pulpcore 3.84.0__py3-none-any.whl → 3.85.0__py3-none-any.whl

pulpcore/content/__init__.py

@@ -7,7 +7,7 @@ import os
 
 from asgiref.sync import sync_to_async
 from aiohttp import web
-
+from gunicorn.arbiter import Arbiter
 import django
 
 
@@ -16,12 +16,13 @@ django.setup()
 
 from django.conf import settings  # noqa: E402: module level not at top of file
 from django.db.utils import (  # noqa: E402: module level not at top of file
+    IntegrityError,
     InterfaceError,
     DatabaseError,
 )
 
 from pulpcore.app.apps import pulp_plugin_configs  # noqa: E402: module level not at top of file
-from pulpcore.app.models import ContentAppStatus  # noqa: E402: module level not at top of file
+from pulpcore.app.models import AppStatus  # noqa: E402: module level not at top of file
 from pulpcore.app.util import get_worker_name  # noqa: E402: module level not at top of file
 
 from .handler import Handler  # noqa: E402: module level not at top of file
@@ -48,40 +49,40 @@ CONTENT_MODULE_NAME = "content"
 
 
 async def _heartbeat():
-    content_app_status = None
     name = get_worker_name()
     heartbeat_interval = settings.CONTENT_APP_TTL // 4
     msg = "Content App '{name}' heartbeat written, sleeping for '{interarrival}' seconds".format(
         name=name, interarrival=heartbeat_interval
     )
-    fail_msg = (
-        "Content App '{name}' failed to write a heartbeat to the database, sleeping for "
-        "'{interarrival}' seconds."
-    ).format(name=name, interarrival=heartbeat_interval)
+    fail_msg = ("Content App '{name}' failed to write a heartbeat to the database.").format(
+        name=name
+    )
     versions = {app.label: app.version for app in pulp_plugin_configs()}
 
+    try:
+        app_status = await AppStatus.objects.acreate(
+            name=name, app_type="content", versions=versions
+        )
+    except IntegrityError:
+        log.error(f"A content app with name {name} already exists in the database.")
+        exit(Arbiter.WORKER_BOOT_ERROR)
     try:
         while True:
+            await asyncio.sleep(heartbeat_interval)
             try:
-                content_app_status, created = await ContentAppStatus.objects.aget_or_create(
-                    name=name, defaults={"versions": versions}
-                )
-
-                if not created:
-                    await sync_to_async(content_app_status.save_heartbeat)()
-
-                    if content_app_status.versions != versions:
-                        content_app_status.versions = versions
-                        await content_app_status.asave(update_fields=["versions"])
-
+                await app_status.asave_heartbeat()
                 log.debug(msg)
             except (InterfaceError, DatabaseError):
                 await sync_to_async(Handler._reset_db_connection)()
-                log.info(fail_msg)
-            await asyncio.sleep(heartbeat_interval)
+                try:
+                    await app_status.asave_heartbeat()
+                    log.debug(msg)
+                except (InterfaceError, DatabaseError):
+                    log.error(fail_msg)
+                    exit(Arbiter.WORKER_BOOT_ERROR)
     finally:
-        if content_app_status:
-            await content_app_status.adelete()
+        if app_status:
+            await app_status.adelete()
 
 
 async def _heartbeat_ctx(app):

pulpcore/content/handler.py

@@ -705,8 +705,11 @@ class Handler:
         rel_path = rel_path[len(distro.base_path) :]
         rel_path = rel_path.lstrip("/")
 
-        if rel_path == "" and not path.endswith("/"):
-            # The root of a distribution base_path was requested without a slash
+        # Check if we need to redirect to add a trailing slash for distro root
+        if not path.endswith("/") and (
+            rel_path == ""  # Distro root
+            or (distro.checkpoint and "/" not in rel_path)  # Timestamped checkpoint root
+        ):
             raise HTTPMovedPermanently(f"{request.path}/")
 
         original_rel_path = rel_path

pulpcore/migrations.py

@@ -3,6 +3,8 @@ from packaging.version import parse as parse_version
 from django.conf import settings
 from django.utils import timezone
 from django.db.migrations.operations.base import Operation
+from django.db.models import F
+from django.db.models.functions import Now
 
 
 class RequireVersion(Operation):
@@ -22,21 +24,41 @@ class RequireVersion(Operation):
 
     def database_forwards(self, app_label, schema_editor, from_state, to_state):
         from_state.clear_delayed_apps_cache()
-        ApiAppStatus = from_state.apps.get_model("core", "ApiAppStatus")
-        ContentAppStatus = from_state.apps.get_model("core", "ContentAppStatus")
-        Worker = from_state.apps.get_model("core", "Worker")
 
         needed_version = parse_version(self.version)
         errors = []
+        found_either_table = False
 
