pulpcore 3.83.2__py3-none-any.whl → 3.85.0__py3-none-any.whl

pulpcore/tasking/worker.py

@@ -13,8 +13,9 @@ from tempfile import TemporaryDirectory
 from packaging.version import parse as parse_version
 
 from django.conf import settings
-from django.db import connection
+from django.db import connection, DatabaseError, IntegrityError
 from django.db.models import Case, Count, F, Max, Value, When
+from django.db.models.functions import Random
 from django.utils import timezone
 
 from pulpcore.constants import (
@@ -23,11 +24,13 @@ from pulpcore.constants import (
     TASK_SCHEDULING_LOCK,
     TASK_UNBLOCKING_LOCK,
     TASK_METRICS_HEARTBEAT_LOCK,
+    TASK_WAKEUP_UNBLOCK,
+    TASK_WAKEUP_HANDLE,
 )
 from pulpcore.metrics import init_otel_meter
 from pulpcore.app.apps import pulp_plugin_configs
-from pulpcore.app.models import Worker, Task, ApiAppStatus, ContentAppStatus
-from pulpcore.app.util import PGAdvisoryLock, get_domain
+from pulpcore.app.models import Worker, Task, AppStatus, ApiAppStatus, ContentAppStatus
+from pulpcore.app.util import PGAdvisoryLock
 from pulpcore.exceptions import AdvisoryLockError
 
 from pulpcore.tasking.storage import WorkerDirectory
@@ -56,19 +59,28 @@ THRESHOLD_UNBLOCKED_WAITING_TIME = 5
 
 
 class PulpcoreWorker:
-    def __init__(self):
+    def __init__(self, auxiliary=False):
         # Notification states from several signal handlers
         self.shutdown_requested = False
-        self.wakeup = False
+        self.wakeup_unblock = False
+        self.wakeup_handle = False
         self.cancel_task = False
 
+        self.auxiliary = auxiliary
         self.task = None
         self.name = f"{os.getpid()}@{socket.getfqdn()}"
         self.heartbeat_period = timedelta(seconds=settings.WORKER_TTL / 3)
         self.last_metric_heartbeat = timezone.now()
         self.versions = {app.label: app.version for app in pulp_plugin_configs()}
         self.cursor = connection.cursor()
-        self.worker = self.handle_worker_heartbeat()
+        try:
+            self.app_status = AppStatus.objects.create(
+                name=self.name, app_type="worker", versions=self.versions
+            )
+            self.worker = self.app_status._old_status
+        except IntegrityError:
+            _logger.error(f"A worker with name {self.name} already exists in the database.")
+            exit(1)
         # This defaults to immediate task cancellation.
         # It will be set into the future on moderately graceful worker shutdown,
         # and set to None for fully graceful shutdown.
@@ -124,7 +136,17 @@ class PulpcoreWorker:
 
     def _pg_notify_handler(self, notification):
         if notification.channel == "pulp_worker_wakeup":
-            self.wakeup = True
+            if notification.payload == TASK_WAKEUP_UNBLOCK:
+                # Auxiliary workers don't do this.
+                self.wakeup_unblock = not self.auxiliary
+            elif notification.payload == TASK_WAKEUP_HANDLE:
+                self.wakeup_handle = True
+            else:
+                _logger.warn("Unknown wakeup call recieved. Reason: '%s'", notification.payload)
+                # We cannot be sure so assume everything happened.
+                self.wakeup_unblock = not self.auxiliary
+                self.wakeup_handle = True
+
         elif notification.channel == "pulp_worker_metrics_heartbeat":
             self.last_metric_heartbeat = datetime.fromisoformat(notification.payload)
         elif self.task and notification.channel == "pulp_worker_cancel":
@@ -133,64 +155,61 @@ class PulpcoreWorker:
 
     def handle_worker_heartbeat(self):
         """
-        Create or update worker heartbeat records.
-
-        Existing Worker objects are searched for one to update. If an existing one is found, it is
-        updated. Otherwise a new Worker entry is created. Logging at the info level is also done.
+        Update worker heartbeat records.
 
