daviddavis
commented
1 month ago It seems like there was a similar request a couple years ago but for syncing: https://github.com/pulp/pulpcore/issues/1957
Open daviddavis opened 1 month ago
daviddavis
commented
1 month ago It seems like there was a similar request a couple years ago but for syncing: https://github.com/pulp/pulpcore/issues/1957
mdellweg
commented
1 month ago [...] But then we'd need (a) some easy way to download packages from Pulp that haven't been published [...]
There is function to generate a link for use with the artifact distribution. And i think we can attach the resulting preauthenticated url to any message we send out.
mdellweg
commented
1 month ago
Is your feature request related to a problem? Please describe. Currently, when a package is uploaded into our system, we perform a series of checks before passing the package to Pulp. These include things like security/antivirus checks, etc. But we're running into several problems: the uploader has to wait on these checks since we don't process things in the background (we only use Pulp's background tasking system) and web requests can time out. Also, we can't use some of Pulp's features like chunked uploads since we have to see the entire file to run our checks on them.
Describe the solution you'd like What we'd like is some sort of solution where we could pass the upload to Pulp and Pulp could call our package validation container as part of the package creation task. Ideally, Pulp wouldn't create the package if our checks fail. One option might be to have something similar to Pulp's signing service where we can configure a shell command that Pulp would call and based on the return code, the package creation task would fail.
Describe alternatives you've considered I was thinking about how we could maybe leverage Kafka in Pulp to support this feature. Maybe we could listen for the package upload and then run our checks. But then we'd need (a) some easy way to download packages from Pulp that haven't been published and (b) some way to mark packages as bad (or delete them immediately). I think ideally though packages wouldn't get created in Pulp if they don't pass our checks.