Listing artifacts is not allowed anymore as non-admin

[simenon]

Version 3.64

Describe the bug When uploading a large file with the procedure stated here https://pulpproject.org/pulpcore/docs/user/guides/upload-publish/?h=chunked#chunked-uploads you will end up with an artifact that is not associated with any repository yet.

The last step where you do a commit will produce a reference to an artifact task.

My current workflow is to verify that the artifact task has completed. Next step is to list the artifact based on the sha256, just to verify that it is really there (maybe too much paranoia), but that step is no longer allowed. I think it was before change https://github.com/pulp/pulpcore/pull/5669 When artifact is present, i associate it with a repository based on the artifact href obtained from the previous step

I can't find any permission to still allow users to list artifacts (https://pulpproject.org/pulpcore/restapi/#tag/Artifacts/operation/artifacts_list)

To Reproduce List artifacts as non-admin user

Expected behavior Allow user to still list artifacts based on rbac

Additional context None

[lubosmj]

We discourage users from uploading and using raw artifacts (https://github.com/pulp/pulpcore/issues/5525). Instead, you should follow this approach to upload the content directly to the repository: https://pulpproject.org/pulp_file/docs/user/guides/upload/#upload-a-file-into-foo.

[simenon]

If the artifact is too large to be uploaded in a single shot, we need to resort to chunked uploads. Afaik chunked uploads create an artifact after the final /commit api call. This artifact still needs to be associated with a repository.

I could obtain the pulp_href to the artifact from the task status. Unless the task ends with an error, for example of the artifact allready exists. Then i don't get a href to the artifact.

In this scenario i would like to list the artifact based on the sha256 of the file that has been uploaded, such so that i can obtain the pulp_href to the artifact, which i need to associate the artifact with a repository.

Unless you can provide an alternative to identify an artifact created from chunked upload, i don't see another solution through the api.

[mdellweg]

In all places, where you can upload a file, you can alternatively specify an uncommited upload, or even a remote url.

[mdellweg]

We should probably deprecate / lock down / remove the "upload commit" too.

[simenon]

I am not sure if i am agreeing with closing this. It looks unresolved to me.

The end result of the example at https://pulpproject.org/pulpcore/docs/user/guides/upload-publish/?h=chunked#chunked-uploads is a committed upload. Which according the documentation states: This queues a task that creates an artifact, and the upload gets deleted and cannot be re-used.

So after a commit, the upload is gone, and the end-result is an artifact at that point according the documentation

Now from this point we can move forward on either:

• We associate an artifact with a repository (which is not allowed anymore)
• We associate an uncommitted upload with a repository (But then the documentation is incorrect for chunked uploads)
• We associate a committed upload with a repository

With the API i can add an uncommitted upload with --upload https://pulpproject.org/pulp_file/restapi/#tag/Content:-Files/operation/content_file_files_create https://pulpproject.org/pulp_rpm/restapi/#tag/Content:-Packages/operation/content_rpm_packages_create

From what i understand is that the current way should be to upload a large file in chunks but not end with a commit. Then associate the uncommited upload with a repository.

Now i wonder how i can verify that the uncommitted upload actually matches the sha256 of the in chunks uploaded file ? Cause this was an option with the /commit step, but i can't do that while creating a file content or rpm content

Anyways, the documentation states incorrect things in my opinion.

[mdellweg]

I kind of hit close comment by accident and then thought, well it's not broken as such. Anyway I am reopening it and adding the documentation label. Because that is wrong for sure.

[mdellweg]

Can you maybe file a feature request for providing checksums when using Uploads as a separate issue?

[simenon]

Can you maybe file a feature request for providing checksums when using Uploads as a separate issue?

https://github.com/pulp/pulpcore/issues/5883