+        If the update fails (the record was deleted, the database is unreachable, ...) the worker
+        is shut down.
         """
-        worker, created = Worker.objects.get_or_create(
-            name=self.name, defaults={"versions": self.versions}
-        )
-        if not created and worker.versions != self.versions:
-            worker.versions = self.versions
-            worker.save(update_fields=["versions"])
-
-        if created:
-            _logger.info(_("New worker '{name}' discovered").format(name=self.name))
-        elif worker.online is False:
-            _logger.info(_("Worker '{name}' is back online.").format(name=self.name))
-
-        worker.save_heartbeat()
 
         msg = "Worker heartbeat from '{name}' at time {timestamp}".format(
-            timestamp=worker.last_heartbeat, name=self.name
+            timestamp=self.app_status.last_heartbeat, name=self.name
         )
-        _logger.debug(msg)
-
-        return worker
+        try:
+            self.app_status.save_heartbeat()
+            _logger.debug(msg)
+        except (IntegrityError, DatabaseError):
+            # WARNING: Do not attempt to recycle the connection here.
+            # The advisory locks are bound to the connection and we must not loose them.
+            _logger.error(f"Updating the heartbeat of worker {self.name} failed.")
+            # TODO if shutdown_requested, we may need to be more aggressive.
+            self.shutdown_requested = True
+            self.cancel_task = True
 
     def shutdown(self):
-        self.worker.delete()
+        self.app_status.delete()
         _logger.info(_("Worker %s was shut down."), self.name)
 
     def worker_cleanup(self):
+        qs = AppStatus.objects.older_than(age=timedelta(days=7))
+        for app_worker in qs:
+            _logger.info(_("Clean missing %s worker %s."), app_worker.app_type, app_worker.name)
+        qs.delete()
         for cls, cls_name in (
             (Worker, "pulp"),
             (ApiAppStatus, "api"),
             (ContentAppStatus, "content"),
         ):
             qs = cls.objects.missing(age=timedelta(days=7))
-            if qs:
-                for app_worker in qs:
-                    _logger.info(_("Clean missing %s worker %s."), cls_name, app_worker.name)
-                qs.delete()
+            for app_worker in qs:
+                _logger.info(_("Clean missing %s worker %s."), cls_name, app_worker.name)
+            qs.delete()
 
     def beat(self):
-        if self.worker.last_heartbeat < timezone.now() - self.heartbeat_period:
-            self.worker = self.handle_worker_heartbeat()
-            self.worker_cleanup_countdown -= 1
-            if self.worker_cleanup_countdown <= 0:
-                self.worker_cleanup_countdown = WORKER_CLEANUP_INTERVAL
-                self.worker_cleanup()
-            with contextlib.suppress(AdvisoryLockError), PGAdvisoryLock(TASK_SCHEDULING_LOCK):
-                dispatch_scheduled_tasks()
-            # This "reporting code" must not me moved inside a task, because it is supposed
-            # to be able to report on a congested tasking system to produce reliable results.
-            self.record_unblocked_waiting_tasks_metric()
-
-    def notify_workers(self):
-        self.cursor.execute("NOTIFY pulp_worker_wakeup")
+        if self.app_status.last_heartbeat < timezone.now() - self.heartbeat_period:
+            self.handle_worker_heartbeat()
+            if not self.auxiliary:
+                self.worker_cleanup_countdown -= 1
+                if self.worker_cleanup_countdown <= 0:
+                    self.worker_cleanup_countdown = WORKER_CLEANUP_INTERVAL
+                    self.worker_cleanup()
+                with contextlib.suppress(AdvisoryLockError), PGAdvisoryLock(TASK_SCHEDULING_LOCK):
+                    dispatch_scheduled_tasks()
+                # This "reporting code" must not me moved inside a task, because it is supposed
+                # to be able to report on a congested tasking system to produce reliable results.
+                self.record_unblocked_waiting_tasks_metric()
+
+    def notify_workers(self, reason="unknown"):
+        self.cursor.execute("SELECT pg_notify('pulp_worker_wakeup', %s)", (reason,))
 
