From 4b9351c074edf16279e5df2c4132c21866c47e8e Mon Sep 17 00:00:00 2001 From: superbuggy Date: Tue, 10 Dec 2024 14:39:37 -0500 Subject: [PATCH 1/4] Make model history (audits) public on unembargo Make linting corrections Update secrets Make more linting corrections --- .secrets.baseline | 4 +-- osidb/mixins.py | 25 ++++++++++++++++++- osidb/tests/endpoints/flaws/test_unembargo.py | 7 ++++++ 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index a7ba5945c..56b6f4950 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -376,7 +376,7 @@ "filename": "osidb/tests/endpoints/flaws/test_unembargo.py", "hashed_secret": "3c3b274d119ff5a5ec6c1e215c1cb794d9973ac1", "is_verified": false, - "line_number": 74, + "line_number": 75, "is_secret": false } ], @@ -449,5 +449,5 @@ } ] }, - "generated_at": "2024-11-27T14:06:13Z" + "generated_at": "2024-12-11T14:29:26Z" } diff --git a/osidb/mixins.py b/osidb/mixins.py index 6fa117271..be2b10e12 100644 --- a/osidb/mixins.py +++ b/osidb/mixins.py @@ -2,6 +2,9 @@ from functools import cached_property from itertools import chain +import pghistory +import pgtrigger +from django.apps import apps from django.conf import settings from django.contrib.contenttypes.fields import GenericForeignKey, GenericRelation from django.contrib.contenttypes.models import ContentType @@ -532,7 +535,27 @@ def unembargo(self): # unembargo self.set_public() - + refs = pghistory.models.Events.objects.references(self).all() + for ref in refs: + db, model_name = ref.pgh_model.split(".") + model_audit = apps.get_model(db, model_name).objects.filter( + pgh_id=ref.pgh_id + ) + with pgtrigger.ignore( + "osidb.FlawAudit:append_only", + "osidb.SnippetAudit:append_only", + "osidb.AffectAudit:append_only", + "osidb.AffectCVSSAudit:append_only", + "osidb.TrackerAudit:append_only", + "osidb.FlawAcknowledgmentAudit:append_only", + "osidb.FlawCommentAudit:append_only", + "osidb.FlawCVSSAudit:append_only", + "osidb.FlawReferenceAudit:append_only", + ): + model_audit.update( + acl_read=list(self.acls_public_read), + acl_write=list(self.acls_public_write), + ) kwargs = {} if issubclass(type(self), AlertMixin): # suppress the validation errors as we expect that during diff --git a/osidb/tests/endpoints/flaws/test_unembargo.py b/osidb/tests/endpoints/flaws/test_unembargo.py index d4ee8329b..ec8710593 100644 --- a/osidb/tests/endpoints/flaws/test_unembargo.py +++ b/osidb/tests/endpoints/flaws/test_unembargo.py @@ -2,6 +2,7 @@ from itertools import chain import pytest +from django.conf import settings from freezegun import freeze_time from rest_framework import status @@ -176,6 +177,12 @@ def test_complex(self, auth_client, test_api_uri): ) ) + assert ( + flaw["acls_read"] == settings.PUBLIC_READ_GROUPS + and flaw["acls_write"] == [settings.PUBLIC_WRITE_GROUP] + for flaw in Flaw.objects.all() + ) + @freeze_time(datetime(2020, 10, 10, tzinfo=timezone.utc)) def test_combined(self, auth_client, test_api_uri): """ From 1c3bc36c7c849fedcd19395a4e7bf6870b31ac1c Mon Sep 17 00:00:00 2001 From: superbuggy Date: Tue, 3 Dec 2024 16:32:13 -0500 Subject: [PATCH 2/4] =?UTF-8?q?=F0=9F=93=9D=20Document=20logging=20podman?= =?UTF-8?q?=20command=20and=20fix=20typo=20in=20developer=20docs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/developer/DEVELOP.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/developer/DEVELOP.md b/docs/developer/DEVELOP.md index 87a2108d1..009369e12 100644 --- a/docs/developer/DEVELOP.md +++ b/docs/developer/DEVELOP.md @@ -272,6 +272,15 @@ It's possible to perform local development outside of containers, in the venv th See `make help` for a short summary of these _make targets_. +## Logging + +### Podman Logs + +You can use podman's logging subcommand along with the `--follow` (`-f`) flag to get a better idea of what is going on in the container. This is especially helpful with the container running Django/WSGI. + +```sh +$ podman logs -f osidb-service +``` ## Updating dev env @@ -348,7 +357,7 @@ Situations where combining `compose-down` and `build` is useful: - If you don't care about database contents, run `make db-drop` and try again. - If `make db-drop` doesn't fix it, run `make compose-down; make build`. It seems there's something that