-        for worker_class, ttl, class_name in [
-            (ApiAppStatus, settings.API_APP_TTL, "api server"),
-            (ContentAppStatus, settings.CONTENT_APP_TTL, "content server"),
-            (Worker, settings.WORKER_TTL, "pulp worker"),
-        ]:
-            for worker in worker_class.objects.filter(
-                last_heartbeat__gte=timezone.now() - timezone.timedelta(seconds=ttl)
-            ):
+        try:
+            ApiAppStatus = from_state.apps.get_model("core", "ApiAppStatus")
+            ContentAppStatus = from_state.apps.get_model("core", "ContentAppStatus")
+            Worker = from_state.apps.get_model("core", "Worker")
+        except LookupError:
+            pass
+        else:
+            for worker_class, ttl, class_name in [
+                (ApiAppStatus, settings.API_APP_TTL, "api server"),
+                (ContentAppStatus, settings.CONTENT_APP_TTL, "content server"),
+                (Worker, settings.WORKER_TTL, "pulp worker"),
+            ]:
+                for worker in worker_class.objects.filter(
+                    last_heartbeat__gte=timezone.now() - timezone.timedelta(seconds=ttl)
+                ):
+                    present_version = worker.versions.get(self.plugin)
+                    if (
+                        present_version is not None
+                        and parse_version(present_version) < needed_version
+                    ):
+                        errors.append(
+                            f"  - '{self.plugin}'='{present_version}' "
+                            f"with {class_name} '{worker.name}'"
+                        )
+
+            found_either_table = True
+
+        try:
+            AppStatus = from_state.apps.get_model("core", "AppStatus")
+            for worker in AppStatus.objects.filter(F("last_heartbeat") + F("ttl") >= Now()):
                 present_version = worker.versions.get(self.plugin)
                 if present_version is not None and parse_version(present_version) < needed_version:
                     errors.append(
@@ -44,6 +66,11 @@ class RequireVersion(Operation):
                         f"with {class_name} '{worker.name}'"
                     )
 
+            found_either_table = True
+        except LookupError:
+            pass
+
+        assert found_either_table
         if errors:
             raise RuntimeError(
                 "\n".join(

pulpcore/openapi/__init__.py

@@ -468,6 +468,14 @@ class BasicAuthenticationScheme(OpenApiAuthenticationExtension):
         }
 
 
+class PulpRemoteUserAuthenticationScheme(OpenApiAuthenticationExtension):
+    target_class = "pulpcore.app.authentication.PulpRemoteUserAuthentication"
+    name = "remoteUserAuthentication"
+
+    def get_security_definition(self, auto_schema):
+        return settings.REMOTE_USER_OPENAPI_SECURITY_SCHEME
+
+
 class JSONHeaderRemoteAuthenticationScheme(OpenApiAuthenticationExtension):
     target_class = "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     name = "json_header_remote_authentication"

pulpcore/plugin/models/__init__.py

@@ -40,6 +40,7 @@ from pulpcore.app.models import (
     TaskGroup,
     Upload,
     UploadChunk,
+    VulnerabilityReport,
 )
 
 
@@ -87,4 +88,5 @@ __all__ = [
     "UploadChunk",
     "EncryptedTextField",
     "system_id",
+    "VulnerabilityReport",
 ]

pulpcore/plugin/serializers/__init__.py

@@ -38,6 +38,7 @@ from pulpcore.app.serializers import (
     ValidateFieldsMixin,
     validate_unknown_fields,
     TaskSerializer,
+    VulnerabilityReportSerializer,
 )
 
 from .content import (
@@ -87,4 +88,5 @@ __all__ = [
     "TaskSerializer",
     "NoArtifactContentUploadSerializer",
     "SingleArtifactContentUploadSerializer",
+    "VulnerabilityReportSerializer",
 ]

pulpcore/plugin/tasking.py

@@ -12,11 +12,13 @@ from pulpcore.app.tasks import (
     orphan_cleanup,
     reclaim_space,
 )
+from pulpcore.app.tasks.vulnerability_report import check_content
 from pulpcore.app.tasks.repository import add_and_remove
 