     def cancel_abandoned_task(self, task, final_state, reason=None):
         """Cancel and clean up an abandoned task.
@@ -201,7 +220,7 @@ class PulpcoreWorker:
         Return ``True`` if the task was actually canceled, ``False`` otherwise.
         """
         # A task is considered abandoned when in running state, but no worker holds its lock
-        domain = get_domain()
+        domain = task.pulp_domain
         try:
             task.set_canceling()
         except RuntimeError:
@@ -224,11 +243,11 @@ class PulpcoreWorker:
         delete_incomplete_resources(task)
         task.set_canceled(final_state=final_state, reason=reason)
         if task.reserved_resources_record:
-            self.notify_workers()
+            self.notify_workers(TASK_WAKEUP_UNBLOCK)
         return True
 
     def is_compatible(self, task):
-        domain = get_domain()
+        domain = task.pulp_domain
         unmatched_versions = [
             f"task: {label}>={version} worker: {self.versions.get(label)}"
             for label, version in task.versions.items()
@@ -249,10 +268,31 @@ class PulpcoreWorker:
     def unblock_tasks(self):
         """Iterate over waiting tasks and mark them unblocked accordingly.
 
-        Returns `True` if at least one task was unblocked. `False` otherwise.
+        This function also handles the communication around it.
+        In order to prevent multiple workers to attempt unblocking tasks at the same time it tries
+        to acquire a lock and just returns on failure to do so.
+        Also it clears the notification about tasks to be unblocked and sends the notification that
+        new unblocked tasks are made available.
+
+        Returns the number of new unblocked tasks.
         """
 
-        changed = False
+        assert not self.auxiliary
+
+        count = 0
+        self.wakeup_unblock_tasks = False
+        with contextlib.suppress(AdvisoryLockError), PGAdvisoryLock(TASK_UNBLOCKING_LOCK):
+            if count := self._unblock_tasks():
+                self.notify_workers(TASK_WAKEUP_HANDLE)
+        return count
+
+    def _unblock_tasks(self):
+        """Iterate over waiting tasks and mark them unblocked accordingly.
+
+        Returns the number of new unblocked tasks.
+        """
+
+        count = 0
         taken_exclusive_resources = set()
         taken_shared_resources = set()
         # When batching this query, be sure to use "pulp_created" as a cursor
@@ -280,7 +320,7 @@ class PulpcoreWorker:
                         task.pulp_domain.name,
                     )
                     task.unblock()
-                    changed = True
+                    count += 1
                 # Don't consider this task's resources as held.
                 continue
 
@@ -301,7 +341,7 @@ class PulpcoreWorker:
                     task.pulp_domain.name,
                 )
                 task.unblock()
-                changed = True
+                count += 1
             elif task.state == TASK_STATES.RUNNING and task.unblocked_at is None:
                 # This should not happen in normal operation.
                 # And it is only an issue if the worker running that task died, because it will
@@ -318,7 +358,7 @@ class PulpcoreWorker:
             taken_exclusive_resources.update(exclusive_resources)
             taken_shared_resources.update(shared_resources)
 
-        return changed
+        return count
 
     def iter_tasks(self):
         """Iterate over ready tasks and yield each task while holding the lock."""
@@ -327,7 +367,7 @@ class PulpcoreWorker:
             for task in Task.objects.filter(
                 state__in=TASK_INCOMPLETE_STATES,
                 unblocked_at__isnull=False,
-            ).order_by("-immediate", "pulp_created"):
+            ).order_by("-immediate", F("pulp_created") + Value(timedelta(seconds=8)) * Random()):
                 # This code will only be called if we acquired the lock successfully
                 # The lock will be automatically be released at the end of the block
                 with contextlib.suppress(AdvisoryLockError), task:
@@ -366,16 +406,18 @@ class PulpcoreWorker:
         """Wait for signals on the wakeup channel while heart beating."""
 