makes the database corrupted from the start. - If that doesn't fix it, do `make clean; make dev-env; make start-local`, but this probably won't fix it anyway. - - For more involved debugging, use `podman logs osidb-service`, `podman logs osidg-data`, and inside `podman exec -it osidb-service bash` follow https://stackoverflow.com/a/55929118 to uncover a more specific Django error message. + - For more involved debugging, use `podman logs osidb-service`, `podman logs osidb-data`, and inside `podman exec -it osidb-service bash` follow https://stackoverflow.com/a/55929118 to uncover a more specific Django error message. - If `django.db.utils.OperationalError: could not translate host name "osidb-data" to address: Name or service not known`, osidb-service can't find the hostname `osidb-data`, either because the container osidb-data is not running, or because there's a podman network issue that breaks container-to-container communication. - If `podman exec -it osidb-data pg_isready || echo error` returns an error, try to get the `osidb-data` container up and running first (see previous debugging steps). - If osidb-data is running correctly, it's possible this is an instance of the bug https://bugzilla.redhat.com/show_bug.cgi?id=1980157 (but actually who knows, I [jsvoboda] don't know enough about this :-( ). From 7a52b45eb79cb37edba6fb347d842d3a35855ac1 Mon Sep 17 00:00:00 2001 From: superbuggy Date: Fri, 13 Dec 2024 12:30:11 -0500 Subject: [PATCH 3/4] Programmatically infer pg trigger URI from model name --- osidb/mixins.py | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/osidb/mixins.py b/osidb/mixins.py index be2b10e12..c72aed45a 100644 --- a/osidb/mixins.py +++ b/osidb/mixins.py @@ -541,17 +541,8 @@ def unembargo(self): model_audit = apps.get_model(db, model_name).objects.filter( pgh_id=ref.pgh_id ) - with pgtrigger.ignore( - "osidb.FlawAudit:append_only", - "osidb.SnippetAudit:append_only", - "osidb.AffectAudit:append_only", - "osidb.AffectCVSSAudit:append_only", - "osidb.TrackerAudit:append_only", - "osidb.FlawAcknowledgmentAudit:append_only", - "osidb.FlawCommentAudit:append_only", - "osidb.FlawCVSSAudit:append_only", - "osidb.FlawReferenceAudit:append_only", - ): + + with pgtrigger.ignore(f"{db}.{model_name}:append_only"): model_audit.update( acl_read=list(self.acls_public_read), acl_write=list(self.acls_public_write), From 192070c1cb34c20fd073a1325c0e8a2067567fb9 Mon Sep 17 00:00:00 2001 From: superbuggy Date: Fri, 13 Dec 2024 12:51:09 -0500 Subject: [PATCH 4/4] Correct test logic --- osidb/tests/endpoints/flaws/test_unembargo.py | 34 +++++++++++-------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/osidb/tests/endpoints/flaws/test_unembargo.py b/osidb/tests/endpoints/flaws/test_unembargo.py index ec8710593..e89d92a1a 100644 --- a/osidb/tests/endpoints/flaws/test_unembargo.py +++ b/osidb/tests/endpoints/flaws/test_unembargo.py @@ -1,6 +1,7 @@ from datetime import datetime, timezone from itertools import chain +import pghistory import pytest from django.conf import settings from freezegun import freeze_time @@ -162,25 +163,30 @@ def test_complex(self, auth_client, test_api_uri): HTTP_JIRA_API_KEY="SECRET", ) assert response.status_code == status.HTTP_200_OK + models = [ + Flaw, + FlawAcknowledgment, + FlawComment, + FlawCVSS, + FlawReference, + Affect, + AffectCVSS, + Package, + Tracker, + ] assert not any( instance.is_embargoed - for instance in chain( - Flaw.objects.all(), - FlawAcknowledgment.objects.all(), - FlawComment.objects.all(), - FlawCVSS.objects.all(), - FlawReference.objects.all(), - Affect.objects.all(), - AffectCVSS.objects.all(), - Package.objects.all(), - Tracker.objects.all(), - ) + for instance in chain(*[model.objects.all() for model in models]) ) + audit_models = [ + pghistory.models.Events.objects.references(model).all() + for model in models + ] assert ( - flaw["acls_read"] == settings.PUBLIC_READ_GROUPS - and flaw["acls_write"] == [settings.PUBLIC_WRITE_GROUP] - for flaw in Flaw.objects.all() + audit_model["acls_read"] == settings.PUBLIC_READ_GROUPS + and audit_model["acls_write"] == [settings.PUBLIC_WRITE_GROUP] + for audit_model in audit_models ) @freeze_time(datetime(2020, 10, 10, tzinfo=timezone.utc))