Support on-demand content in repair_metadata

closes #849

Author: jobselko

CHANGES/849.feature

@@ -0,0 +1 @@
+Added support for on-demand content to `repair_metadata` endpoint.

pulp_python/app/tasks/repair.py

@@ -2,12 +2,18 @@
 import uuid
 from gettext import gettext as _
 
+from requests.exceptions import RequestException
 from django.db.models.query import QuerySet
 from pulpcore.plugin.models import ProgressReport
 from pulpcore.plugin.util import get_domain
 
 from pulp_python.app.models import PythonPackageContent, PythonRepository
-from pulp_python.app.utils import artifact_to_python_content_data
+from pulp_python.app.utils import (
+    artifact_to_python_content_data,
+    fetch_json_release_metadata,
+    parse_metadata,
+)
+from itertools import groupby
 
 log = logging.getLogger(__name__)
 
@@ -47,8 +53,17 @@ def repair_metadata(content: QuerySet[PythonPackageContent]) -> int:
     Returns:
         int: The number of packages that were repaired.
     """
-    # TODO: Add on_demand content repair
-    immediate_content = content.filter(contentartifact__artifact__isnull=False)
+    immediate_content = (
+        content.filter(contentartifact__artifact__isnull=False)
+        .distinct()
+        .prefetch_related("_artifacts")
+    )
+    on_demand_content = (
+        content.filter(contentartifact__artifact__isnull=True)
+        .distinct()
+        .prefetch_related("contentartifact_set__remoteartifact_set")
+        .order_by("name", "version")
+    )
     domain = get_domain()
 
     batch = []
@@ -58,12 +73,12 @@ def repair_metadata(content: QuerySet[PythonPackageContent]) -> int:
     progress_report = ProgressReport(
         message="Repairing packages' metadata",
         code="repair.metadata",
-        total=immediate_content.count(),
+        total=content.count(),
     )
     progress_report.save()
     with progress_report:
         for package in progress_report.iter(
-            immediate_content.prefetch_related("_artifacts").iterator(chunk_size=1000)
+            immediate_content.iterator(chunk_size=1000)
         ):
             new_data = artifact_to_python_content_data(
                 package.filename, package._artifacts.get(), domain
@@ -82,6 +97,85 @@ def repair_metadata(content: QuerySet[PythonPackageContent]) -> int:
                 batch = []
                 set_of_update_fields.clear()
 
+        # For on-demand content, we expect that:
+        # 1. PythonPackageContent always has correct name and version, and one ContentArtifact
+        # 2. RemoteArtifact always has correct sha256
+        # Repair is only supported if all PythonPackageContent items with the same name and
+        # version (i.e. group) share the same remote URL. Otherwise, the entire group is skipped
+        for (name, version), group in groupby(
+            on_demand_content.iterator(chunk_size=1000),
+            key=lambda x: (x.name, x.version),
+        ):
+            group = list(group)
+            remotes = set(
+                remote
+                for content in group
+                for remote in content.contentartifact_set.get()
+                .remoteartifact_set.all()
+                .values_list("remote__url", flat=True)
+            )
+            if len(remotes) != 1:
+                log.warning(
+                    _("Only one remote url is supported for {} {}").format(
+                        name, version
+                    )
+                )
+                continue
+            remote_url = remotes.pop()
+
+            # Retrieve data with all distributions for the given package version
+            try:
+                json_data = fetch_json_release_metadata(name, version, remote_url)
+            except RequestException as exc:
+                log.warning(
+                    _("Could not fetch metadata for {} {} from {}. Error: {}").format(
+                        name, version, remote_url, exc
+                    )
+                )
+                continue
+
+            for package in progress_report.iter(group):
+                remote_artifacts = (
+                    package.contentartifact_set.get().remoteartifact_set.all()
+                )
+                # Extract data only for the specific distribution being checked
+                dist_data = next(
+                    (
+                        dist
+                        for ra in remote_artifacts
+                        for dist in json_data["urls"]
+                        if ra.sha256 == dist["digests"]["sha256"]
+                    ),
+                    None,
+                )
+                if not dist_data:
+                    log.warning(
+                        _(
+                            "Could not fetch distribution for {} {} with sha256 {}."
+                        ).format(name, version, package.sha256)
+                    )
+                    continue
+
+                new_data = parse_metadata(json_data["info"], package.version, dist_data)
+                new_data.pop("url")  # belongs to RemoteArtifact
+                new_data["pulp_domain"] = domain
+                new_data["_pulp_domain"] = new_data["pulp_domain"]
+                changed = False
+                for field, value in new_data.items():
+                    if getattr(package, field) != value:
+                        setattr(package, field, value)
+                        set_of_update_fields.add(field)
+                        changed = True
+                if changed:
+                    batch.append(package)
+                if len(batch) == 1000:
+                    total_repaired += len(batch)
+                    PythonPackageContent.objects.bulk_update(
+                        batch, set_of_update_fields
+                    )
+                    batch = []
+                    set_of_update_fields.clear()
+
     if batch:
         total_repaired += len(batch)
         PythonPackageContent.objects.bulk_update(batch, set_of_update_fields)