         _logger.debug(_("Worker %s entering sleep state."), self.name)
-        while not self.shutdown_requested and not self.wakeup:
+        while not self.shutdown_requested and not self.wakeup_handle:
             r, w, x = select.select(
                 [self.sentinel, connection.connection], [], [], self.heartbeat_period.seconds
             )
             self.beat()
             if connection.connection in r:
                 connection.connection.execute("SELECT 1")
+                if self.wakeup_unblock:
+                    self.unblock_tasks()
             if self.sentinel in r:
                 os.read(self.sentinel, 256)
-        self.wakeup = False
+        _logger.debug(_("Worker %s leaving sleep state."), self.name)
 
     def supervise_task(self, task):
         """Call and supervise the task process while heart beating.
@@ -388,7 +430,7 @@ class PulpcoreWorker:
         task.save(update_fields=["worker"])
         cancel_state = None
         cancel_reason = None
-        domain = get_domain()
+        domain = task.pulp_domain
         with TemporaryDirectory(dir=".") as task_working_dir_rel_path:
             task_process = Process(target=perform_task, args=(task.pk, task_working_dir_rel_path))
             task_process.start()
@@ -424,12 +466,8 @@ class PulpcoreWorker:
                         )
                         cancel_state = TASK_STATES.CANCELED
                         self.cancel_task = False
-                    if self.wakeup:
-                        with contextlib.suppress(AdvisoryLockError), PGAdvisoryLock(
-                            TASK_UNBLOCKING_LOCK
-                        ):
-                            self.unblock_tasks()
-                        self.wakeup = False
+                    if self.wakeup_unblock:
+                        self.unblock_tasks()
                 if task_process.sentinel in r:
                     if not task_process.is_alive():
                         break
@@ -471,10 +509,10 @@ class PulpcoreWorker:
             if cancel_state:
                 self.cancel_abandoned_task(task, cancel_state, cancel_reason)
         if task.reserved_resources_record:
-            self.notify_workers()
+            self.notify_workers(TASK_WAKEUP_UNBLOCK)
         self.task = None
 
-    def handle_available_tasks(self):
+    def handle_unblocked_tasks(self):
         """Pick and supervise tasks until there are no more available tasks.
 
         Failing to detect new available tasks can lead to a stuck state, as the workers
@@ -483,11 +521,9 @@ class PulpcoreWorker:
         """
         keep_looping = True
         while keep_looping and not self.shutdown_requested:
-            try:
-                with PGAdvisoryLock(TASK_UNBLOCKING_LOCK):
-                    keep_looping = self.unblock_tasks()
-            except AdvisoryLockError:
-                keep_looping = True
+            # Clear pending wakeups. We are about to handle them anyway.
+            self.wakeup_handle = False
+            keep_looping = False
             for task in self.iter_tasks():
                 keep_looping = True
                 self.supervise_task(task)
@@ -538,14 +574,19 @@ class PulpcoreWorker:
             self.cursor.execute("LISTEN pulp_worker_cancel")
             self.cursor.execute("LISTEN pulp_worker_metrics_heartbeat")
             if burst:
-                self.handle_available_tasks()
+                if not self.auxiliary:
+                    # Attempt to flush the task queue completely.
+                    # Stop iteration if no new tasks were found to unblock.
+                    while self.unblock_tasks():
+                        self.handle_unblocked_tasks()
+                self.handle_unblocked_tasks()
             else:
                 self.cursor.execute("LISTEN pulp_worker_wakeup")
                 while not self.shutdown_requested:
                     # do work
                     if self.shutdown_requested:
                         break
-                    self.handle_available_tasks()
+                    self.handle_unblocked_tasks()
                     if self.shutdown_requested:
                         break
                     # rest until notified to wakeup

pulpcore/tests/functional/api/test_auth.py

@@ -13,6 +13,11 @@ from pulpcore.app import settings
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_success(pulpcore_bindings, pulp_admin_user):
     """Perform HTTP basic authentication with valid credentials.
 
