Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SECRET_KEY is a boolean by default, causing pulpcore-manager check --deploy to fail #5529

Closed
lubosmj opened this issue Jun 27, 2024 · 2 comments · Fixed by #5530
Closed

SECRET_KEY is a boolean by default, causing pulpcore-manager check --deploy to fail #5529

lubosmj opened this issue Jun 27, 2024 · 2 comments · Fixed by #5530
Labels
Issue

Comments

@lubosmj
Copy link
Member

lubosmj commented Jun 27, 2024
edited
Loading

This value is expected to be overwritten by a user. However, such information is not mentioned in the docs and due to this, the pulp-all-in-one container does not work out of the box.

Steps to reproduce the behaviour:

  1. Run a pulp-all-in-one image.
  2. Shell into the container and run:
pulpcore-manager check --deploy

Traceback (most recent call last):
  File "/usr/local/bin/pulpcore-manager", line 8, in <module>
    sys.exit(manage())
  File "/usr/local/lib/python3.9/site-packages/pulpcore/app/manage.py", line 11, in manage
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python3.9/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python3.9/site-packages/django/core/management/__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 412, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 458, in execute
    output = self.handle(*args, **options)
  File "/usr/local/lib/python3.9/site-packages/django/core/management/commands/check.py", line 76, in handle
    self.check(
  File "/usr/local/lib/python3.9/site-packages/django/core/management/base.py", line 485, in check
    all_issues = checks.run_checks(
  File "/usr/local/lib/python3.9/site-packages/django/core/checks/registry.py", line 88, in run_checks
    new_errors = check(app_configs=app_configs, databases=databases)
  File "/usr/local/lib/python3.9/site-packages/django/core/checks/security/base.py", line 222, in check_secret_key
    passed_check = _check_secret_key(secret_key)
  File "/usr/local/lib/python3.9/site-packages/django/core/checks/security/base.py", line 209, in _check_secret_key
    len(set(secret_key)) >= SECRET_KEY_MIN_UNIQUE_CHARACTERS

Additional context

https://docs.djangoproject.com/en/5.0/ref/settings/#secret-key
https://pulpproject.org/pulpcore/docs/admin/reference/settings/?h=secret_key#secret_key
@lubosmj lubosmj changed the title SECRET_KEY is not a boolean, causing pulpcore-manager check --deploy to fail SECRET_KEY is a boolean by default, causing pulpcore-manager check --deploy to fail Jun 27, 2024
lubosmj added a commit to lubosmj/pulpcore that referenced this issue Jun 27, 2024
@lubosmj
Update the default value of SECRET_KEY to enable deployment checks
7197b17 
closes pulp#5529
@lubosmj lubosmj mentioned this issue Jun 27, 2024
Merged
@pulpbot pulpbot moved this to Needs review in RH Pulp Kanban board Jun 27, 2024
@lubosmj
Copy link
Member Author

lubosmj commented Jun 27, 2024

Feel free to close in favour of pulp/pulp-oci-images#645.

lubosmj added a commit to lubosmj/pulpcore that referenced this issue Jun 27, 2024
@lubosmj
Update the default value of SECRET_KEY to enable deployment checks
2bcf353 
closes pulp#5529
@git-hyagi
Copy link
Contributor

On pulp-operator we are allowing users to provide their own key (through a k8s Secret) or, if the Secret is not provided, the operator will generate a random key: https://github.com/pulp/pulp-operator/pull/1052/files#diff-767e3ed424408b65414c799c6f9a6e12cc8584cd7433b449f0e716e3022a2bbf

maybe we could follow a similar approach in pulp-oci-images, like generating a random key during container startup and/or allowing users to provide their own key (through an env var, for example).

lubosmj added a commit to lubosmj/pulpcore that referenced this issue Jul 2, 2024
@lubosmj
Update the default value of SECRET_KEY to enable deployment checks
19b02c8 
closes pulp#5529
lubosmj added a commit to lubosmj/pulpcore that referenced this issue Jul 2, 2024
@lubosmj
Update the default value of SECRET_KEY to enable deployment checks
618165c 
closes pulp#5529
@pulpbot pulpbot moved this from Needs review to Done in RH Pulp Kanban board Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Issue
Projects
No open projects
RH Pulp Kanban board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update the default value of SECRET_KEY to enable deployment checks lubosmj/pulpcore
3 participants
@dkliban @lubosmj @git-hyagi