 
 __all__ = [
     "ageneral_update",
+    "check_content",
     "dispatch",
     "fs_publication_export",
     "fs_repo_version_export",

pulpcore/plugin/viewsets/__init__.py

@@ -33,6 +33,7 @@ from pulpcore.app.viewsets import (
     RolesMixin,
     TaskGroupViewSet,
     TaskViewSet,
+    VulnerabilityReportViewSet,
 )
 
 from pulpcore.app.viewsets.custom_filters import (
@@ -89,4 +90,5 @@ __all__ = [
     "NoArtifactContentViewSet",
     "NoArtifactContentUploadViewSet",
     "SingleArtifactContentUploadViewSet",
+    "VulnerabilityReportViewSet",
 ]

pulpcore/pytest_plugin.py

@@ -608,28 +608,28 @@ def backend_settings_factory(pulp_settings):
             "bucket_name",
         ]
         keys["storages.backends.azure_storage.AzureStorage"] = [
-            "AZURE_ACCOUNT_NAME",
-            "AZURE_CONTAINER",
-            "AZURE_ACCOUNT_KEY",
-            "AZURE_URL_EXPIRATION_SECS",
-            "AZURE_OVERWRITE_FILES",
-            "AZURE_LOCATION",
-            "AZURE_CONNECTION_STRING",
+            "account_name",
+            "azure_container",
+            "account_key",
+            "expiration_secs",
+            "overwrite_files",
+            "location",
+            "connection_string",
         ]
-        settings = storage_settings or dict()
-        backend = storage_class or pulp_settings.STORAGES["default"]["BACKEND"]
-        not_defined_settings = (k for k in keys[backend] if k not in settings)
-        # The CI configures s3 with STORAGES and Azure with legacy
-        # Move all to STORAGES structure on DEFAULT_FILE_STORAGE removal
-        if backend == "storages.backends.s3boto3.S3Boto3Storage":
-            storages_dict = getattr(pulp_settings, "STORAGES", {})
-            storage_options = storages_dict.get("default", {}).get("OPTIONS", {})
-            for key in not_defined_settings:
-                settings[key] = storage_options.get(key)
-        else:
-            for key in not_defined_settings:
-                settings[key] = getattr(pulp_settings, key, None)
-        return backend, settings
+
+        def get_installation_storage_option(key, backend):
+            value = pulp_settings.STORAGES["default"]["OPTIONS"].get(key)
+            # Some FileSystem backend options may be defined in the top settings module
+            if backend == "pulpcore.app.models.storage.FileSystem" and not value:
+                value = getattr(pulp_settings, key, None)
+            return value
+
+        storage_settings = storage_settings or dict()
+        storage_backend = storage_class or pulp_settings.STORAGES["default"]["BACKEND"]
+        unset_storage_settings = (k for k in keys[storage_backend] if k not in storage_settings)
+        for key in unset_storage_settings:
+            storage_settings[key] = get_installation_storage_option(key, storage_backend)
+        return storage_backend, storage_settings
 
     return _settings_factory
 

pulpcore/tasking/worker.py

@@ -13,7 +13,7 @@ from tempfile import TemporaryDirectory
 from packaging.version import parse as parse_version
 
 from django.conf import settings
-from django.db import connection
+from django.db import connection, DatabaseError, IntegrityError
 from django.db.models import Case, Count, F, Max, Value, When
 from django.db.models.functions import Random
 from django.utils import timezone
@@ -29,8 +29,8 @@ from pulpcore.constants import (
 )
 from pulpcore.metrics import init_otel_meter
 from pulpcore.app.apps import pulp_plugin_configs
-from pulpcore.app.models import Worker, Task, ApiAppStatus, ContentAppStatus
-from pulpcore.app.util import PGAdvisoryLock, get_domain
+from pulpcore.app.models import Worker, Task, AppStatus, ApiAppStatus, ContentAppStatus
+from pulpcore.app.util import PGAdvisoryLock
 from pulpcore.exceptions import AdvisoryLockError
 