@@ -33,6 +38,11 @@ def test_base_auth_success(pulpcore_bindings, pulp_admin_user):
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_failure(pulpcore_bindings, invalid_user):
     """Perform HTTP basic authentication with invalid credentials.
 
@@ -50,6 +60,11 @@ def test_base_auth_failure(pulpcore_bindings, invalid_user):
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_required(pulpcore_bindings, anonymous_user):
     """Perform HTTP basic authentication with no credentials.
 
@@ -69,7 +84,7 @@ def test_base_auth_required(pulpcore_bindings, anonymous_user):
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )
@@ -98,7 +113,7 @@ def test_jq_header_remote_auth(pulpcore_bindings, anonymous_user):
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )
@@ -127,7 +142,7 @@ def test_jq_header_remote_auth_denied_by_wrong_header(pulpcore_bindings, anonymo
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )

pulpcore/tests/functional/api/test_login.py

@@ -1,5 +1,8 @@
 import http
 import pytest
+import uuid
+
+from urllib.parse import urlparse
 
 pytestmark = [pytest.mark.parallel]
 
@@ -20,27 +23,43 @@ def _fix_response_headers(monkeypatch, pulpcore_bindings):
 
 
 @pytest.fixture
-def session_user(pulpcore_bindings, gen_user, anonymous_user):
-    old_cookie = pulpcore_bindings.client.cookie
-    user = gen_user()
-    with user:
-        response = pulpcore_bindings.LoginApi.login_with_http_info()
-        if isinstance(response, tuple):
-            # old bindings
-            _, _, headers = response
-        else:
-            # new bindings
-            headers = response.headers
-    cookie_jar = http.cookies.SimpleCookie(headers["Set-Cookie"])
-    # Use anonymous_user to remove the basic auth header from the api client.
-    with anonymous_user:
-        pulpcore_bindings.client.cookie = "; ".join(
-            (f"{k}={v.value}" for k, v in cookie_jar.items())
-        )
-        # Weird: You need to pass the CSRFToken as a header not a cookie...
-        pulpcore_bindings.client.set_default_header("X-CSRFToken", cookie_jar["csrftoken"].value)
-        yield user
-        pulpcore_bindings.client.cookie = old_cookie
+def session_user(pulpcore_bindings, gen_user, bindings_cfg):
+    class SessionUser(gen_user):
+        def __enter__(self):
+            """
+            Mimic the behavior of a session user (aka what browsers do).
+
+            - Set auth to None so client will use the session cookie
+            - Set X-CSRFToken header since we are posting JSON instead of form data
+            (Django creates a hidden input field for the CSRF token when using forms)
+            - Set Origin and Host headers so Django CSRF middleware will allow the request
+            (Browsers send these headers and it is needed when using HTTPS)
+            """
+            self.old_cookie = pulpcore_bindings.client.cookie
+            super().__enter__()
+            response = pulpcore_bindings.LoginApi.login_with_http_info()
+            if isinstance(response, tuple):
+                # old bindings
+                _, _, headers = response
+            else:
+                # new bindings
+                headers = response.headers
+            cookie_jar = http.cookies.SimpleCookie(headers["Set-Cookie"])
+            self.cookie = "; ".join((f"{k}={v.value}" for k, v in cookie_jar.items()))
+            self.csrf_token = cookie_jar["csrftoken"].value
+            self.session_id = cookie_jar["sessionid"].value
+            bindings_cfg.username, bindings_cfg.password = None, None
+            pulpcore_bindings.client.cookie = self.cookie
+            pulpcore_bindings.client.set_default_header("X-CSRFToken", self.csrf_token)
+            pulpcore_bindings.client.set_default_header("Origin", bindings_cfg.host)
+            pulpcore_bindings.client.set_default_header("Host", urlparse(bindings_cfg.host).netloc)
+            return self
+
+        def __exit__(self, exc_type, exc_value, traceback):
+            super().__exit__(exc_type, exc_value, traceback)
+            pulpcore_bindings.client.cookie = self.old_cookie
+
+    return SessionUser
 
