Pulpcore 3.17 release announcement
We are happy to announce the release of Pulpcore 3.17!
Let’s take a look at the key features of this release.
For a full list of bugfixes, as well as Plugin API enhancements and bugfixes, see the changelog
New compatibility process
This is the first release where we will trial our attempt to increase plugin compatibility. For plugin maintainers, please read increasing Pulpcore compatibility with plugin versions for more information.
RBAC functionality in Pulp now has a new Roles model. To introduce and support roles in RBAC, it was necessary to introduce some supporting functions as well as rework existing functionality to use roles.
Here is a summary of the main introductions and changes to RBAC:
- A viewset to manage roles (as a set of permissions) was added. System defined locked roles appear read only.
- New views have been added to assign model-level and object-level roles to users and groups.
- Plugins can define locked system roles with their viewsets.
remove_rolefunctions have been added to the Plugin API.
- Existing access policies on viewsets were also rewritten to use roles.
RBAC’s Content Guards have also been reworked to use roles. The following new endpoints were added to the RBAC capable viewsets to manage object-level role assignments:
This currently includes groups, tasks and RBAC content guard.
If you ever want to revert a modified access policy to the default settings, a new
reset endpoint has been added to provide for this. This will clear the customized flag, too, so updates from the plugin will be received again.
permissions_assignment field of the access policies has been renamed to
A compatibility patch has been added to be removed with pulpcore=3.20. The
permissions argument to
creation_hooks has been deprecated to be removed with pulpcore=3.20, as per our new process.
#8554 Bulk deletion support
Over time, the database can fill with task-records. In the past, you had to manually delete individual tasks.
With this release, a new
/tasks/purge/ API has been added with which you can bulk-delete old tasks records based on their completion timestamps.
#9459 Restricting username and passwords in remote URLs
For security purposes, validation has been added to prevent credentials being used in remote URLs.
This effort also includes adding data migration to ensure that existing credentials are moved from remote urls and into remote
password fields for existing remotes.
#9518 Update to storage.url
It’s now possible to send Content-type and Content-disposition headers in the
#9532 Metadata signing update
Administrators can add signing services to Pulp using the command line tools.
With this release, Signing service scripts can now access the public key fingerprint using the
PULP_SIGNING_KEY_FINGERPRINT environment variable.
This allows for more generic scripts that do not need to “guess” (hardcode) what key they should use.
#9327 Resource manager flag
pulpcore-worker binary no longer accepts the
--resource-manager flag. There is no resource manager anymore, so this flag is no longer needed.
#9498 RBAC permission endpoints removed
Removed tech previewed
remove_permission endpoints from RBAC content guard viewset.