opened 5 days ago

lubosmj commented 5 days ago

This value is expected to be overwritten by a user. However, it is not mentioned in the docs and it does not work out of the box

Steps to reproduce the behaviour:

  1. Run a pulp-all-in-one image.
  2. Shell into the container and run: 
    pulpcore-manager check --deploy
    Traceback (most recent call last):
File "/usr/local/bin/pulpcore-manager", line 8, in <module>
sys.exit(manage())
File "/usr/local/lib/python3.9/site-packages/pulpcore/app/manage.py", line 11, in manage
execute_from_command_line(sys.argv)
File "/usr/local/lib/python3.9/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python3.9/site-packages/django/core/management/__init__.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 412, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 458, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python3.9/site-packages/django/core/management/commands/check.py", line 76, in handle
self.check(
File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 485, in check
all_issues = checks.run_checks(
File "/usr/local/lib/python3.9/site-packages/django/core/checks/registry.py", line 88, in run_checks
new_errors = check(app_configs=app_configs, databases=databases)
File "/usr/local/lib/python3.9/site-packages/django/core/checks/security/base.py", line 222, in check_secret_key
passed_check = _check_secret_key(secret_key)
File "/usr/local/lib/python3.9/site-packages/django/core/checks/security/base.py", line 209, in _check_secret_key
len(set(secret_key)) >= SECRET_KEY_MIN_UNIQUE_CHARACTERS

Additional context

https://docs.djangoproject.com/en/5.0/ref/settings/#secret-key https://pulpproject.org/pulpcore/docs/admin/reference/settings/?h=secret_key#secret_key

lubosmj commented 5 days ago

Feel free to close in favour of https://github.com/pulp/pulp-oci-images/pull/645.

git-hyagi commented 5 days ago

On pulp-operator we are allowing users to provide their own key (through a k8s Secret) or, if the Secret is not provided, the operator will generate a random key: https://github.com/pulp/pulp-operator/pull/1052/files#diff-767e3ed424408b65414c799c6f9a6e12cc8584cd7433b449f0e716e3022a2bbf

maybe we could follow a similar approach in pulp-oci-images, like generating a random key during container startup and/or allowing users to provide their own key (through an env var, for example).