 from pulpcore.tasking.storage import WorkerDirectory
@@ -73,7 +73,14 @@ class PulpcoreWorker:
         self.last_metric_heartbeat = timezone.now()
         self.versions = {app.label: app.version for app in pulp_plugin_configs()}
         self.cursor = connection.cursor()
-        self.worker = self.handle_worker_heartbeat()
+        try:
+            self.app_status = AppStatus.objects.create(
+                name=self.name, app_type="worker", versions=self.versions
+            )
+            self.worker = self.app_status._old_status
+        except IntegrityError:
+            _logger.error(f"A worker with name {self.name} already exists in the database.")
+            exit(1)
         # This defaults to immediate task cancellation.
         # It will be set into the future on moderately graceful worker shutdown,
         # and set to None for fully graceful shutdown.
@@ -148,52 +155,48 @@ class PulpcoreWorker:
 
     def handle_worker_heartbeat(self):
         """
-        Create or update worker heartbeat records.
-
-        Existing Worker objects are searched for one to update. If an existing one is found, it is
-        updated. Otherwise a new Worker entry is created. Logging at the info level is also done.
+        Update worker heartbeat records.
 
+        If the update fails (the record was deleted, the database is unreachable, ...) the worker
+        is shut down.
         """
-        worker, created = Worker.objects.get_or_create(
-            name=self.name, defaults={"versions": self.versions}
-        )
-        if not created and worker.versions != self.versions:
-            worker.versions = self.versions
-            worker.save(update_fields=["versions"])
-
-        if created:
-            _logger.info(_("New worker '{name}' discovered").format(name=self.name))
-        elif worker.online is False:
-            _logger.info(_("Worker '{name}' is back online.").format(name=self.name))
-
-        worker.save_heartbeat()
 
         msg = "Worker heartbeat from '{name}' at time {timestamp}".format(
-            timestamp=worker.last_heartbeat, name=self.name
+            timestamp=self.app_status.last_heartbeat, name=self.name
         )
-        _logger.debug(msg)
-
-        return worker
+        try:
+            self.app_status.save_heartbeat()
+            _logger.debug(msg)
+        except (IntegrityError, DatabaseError):
+            # WARNING: Do not attempt to recycle the connection here.
+            # The advisory locks are bound to the connection and we must not loose them.
+            _logger.error(f"Updating the heartbeat of worker {self.name} failed.")
+            # TODO if shutdown_requested, we may need to be more aggressive.
+            self.shutdown_requested = True
+            self.cancel_task = True
 
     def shutdown(self):
-        self.worker.delete()
+        self.app_status.delete()
         _logger.info(_("Worker %s was shut down."), self.name)
 
     def worker_cleanup(self):
+        qs = AppStatus.objects.older_than(age=timedelta(days=7))
+        for app_worker in qs:
+            _logger.info(_("Clean missing %s worker %s."), app_worker.app_type, app_worker.name)
+        qs.delete()
         for cls, cls_name in (
             (Worker, "pulp"),
             (ApiAppStatus, "api"),
             (ContentAppStatus, "content"),
         ):
             qs = cls.objects.missing(age=timedelta(days=7))
-            if qs:
-                for app_worker in qs:
-                    _logger.info(_("Clean missing %s worker %s."), cls_name, app_worker.name)
-                qs.delete()
+            for app_worker in qs:
+                _logger.info(_("Clean missing %s worker %s."), cls_name, app_worker.name)
+            qs.delete()
 
     def beat(self):
-        if self.worker.last_heartbeat < timezone.now() - self.heartbeat_period:
-            self.worker = self.handle_worker_heartbeat()
+        if self.app_status.last_heartbeat < timezone.now() - self.heartbeat_period:
+            self.handle_worker_heartbeat()
             if not self.auxiliary:
                 self.worker_cleanup_countdown -= 1
                 if self.worker_cleanup_countdown <= 0:
@@ -217,7 +220,7 @@ class PulpcoreWorker:
         Return ``True`` if the task was actually canceled, ``False`` otherwise.
         """
         # A task is considered abandoned when in running state, but no worker holds its lock
-        domain = get_domain()
+        domain = task.pulp_domain
         try:
             task.set_canceling()
         except RuntimeError:
@@ -244,7 +247,7 @@ class PulpcoreWorker:
         return True
 
