Refactor package upload view and split validation

[noissue]

pulp_rpm/app/migrations/0060_rpmpackagesigningservice.py → pulp_rpm/app/migrations/0062_rpmpackagesigningservice_and_more.py

@@ -1,13 +1,12 @@
-# Generated by Django 4.2.7 on 2024-02-06 20:03
+# Generated by Django 4.2.10 on 2024-04-25 16:39
 
 from django.db import migrations, models
 import django.db.models.deletion
 
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("core", "0116_alter_remoteartifact_md5_alter_remoteartifact_sha1_and_more"),
-        ("rpm", "0059_rpmpublication_compression_type_and_more"),
+        ("rpm", "0061_fix_modulemd_defaults_digest"),
     ]
 
     operations = [
@@ -31,4 +30,18 @@ class Migration(migrations.Migration):
             },
             bases=("core.signingservice",),
         ),
+        migrations.AddField(
+            model_name="rpmrepository",
+            name="package_signing_pubkey",
+            field=models.TextField(max_length=40, null=True),
+        ),
+        migrations.AddField(
+            model_name="rpmrepository",
+            name="package_signing_service",
+            field=models.ForeignKey(
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                to="rpm.rpmpackagesigningservice",
+            ),
+        ),
     ]

pulp_rpm/app/models/content.py

@@ -41,7 +41,7 @@ def sign(
         if not pubkey_fingerprint:
             raise ValueError("A pubkey_fingerprint must be provided.")
         _env_vars = env_vars or {}
-        _env_vars["PULP_SIGNING_KEY_FINGERPRINT"]=pubkey_fingerprint
+        _env_vars["PULP_SIGNING_KEY_FINGERPRINT"] = pubkey_fingerprint
         return super().sign(filename, _env_vars)
 
     def validate(self):

pulp_rpm/app/serializers/package.py

@@ -330,9 +330,33 @@ class Meta:
         )
         model = Package
 
+    def validate(self, data):
+        validated_data = super().validate(data)
+        sign_package = validated_data.get("sign_package")
+        temp_uploaded_file = validated_data.get("file")
+        associated_repo = validated_data.get("repository")
+        signing_service_pk = associated_repo.package_signing_service.pk
+        signing_fingerprint = associated_repo.package_signing_pubkey
+        if sign_package is True and not temp_uploaded_file:
+            raise serializers.ValidationError(
+                _("To sign a package on upload, a file must be provided.")
+            )
+        if not signing_service_pk and not signing_fingerprint:
+            raise serializers.ValidationError(
+                _(
+                    "To sign a package on upload, the related Repository should have"
+                    "both 'package_signing_service' and 'package_signing_pubkey' set."
+                )
+            )
+        validated_data["signing_service_pk"] = signing_service_pk
+        validated_data["signing_fingerprint"] = signing_fingerprint
+        return validated_data
+
     def create(self, validated_data):
         # clean api-only option before creating model
         validated_data.pop("sign_package", None)
+        validated_data.pop("signing_service_pk", None)
+        validated_data.pop("signing_fingerprint", None)
         return super().create(validated_data)
 
 

pulp_rpm/app/serializers/repository.py

@@ -69,7 +69,7 @@ class RpmRepositorySerializer(RepositorySerializer):
     package_signing_pubkey = serializers.CharField(
         help_text=_(
             "The pubkey V4 fingerprint (160 bits) to be passed to the package signing service."
-            "The signing service will use that on package signing operations related to this repository."
+            "The signing service will use that on signing operations related to this repository."
         ),
         max_length=40,
         min_length=40,

pulp_rpm/app/tasks/signing.py

@@ -8,7 +8,13 @@
 
 
 def sign_and_create(
-    app_label, serializer_name, signing_service_pk, signing_fingerprint, temporary_file_pk, *args, **kwargs
+    app_label,
+    serializer_name,
+    signing_service_pk,
+    signing_fingerprint,
+    temporary_file_pk,
+    *args,
+    **kwargs,
 ):
     data = kwargs.pop("data", None)
     context = kwargs.pop("context", {})

pulp_rpm/app/viewsets/package.py

@@ -2,7 +2,7 @@
 from drf_spectacular.utils import extend_schema
 from pulpcore.plugin.models import PulpTemporaryFile
 from pulpcore.plugin.serializers import AsyncOperationResponseSerializer
-from pulpcore.plugin.tasking import dispatch, general_create
+from pulpcore.plugin.tasking import dispatch
 from pulpcore.plugin.viewsets import (
     ContentFilter,
     OperationPostponedResponse,
@@ -78,46 +78,38 @@ class PackageViewSet(SingleArtifactContentUploadViewSet):
         responses={202: AsyncOperationResponseSerializer},
     )
     def create(self, request):
+        # normal case
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid(raise_exception=True)
+        sign_package = serializer.validated_data.pop("sign_package")
+        if sign_package is not True:
+            return super().create(request)
+
+        # signing case invariants
+        request.data.pop("file")
+        request.data.pop("sign_package")
+        temp_uploaded_file = serializer.validated_data.get("file")
+        signing_service_pk = serializer.validated_data.pop("signing_service_pk")
+        signing_fingerprint = serializer.validated_data.pop("signing_fingerprint")
 
-        # common task params
+        # dispatch signing task
+        pulp_temp_file = PulpTemporaryFile(file=temp_uploaded_file.temporary_file_path())
+        pulp_temp_file.save()
         task_args = {
             "app_label": self.queryset.model._meta.app_label,
             "serializer_name": serializer.__class__.__name__,
+            "signing_service_pk": signing_service_pk,
+            "signing_fingerprint": signing_fingerprint,
+            "temporary_file_pk": pulp_temp_file.pk,
         }
+        task_payload = {k: v for k, v in request.data.items()}
         task_exclusive = [
             item
             for item in (serializer.validated_data.get(key) for key in ("upload", "repository"))
             if item
         ]
-
-        # handle signing, if required
-        sign_package = serializer.validated_data.pop("sign_package")
-        temp_uploaded_file = serializer.validated_data.get("file")
-        if sign_package is True and temp_uploaded_file:
-            associated_repo = serializer.validated_data.get("repository")
-            signing_service_pk = associated_repo.package_signing_service.pk
-            signing_fingerprint = associated_repo.package_signing_pubkey
-            if not signing_service_pk and not signing_fingerprint:
-                raise ValueError(
-                    "To sign a package on upload, the related Repository should have"
-                    "both 'package_signing_service' and 'package_signing_pubkey' set."
-                 )
-
-            request.data.pop("file")
-            pulp_temp_file = PulpTemporaryFile(file=temp_uploaded_file.temporary_file_path())
-            pulp_temp_file.save()
-            task_fn = rpm_tasks.signing.sign_and_create
-            task_args["signing_service_pk"] = signing_service_pk
-            task_args["signing_fingerprint"] = signing_fingerprint
-            task_args["temporary_file_pk"] = pulp_temp_file.pk
-            task_payload = {k: v for k, v in request.data.items()}
-        else:
-            task_fn = general_create
-            task_payload = self.init_content_data(serializer, request)
         task = dispatch(
-            task_fn,
+            rpm_tasks.signing.sign_and_create,
             exclusive_resources=task_exclusive,
             args=tuple(task_args.values()),
             kwargs={