Pulpcore 3.17 release announcement¶
We are happy to announce the release of Pulpcore 3.17!
Let's take a look at the key features of this release.
For a full list of bugfixes, as well as Plugin API enhancements and bugfixes, see the changelog
New compatibility process¶
This is the first release where we will trial our attempt to increase plugin compatibility. For plugin maintainers, please read increasing Pulpcore compatibility with plugin versions for more information.
RBAC enhancements (#9411, #9413, #9415, #9498, #9604)¶
RBAC functionality in Pulp now has a new Roles model. To introduce and support roles in RBAC, it was necessary to introduce some supporting functions as well as rework existing functionality to use roles.
Here is a summary of the main introductions and changes to RBAC:
- A viewset to manage roles (as a set of permissions) was added. System defined locked roles appear read only.
- New views have been added to assign model-level and object-level roles to users and groups.
- Plugins can define locked system roles with their viewsets.
- New
assign_role
andremove_role
functions have been added to the Plugin API. - Existing access policies on viewsets were also rewritten to use roles.
RBAC's Content Guards have also been reworked to use roles. The following new endpoints were added to the RBAC capable viewsets to manage object-level role assignments:
add_roles
remove_roles
list_roles
my_permissions
This currently includes groups, tasks and RBAC content guard.
If you ever want to revert a modified access policy to the default settings, a new reset
endpoint has been added to provide for this. This will clear the customized flag, too, so updates from the plugin will be received again.
Related deprecations¶
The permissions_assignment
field of the access policies has been renamed to creation_hooks
.
A compatibility patch has been added to be removed with pulpcore=3.20. The permissions
argument to creation_hooks
has been deprecated to be removed with pulpcore=3.20, as per our new process.
#8554 Bulk deletion support¶
Over time, the database can fill with task-records. In the past, you had to manually delete individual tasks.
With this release, a new /tasks/purge/
API has been added with which you can bulk-delete old tasks records based on their completion timestamps.
#9459 Restricting username and passwords in remote URLs¶
For security purposes, validation has been added to prevent credentials being used in remote URLs.
This effort also includes adding data migration to ensure that existing credentials are moved from remote urls and into remote username
/password
fields for existing remotes.
#9518 Update to storage.url¶
It's now possible to send Content-type and Content-disposition headers in the AzureStorage.url
.
#9532 Metadata signing update¶
Administrators can add signing services to Pulp using the command line tools.
With this release, Signing service scripts can now access the public key fingerprint using the PULP_SIGNING_KEY_FINGERPRINT
environment variable.
This allows for more generic scripts that do not need to "guess" (hardcode) what key they should use.
Removals¶
#9327 Resource manager flag¶
The pulpcore-worker
binary no longer accepts the --resource-manager
flag. There is no resource manager anymore, so this flag is no longer needed.
#9498 RBAC permission endpoints removed¶
Removed tech previewed assign_permission
and remove_permission
endpoints from RBAC content guard viewset.