     def is_compatible(self, task):
-        domain = get_domain()
+        domain = task.pulp_domain
         unmatched_versions = [
             f"task: {label}>={version} worker: {self.versions.get(label)}"
             for label, version in task.versions.items()
@@ -427,7 +430,7 @@ class PulpcoreWorker:
         task.save(update_fields=["worker"])
         cancel_state = None
         cancel_reason = None
-        domain = get_domain()
+        domain = task.pulp_domain
         with TemporaryDirectory(dir=".") as task_working_dir_rel_path:
             task_process = Process(target=perform_task, args=(task.pk, task_working_dir_rel_path))
             task_process.start()

pulpcore/tests/functional/api/test_auth.py

@@ -13,6 +13,11 @@ from pulpcore.app import settings
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_success(pulpcore_bindings, pulp_admin_user):
     """Perform HTTP basic authentication with valid credentials.
 
@@ -33,6 +38,11 @@ def test_base_auth_success(pulpcore_bindings, pulp_admin_user):
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_failure(pulpcore_bindings, invalid_user):
     """Perform HTTP basic authentication with invalid credentials.
 
@@ -50,6 +60,11 @@ def test_base_auth_failure(pulpcore_bindings, invalid_user):
 
 
 @pytest.mark.parallel
+@pytest.mark.skipif(
+    "rest_framework.authentication.BasicAuthentication"
+    not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
+    reason="Test can't run unless BasicAuthentication is enabled",
+)
 def test_base_auth_required(pulpcore_bindings, anonymous_user):
     """Perform HTTP basic authentication with no credentials.
 
@@ -69,7 +84,7 @@ def test_base_auth_required(pulpcore_bindings, anonymous_user):
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )
@@ -98,7 +113,7 @@ def test_jq_header_remote_auth(pulpcore_bindings, anonymous_user):
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )
@@ -127,7 +142,7 @@ def test_jq_header_remote_auth_denied_by_wrong_header(pulpcore_bindings, anonymo
 @pytest.mark.parallel
 @pytest.mark.skipif(
     "django.contrib.auth.backends.RemoteUserBackend" not in settings.AUTHENTICATION_BACKENDS
-    and "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
+    or "pulpcore.app.authentication.JSONHeaderRemoteAuthentication"
     not in settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"],
     reason="Test can't run unless RemoteUserBackend and JSONHeaderRemoteAuthentication are enabled",
 )

pulpcore/tests/functional/api/test_openapi_schema.py

@@ -2,7 +2,7 @@
 
 import copy
 import json
-import os
+from pathlib import Path
 
 import pytest
 import jsonschema
@@ -10,28 +10,31 @@ import jsonschema
 from drf_spectacular import validation
 from collections import defaultdict
 
-JSON_SCHEMA_SPEC_PATH = os.path.join(
-    os.path.dirname(validation.__file__), "openapi_3_0_schema.json"
-)
-
 
 @pytest.fixture(scope="session")
-def openapi3_schema_spec():
-    with open(JSON_SCHEMA_SPEC_PATH) as fh:
-        openapi3_schema_spec = json.load(fh)
-
-    return openapi3_schema_spec
+def openapi3_schema_spec(pulp_openapi_schema):
+    schema_version = pulp_openapi_schema["openapi"]
+    if schema_version.startswith("3.0"):
+        spec_path = Path(validation.__file__).parent / "openapi_3_0_schema.json"
+    elif schema_version.startswith("3.1"):
+        spec_path = Path(validation.__file__).parent / "openapi_3_1_schema.json"
+    else:
+        pytest.fail(f"Unknown OpenAPI schema version [{schema_version}].")
+    return json.loads(spec_path.read_text())
 