 
 def test_login_read_denies_anonymous(pulpcore_bindings, anonymous_user):
@@ -83,20 +102,31 @@ def test_login_sets_session_cookie(pulpcore_bindings, gen_user):
     assert cookie_jar["csrftoken"].value != ""
 
 
-def test_session_cookie_is_authorization(pulpcore_bindings, anonymous_user, session_user):
-    result = pulpcore_bindings.LoginApi.login_read()
-    assert result.username == session_user.username
+def test_session_cookie_is_authorization(pulpcore_bindings, session_user):
+    with session_user() as user:
+        result = pulpcore_bindings.LoginApi.login_read()
+        assert result.username == user.username
+        assert pulpcore_bindings.client.configuration.username is None
+
+
+def test_session_cookie_object_create(pulpcore_bindings, session_user, gen_object_with_cleanup):
+    with session_user(model_roles=["core.rbaccontentguard_creator"]):
+        assert pulpcore_bindings.client.configuration.username is None
+        gen_object_with_cleanup(pulpcore_bindings.ContentguardsRbacApi, {"name": str(uuid.uuid4())})
 
 
 def test_logout_removes_sessionid(pulpcore_bindings, session_user):
-    response = pulpcore_bindings.LoginApi.logout_with_http_info()
-    if isinstance(response, tuple):
-        # old bindings
-        _, status_code, headers = response
-    else:
-        # new bindings
-        status_code = response.status_code
-        headers = response.headers
+    with session_user() as user:
+        assert user.session_id != ""
+        assert user.session_id in pulpcore_bindings.client.cookie
+        response = pulpcore_bindings.LoginApi.logout_with_http_info()
+        if isinstance(response, tuple):
+            # old bindings
+            _, status_code, headers = response
+        else:
+            # new bindings
+            status_code = response.status_code
+            headers = response.headers
     assert status_code == 204
     cookie_jar = http.cookies.SimpleCookie(headers["Set-Cookie"])
     assert cookie_jar["sessionid"].value == ""

pulpcore/tests/functional/api/test_openapi_schema.py

@@ -2,7 +2,7 @@
 
 import copy
 import json
-import os
+from pathlib import Path
 
 import pytest
 import jsonschema
@@ -10,28 +10,31 @@ import jsonschema
 from drf_spectacular import validation
 from collections import defaultdict
 
-JSON_SCHEMA_SPEC_PATH = os.path.join(
-    os.path.dirname(validation.__file__), "openapi_3_0_schema.json"
-)
-
 
 @pytest.fixture(scope="session")
-def openapi3_schema_spec():
-    with open(JSON_SCHEMA_SPEC_PATH) as fh:
-        openapi3_schema_spec = json.load(fh)
-
-    return openapi3_schema_spec
+def openapi3_schema_spec(pulp_openapi_schema):
+    schema_version = pulp_openapi_schema["openapi"]
+    if schema_version.startswith("3.0"):
+        spec_path = Path(validation.__file__).parent / "openapi_3_0_schema.json"
+    elif schema_version.startswith("3.1"):
+        spec_path = Path(validation.__file__).parent / "openapi_3_1_schema.json"
+    else:
+        pytest.fail(f"Unknown OpenAPI schema version [{schema_version}].")
+    return json.loads(spec_path.read_text())
 