pulp_python/app/utils.py

@@ -1,5 +1,6 @@
 import pkginfo
 import re
+import requests
 import shutil
 import tempfile
 import json
@@ -189,6 +190,19 @@ def artifact_to_python_content_data(filename, artifact, domain=None):
     return data
 
 
+def fetch_json_release_metadata(name: str, version: str, remote_url: str) -> dict:
+    """
+    Fetches metadata for a specific release from PyPI's JSON API. A release can contain
+    multiple distributions. See https://docs.pypi.org/api/json/#get-a-release for more details.
+
+    Returns dict containing "info", "last_serial", "urls", and "vulnerabilities" keys.
+    """
+    url = f"{remote_url}pypi/{name}/{version}/json"
+    response = requests.get(url, timeout=10)
+    response.raise_for_status()
+    return response.json()
+
+
 def python_content_to_json(base_path, content_query, version=None, domain=None):
     """
     Converts a QuerySet of PythonPackageContent into the PyPi JSON format

pulp_python/tests/functional/api/test_repair.py

@@ -32,6 +32,33 @@ def _create(artifact_filename, filename, content_data):
     return _create
 
 
+@pytest.fixture
+def create_content_remote(python_bindings):
+    def _create(filename, content_data, ra_sha256, remote):
+        commands = (
+            "from pulpcore.plugin.models import ContentArtifact, RemoteArtifact; "
+            "from pulpcore.plugin.util import extract_pk, get_url; "
+            "from pulp_python.app.models import PythonPackageContent, PythonRemote; "
+            f"c = PythonPackageContent(filename={filename!r}, **{content_data!r}); "
+            "c.save(); "
+            f"ca = ContentArtifact(content=c, relative_path={filename!r}); "
+            "ca.save(); "
+            f"r = PythonRemote.objects.get(pk=extract_pk({remote.pulp_href!r})); "
+            f"ra = RemoteArtifact(content_artifact=ca, remote=r, sha256={ra_sha256!r}); "
+            "ra.save(); "
+            "print(get_url(c))"
+        )
+        process = subprocess.run(
+            ["pulpcore-manager", "shell", "-c", commands], capture_output=True
+        )
+
+        assert process.returncode == 0
+        content_href = process.stdout.decode().strip()
+        return python_bindings.ContentPackagesApi.read(content_href)
+
+    return _create
+
+
 @pytest.fixture
 def move_to_repository(python_bindings, monitor_task):
     def _move(repo_href, content_hrefs):
@@ -84,6 +111,7 @@ def test_metadata_repair_command(
 
