An internal server error is raised when pushing images to Pulp with token authentication disabled

[lubosmj]

Version
pulpcore and pulp_container main branch, likely pulp_container 2.18+

Describe the bug
An internal server error is raised when an anonymous user is trying to pull content via a pull-through cache distribution with token authentication disabled. The same goes for regular image pushing. In the both cases, podman tries to check if the repository does exist. If it does not, we fall back to the pull-through caching code. The name of the pushed/pulled repository has to begin with the name of the pull-through cache distribution, e.g.,:

{
    "count": 1,
    "next": null,
    "previous": null,
    "results": [
        {
            "base_path": "docker-cache",
            "content_guard": "/pulp/api/v3/contentguards/core/content_redirect/018fde9e-c461-7815-964f-34ed9ec236d6/",
            "description": null,
            "distributions": [],
            "hidden": false,
            "name": "docker-cache",
            "namespace": "/pulp/api/v3/pulp_container/namespaces/018fde9e-c473-7dc4-9591-fe9b52e8ee76/",
            "private": false,
            "pulp_created": "2024-06-03T15:01:38.260760Z",
            "pulp_href": "/pulp/api/v3/distributions/container/pull-through/018fde9e-c553-7b27-b002-d84860722ef5/",
            "pulp_labels": {},
            "pulp_last_updated": "2024-06-03T15:01:38.260777Z",
            "remote": "/pulp/api/v3/remotes/container/pull-through/018fde9e-b931-7160-8a0f-032f737aa63a/",
            "repository": null
        }
    ]
}

podman push localhost:5001/docker-cache/library/busybox  --tls-verify=false

podman pull localhost:5001/docker-cache/pulp/test-fixture-1:ml_iii --tls-verify=false

Additional context
Traceback:

pulp_1    | pulp [2158f7489f1e43fba2f1929f068e5860]: django.request:ERROR: Internal Server Error: /v2/docker-cache/pulp/test-fixture-1/manifests/ml_iii
pulp_1    | Traceback (most recent call last):
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 286, in get_drv_pull
pulp_1    |     distribution = models.ContainerDistribution.objects.get(base_path=path)
pulp_1    |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
pulp_1    |     return getattr(self.get_queryset(), name)(*args, **kwargs)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 637, in get
pulp_1    |     raise self.model.DoesNotExist(
pulp_1    | pulp_container.app.models.ContainerDistribution.DoesNotExist: ContainerDistribution matching query does not exist.
pulp_1    | 
pulp_1    | During handling of the above exception, another exception occurred:
pulp_1    | 
pulp_1    | Traceback (most recent call last):
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 916, in get_or_create
pulp_1    |     return self.get(**kwargs), False
pulp_1    |            ^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 637, in get
pulp_1    |     raise self.model.DoesNotExist(
pulp_1    | pulp_container.app.models.ContainerRepository.DoesNotExist: ContainerRepository matching query does not exist.
pulp_1    | 
pulp_1    | During handling of the above exception, another exception occurred:
pulp_1    | 
pulp_1    | Traceback (most recent call last):
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
pulp_1    |     response = get_response(request)
pulp_1    |                ^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
pulp_1    |     response = wrapped_callback(request, *callback_args, **callback_kwargs)
pulp_1    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/views/decorators/csrf.py", line 56, in wrapper_view
pulp_1    |     return view_func(*args, **kwargs)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/rest_framework/viewsets.py", line 124, in view
pulp_1    |     return self.dispatch(request, *args, **kwargs)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 509, in dispatch
pulp_1    |     response = self.handle_exception(exc)
pulp_1    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 271, in handle_exception
pulp_1    |     response = super().handle_exception(exc)
pulp_1    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 469, in handle_exception
pulp_1    |     self.raise_uncaught_exception(exc)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
pulp_1    |     raise exc
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/rest_framework/views.py", line 506, in dispatch
pulp_1    |     response = handler(request, *args, **kwargs)
pulp_1    |                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 1012, in get
pulp_1    |     return self.handle_safe_method(request, path, pk)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 1019, in handle_safe_method
pulp_1    |     distribution, repository, repository_version = self.get_drv_pull(path)
pulp_1    |                                                    ^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 289, in get_drv_pull
pulp_1    |     return self.get_pull_through_drv(path)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/src/pulp_container/pulp_container/app/registry_api.py", line 310, in get_pull_through_drv
pulp_1    |     repository, _ = models.ContainerRepository.objects.get_or_create(
pulp_1    |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
pulp_1    |     return getattr(self.get_queryset(), name)(*args, **kwargs)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 923, in get_or_create
pulp_1    |     return self.create(**params), True
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 658, in create
pulp_1    |     obj.save(force_insert=True, using=self.db)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/pulpcore/app/models/repository.py", line 135, in save
pulp_1    |     super().save(*args, **kwargs)
pulp_1    |   File "/usr/lib64/python3.11/contextlib.py", line 81, in inner
pulp_1    |     return func(*args, **kwds)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django_lifecycle/mixins.py", line 196, in save
pulp_1    |     self._run_hooked_methods(AFTER_CREATE, **kwargs)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django_lifecycle/mixins.py", line 312, in _run_hooked_methods
pulp_1    |     method.run(self)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django_lifecycle/mixins.py", line 46, in run
pulp_1    |     self.method(instance)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django_lifecycle/decorators.py", line 119, in func
pulp_1    |     hooked_method(*args, **kwargs)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/pulpcore/app/models/access_policy.py", line 77, in add_perms
pulp_1    |     permission_class.handle_creation_hooks(self)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/pulpcore/app/access_policy.py", line 59, in handle_creation_hooks
pulp_1    |     function(**kwargs)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/pulpcore/app/models/access_policy.py", line 145, in add_roles_for_object_creator
pulp_1    |     assign_role(role, current_user, self)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/pulpcore/app/role_util.py", line 62, in assign_role
pulp_1    |     UserRole.objects.create(role=role, user=entity, content_object=obj, domain=domain)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
pulp_1    |     return getattr(self.get_queryset(), name)(*args, **kwargs)
pulp_1    |            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/query.py", line 656, in create
pulp_1    |     obj = self.model(**kwargs)
pulp_1    |           ^^^^^^^^^^^^^^^^^^^^
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django_lifecycle/mixins.py", line 76, in __init__
pulp_1    |     super().__init__(*args, **kwargs)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/base.py", line 543, in __init__
pulp_1    |     _setattr(self, field.name, rel_obj)
pulp_1    |   File "/usr/local/lib/python3.11/site-packages/django/db/models/fields/related_descriptors.py", line 266, in __set__
pulp_1    |     raise ValueError(
pulp_1    | ValueError: Cannot assign "<class 'django.contrib.auth.models.AnonymousUser'>": "UserRole.user" must be a "User" instance.

[lubosmj]

Resolution:

• never allow anonymous users to enter the get_pull_through_drv section to preserve the existing behaviour.

cc: #1623