 
 @pytest.fixture(scope="session")
 def openapi3_schema_with_modified_safe_chars(openapi3_schema_spec):
-    openapi3_schema_spec_copy = copy.deepcopy(openapi3_schema_spec)  # Don't modify the original
+    oas_copy = copy.deepcopy(openapi3_schema_spec)  # Don't modify the original
     # Making OpenAPI validation to accept paths starting with / and {
-    properties = openapi3_schema_spec_copy["definitions"]["Paths"]["patternProperties"]
-    properties["^\\/|{"] = properties["^\\/"]
-    del properties["^\\/"]
+    if "3.1.x" in oas_copy["description"]:
+        pattern_properties = oas_copy["$defs"]["paths"]["patternProperties"]
+        pattern_properties["^/|{"] = pattern_properties.pop("^/")
+    else:
+        pattern_properties = oas_copy["definitions"]["Paths"]["patternProperties"]
+        pattern_properties["^\\/|{"] = pattern_properties.pop("^\\/")
 
-    return openapi3_schema_spec_copy
+    return oas_copy
 
 
 @pytest.mark.parallel
@@ -68,6 +71,20 @@ def test_no_dup_operation_ids(pulp_openapi_schema):
     assert len(dup_ids) == 0, f"Duplicate operationIds found: {dup_ids}"
 
 
+@pytest.mark.parallel
+def test_remote_user_auth_security_scheme(pulp_settings, pulp_openapi_schema):
+    if (
+        "pulpcore.app.authentication.PulpRemoteUserAuthentication"
+        not in pulp_settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"]
+    ):
+        pytest.skip("Test can't run unless PulpRemoteUserAuthentication is enabled.")
+
+    expected_security_scheme = pulp_settings.REMOTE_USER_OPENAPI_SECURITY_SCHEME
+    security_schemes = pulp_openapi_schema["components"]["securitySchemes"]
+
+    assert security_schemes["remoteUserAuthentication"] == expected_security_scheme
+
+
 @pytest.mark.parallel
 def test_external_auth_on_security_scheme(pulp_settings, pulp_openapi_schema):
     if (

pulpcore/tests/functional/api/using_plugin/test_checkpoint.py

@@ -87,11 +87,17 @@ class TestCheckpointDistribution:
         assert Handler._format_checkpoint_timestamp(pubs[3].pulp_created) in checkpoints_ts
 
     @pytest.mark.parallel
-    def test_no_trailing_slash_is_redirected(self, setup, http_get, distribution_base_url):
+    def test_distro_root_no_trailing_slash_is_redirected(
+        self,
+        setup,
+        http_get,
+        distribution_base_url,
+    ):
         """Test checkpoint listing when path doesn't end with a slash."""
 
         pubs, distribution = setup
 
+        # Test a checkpoint distro listing path
         response = http_get(distribution_base_url(distribution.base_url[:-1])).decode("utf-8")
         checkpoints_ts = set(re.findall(r"\d{8}T\d{6}Z", response))
 
@@ -99,6 +105,22 @@ class TestCheckpointDistribution:
         assert Handler._format_checkpoint_timestamp(pubs[1].pulp_created) in checkpoints_ts
         assert Handler._format_checkpoint_timestamp(pubs[3].pulp_created) in checkpoints_ts
 
+    @pytest.mark.parallel
+    def test_timestamped_checkpoint_no_trailing_slash_is_redirected(
+        self,
+        setup,
+        http_get,
+        checkpoint_url,
+    ):
+        """Test a timestamped checkpoint when path doesn't end with a slash."""
+
+        pubs, distribution = setup
+
+        pub_1_url = checkpoint_url(distribution, pubs[1].pulp_created)
+        response = http_get(pub_1_url[:-1]).decode("utf-8")
+
+        assert f"<h1>Index of {urlparse(pub_1_url).path}</h1>" in response
+
     @pytest.mark.parallel
     def test_exact_timestamp_is_served(self, setup, http_get, checkpoint_url):
         pubs, distribution = setup