 
 @pytest.fixture(scope="session")
 def openapi3_schema_with_modified_safe_chars(openapi3_schema_spec):
-    openapi3_schema_spec_copy = copy.deepcopy(openapi3_schema_spec)  # Don't modify the original
+    oas_copy = copy.deepcopy(openapi3_schema_spec)  # Don't modify the original
     # Making OpenAPI validation to accept paths starting with / and {
-    properties = openapi3_schema_spec_copy["definitions"]["Paths"]["patternProperties"]
-    properties["^\\/|{"] = properties["^\\/"]
-    del properties["^\\/"]
+    if "3.1.x" in oas_copy["description"]:
+        pattern_properties = oas_copy["$defs"]["paths"]["patternProperties"]
+        pattern_properties["^/|{"] = pattern_properties.pop("^/")
+    else:
+        pattern_properties = oas_copy["definitions"]["Paths"]["patternProperties"]
+        pattern_properties["^\\/|{"] = pattern_properties.pop("^\\/")
 
-    return openapi3_schema_spec_copy
+    return oas_copy
 
 
 @pytest.mark.parallel
@@ -68,6 +71,20 @@ def test_no_dup_operation_ids(pulp_openapi_schema):
     assert len(dup_ids) == 0, f"Duplicate operationIds found: {dup_ids}"
 
 
+@pytest.mark.parallel
+def test_remote_user_auth_security_scheme(pulp_settings, pulp_openapi_schema):
+    if (
+        "pulpcore.app.authentication.PulpRemoteUserAuthentication"
+        not in pulp_settings.REST_FRAMEWORK["DEFAULT_AUTHENTICATION_CLASSES"]
+    ):
+        pytest.skip("Test can't run unless PulpRemoteUserAuthentication is enabled.")
+
+    expected_security_scheme = pulp_settings.REMOTE_USER_OPENAPI_SECURITY_SCHEME
+    security_schemes = pulp_openapi_schema["components"]["securitySchemes"]
+
+    assert security_schemes["remoteUserAuthentication"] == expected_security_scheme
+
+
 @pytest.mark.parallel
 def test_external_auth_on_security_scheme(pulp_settings, pulp_openapi_schema):
     if (

pulpcore/tests/functional/api/using_plugin/test_checkpoint.py

@@ -87,11 +87,17 @@ class TestCheckpointDistribution:
         assert Handler._format_checkpoint_timestamp(pubs[3].pulp_created) in checkpoints_ts
 
     @pytest.mark.parallel
-    def test_no_trailing_slash_is_redirected(self, setup, http_get, distribution_base_url):
+    def test_distro_root_no_trailing_slash_is_redirected(
+        self,
+        setup,
+        http_get,
+        distribution_base_url,
+    ):
         """Test checkpoint listing when path doesn't end with a slash."""
 
         pubs, distribution = setup
 
+        # Test a checkpoint distro listing path
         response = http_get(distribution_base_url(distribution.base_url[:-1])).decode("utf-8")
         checkpoints_ts = set(re.findall(r"\d{8}T\d{6}Z", response))
 
@@ -99,6 +105,22 @@ class TestCheckpointDistribution:
         assert Handler._format_checkpoint_timestamp(pubs[1].pulp_created) in checkpoints_ts
         assert Handler._format_checkpoint_timestamp(pubs[3].pulp_created) in checkpoints_ts
 
+    @pytest.mark.parallel
+    def test_timestamped_checkpoint_no_trailing_slash_is_redirected(
+        self,
+        setup,
+        http_get,
+        checkpoint_url,
+    ):
+        """Test a timestamped checkpoint when path doesn't end with a slash."""
+
+        pubs, distribution = setup
+
+        pub_1_url = checkpoint_url(distribution, pubs[1].pulp_created)
+        response = http_get(pub_1_url[:-1]).decode("utf-8")
+
+        assert f"<h1>Index of {urlparse(pub_1_url).path}</h1>" in response
+
     @pytest.mark.parallel
     def test_exact_timestamp_is_served(self, setup, http_get, checkpoint_url):
         pubs, distribution = setup

pulpcore/tests/functional/api/using_plugin/test_proxy.py

@@ -144,7 +144,7 @@ def test_sync_https_through_https_proxy(
         manifest_path=basic_manifest_path,
         policy="on_demand",
         proxy_url=https_proxy.proxy_url,
-        tls_validation="false",
+        tls_validation=False,
     )
 
     _run_basic_sync_and_assert(file_bindings, monitor_task, remote_on_demand, file_repo)