 def test_metadata_repair_endpoint(
     create_content_direct,
+    delete_orphans_pre,
     download_python_file,
     monitor_task,
     move_to_repository,
@@ -124,3 +152,104 @@ def test_metadata_repair_endpoint(
     assert content.packagetype == "sdist"
     assert content.requires_python == ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*"
     assert content.author == ""
+
+
+def test_metadata_repair_endpoint_on_demand(
+    create_content_remote,
+    delete_orphans_pre,
+    monitor_task,
+    move_to_repository,
+    python_bindings,
+    python_remote_factory,
+    python_repo_factory,
+):
+    """
+    Test repairing of package metadata via `Repositories.repair_metadata` endpoint
+    when only RemoteArtifacts are present.
+    """
+    # 1. Set up tested data
+    python_remote = python_remote_factory()
+    python_repo = python_repo_factory(remote=python_remote)
+
+    scipy_filename_1 = "scipy-1.1.0.tar.gz"
+    scipy_sha256_1 = "878352408424dffaa695ffedf2f9f92844e116686923ed9aa8626fc30d32cfd1"
+    scipy_data_1 = {
+        "name": "scipy",
+        "version": "1.1.0",
+        # Wrong metadata
+        "author": "ME",
+        "packagetype": "bdist",
+        "requires_python": ">=3.8",
+        "sha256": scipy_sha256_1,
+    }
+
+    scipy_filename_2 = "scipy-1.1.0-cp36-none-win32.whl"
+    scipy_sha256_2 = "0e9bb7efe5f051ea7212555b290e784b82f21ffd0f655405ac4f87e288b730b3"
+    scipy_data_2 = scipy_data_1.copy()
+    scipy_data_2["sha256"] = scipy_sha256_2
+
+    celery_filename_1 = "celery-2.4.1.tar.gz"
+    celery_sha256_1 = "c77652ca179d14473975822dbfb1b5dab950c88c171ef6bc2257ddb9066e6790"
+    celery_data_1 = {
+        "name": "celery",
+        "version": "2.4.1",
+        # Wrong metadata
+        "author": "ME",
+        "packagetype": "bdist",
+        "requires_python": ">=3.8",
+    }
+
+    celery_filename_2 = "celery-4.0.0.tar.gz"
+    celery_sha256_2 = "3e38a9a7f2868f774dffbb49e3afd2e56f57875deb06cb3ee3808f572601a8f0"
+    celery_data_2 = celery_data_1.copy()
+    celery_data_2["sha256"] = celery_sha256_2
+    celery_data_2["version"] = "4.0.0"
+
+    # 2. Create content and store its href
+    content_hrefs = {}
+    for filename, data, sha256 in [
+        (scipy_filename_1, scipy_data_1, scipy_sha256_1),
+        (scipy_filename_2, scipy_data_2, scipy_sha256_2),
+        (celery_filename_1, celery_data_1, celery_sha256_1),
+        (celery_filename_2, celery_data_2, celery_sha256_2),
+    ]:
+        content = create_content_remote(filename, data, sha256, python_remote)
+        for field, test_value in data.items():
+            assert getattr(content, field) == test_value
+            content_hrefs[filename] = content.pulp_href
+    move_to_repository(python_repo.pulp_href, list(content_hrefs.values()))
+
+    # 3. Repair metadata
+    response = python_bindings.RepositoriesPythonApi.repair_metadata(
+        python_repo.pulp_href
+    )
+    monitor_task(response.task)
+
+    # 4. Check newly created metadata
+    new_metadata = [
+        (
+            "scipy-1.1.0.tar.gz",
+            "",
+            "scipy",
+            "sdist",
+            ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*",
+            "1.1.0",
+        ),
+        (
+            "scipy-1.1.0-cp36-none-win32.whl",
+            "",
+            "scipy",
+            "bdist_wheel",
+            ">=2.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*",
+            "1.1.0",
+        ),
+        ("celery-2.4.1.tar.gz", "Ask Solem", "celery", "sdist", "", "2.4.1"),
+        ("celery-4.0.0.tar.gz", "Ask Solem", "celery", "sdist", "", "4.0.0"),
+    ]
+    for filename, author, name, packagetype, requires_python, version in new_metadata:
+        new_content = python_bindings.ContentPackagesApi.read(content_hrefs[filename])
+        assert new_content.author == author
+        assert new_content.name == name
+        assert new_content.packagetype == packagetype
+        assert new_content.requires_python == requires_python
+        assert new_content.version == version