Add more Pulp Exceptions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: aKlimau

CHANGES/+add-pulp-exceptions.feature

@@ -0,0 +1 @@
+Add more Pulp Exceptions.

pulp_python/app/exceptions.py

@@ -0,0 +1,173 @@
+from gettext import gettext as _
+
+from pulpcore.plugin.exceptions import PulpException
+
+
+class ProvenanceVerificationError(PulpException):
+    """
+    Raised when provenance verification fails.
+    """
+
+    error_code = "PYT0001"
+
+    def __init__(self, message):
+        super().__init__()
+        """
+        :param message: Description of the provenance verification error
+        :type message: str
+        """
+        self.message = message
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _("Provenance verification failed: {message}").format(
+            message=self.message
+        )
+
+
+class AttestationVerificationError(PulpException):
+    """
+    Raised when attestation verification fails.
+    """
+
+    error_code = "PYT0002"
+
+    def __init__(self, message):
+        super().__init__()
+        """
+        :param message: Description of the attestation verification error
+        :type message: str
+        """
+        self.message = message
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _("Attestation verification failed: {message}").format(
+            message=self.message
+        )
+
+
+class PackageSubstitutionError(PulpException):
+    """
+    Raised when packages with the same filename but different checksums are being added.
+    """
+
+    error_code = "PYT0003"
+
+    def __init__(self, duplicates):
+        super().__init__()
+        """
+        :param duplicates: Description of duplicate packages
+        :type duplicates: str
+        """
+        self.duplicates = duplicates
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _(
+            "Found duplicate packages being added with the same filename but different "
+            "checksums. To allow this, set 'allow_package_substitution' to True on the "
+            "repository. Conflicting packages: {duplicates}"
+        ).format(duplicates=self.duplicates)
+
+
+class MissingRelativePathError(PulpException):
+    """
+    Raised when relative_path field is missing during package upload.
+    """
+
+    error_code = "PYT0005"
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _("This field is required: relative_path")
+
+
+class InvalidPythonExtensionError(PulpException):
+    """
+    Raised when a file has an invalid Python package extension.
+    """
+
+    error_code = "PYT0006"
+
+    def __init__(self, filename):
+        super().__init__()
+        """
+        :param filename: The filename with invalid extension
+        :type filename: str
+        """
+        self.filename = filename
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _(
+            "Extension on {filename} is not a valid python extension "
+            "(.whl, .exe, .egg, .tar.gz, .tar.bz2, .zip)"
+        ).format(filename=self.filename)
+
+
+class InvalidProvenanceError(PulpException):
+    """
+    Raised when uploaded provenance data is invalid.
+    """
+
+    error_code = "PYT0007"
+
+    def __init__(self, message):
+        super().__init__()
+        """
+        :param message: Description of the provenance validation error
+        :type message: str
+        """
+        self.message = message
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _(
+            "The uploaded provenance is not valid: {message}"
+        ).format(message=self.message)
+
+
+class RemoteFetchError(PulpException):
+    """
+    Raised when fetching metadata from all remotes fails.
+    """
+
+    error_code = "PYT0008"
+
+    def __init__(self, url):
+        super().__init__()
+        self.url = url
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _("Failed to fetch {url} from any remote.").format(
+            url=self.url
+        )
+
+
+class InvalidAttestationsError(PulpException):
+    """
+    Raised when attestation data cannot be validated.
+    """
+
+    error_code = "PYT0009"
+
+    def __init__(self, message):
+        super().__init__()
+        self.message = message
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _("Invalid attestations: {message}").format(
+            message=self.message
+        )
+
+
+class BlocklistedPackageError(PulpException):
+    """
+    Raised when packages matching a blocklist entry are added to a repository.
+    """
+
+    error_code = "PYT0010"
+
+    def __init__(self, blocked):
+        super().__init__()
+        self.blocked = blocked
+
+    def __str__(self):
+        return f"[{self.error_code}] " + _(
+            "Blocklisted packages cannot be added to this repository: {blocked}"
+        ).format(blocked=", ".join(self.blocked))

pulp_python/app/models.py

@@ -12,7 +12,6 @@
     BEFORE_SAVE,
     hook,
 )
-from rest_framework.serializers import ValidationError
 
 from pulpcore.plugin.models import (
     AutoAddObjPermsMixin,
@@ -31,6 +30,7 @@
 from pulpcore.plugin.responses import ArtifactResponse
 from pulpcore.plugin.util import get_domain, get_domain_pk
 
+from .exceptions import BlocklistedPackageError, PackageSubstitutionError
 from .provenance import Provenance
 from .utils import (
     PYPI_LAST_SERIAL,
@@ -412,17 +412,13 @@ def finalize_new_version(self, new_version):
 
     def _check_for_package_substitution(self, new_version):
         """
-        Raise a ValidationError if newly added packages would replace existing packages that have
-        the same filename but a different sha256 checksum.
+        Raise a PackageSubstitutionError if newly added packages would replace existing packages
+        that have the same filename but a different sha256 checksum.
         """
         qs = PythonPackageContent.objects.filter(pk__in=new_version.content)
         duplicates = collect_duplicates(qs, ("filename",))
         if duplicates:
-            raise ValidationError(
-                "Found duplicate packages being added with the same filename but different checksums. "  # noqa: E501
-                "To allow this, set 'allow_package_substitution' to True on the repository. "
-                f"Conflicting packages: {duplicates}"
-            )
+            raise PackageSubstitutionError(duplicates)
 
     def _check_blocklist(self, new_version):
         """
@@ -436,7 +432,7 @@ def _check_blocklist(self, new_version):
 
     def check_blocklist_for_packages(self, packages):
         """
-        Raise a ValidationError if any of the given packages match a blocklist entry.
+        Raise a BlocklistedPackageError if any of the given packages match a blocklist entry.
         """
         entries = PythonBlocklistEntry.objects.filter(repository=self)
         if not entries.exists():
@@ -453,11 +449,7 @@ def check_blocklist_for_packages(self, packages):
                         blocked.append(pkg.filename)
                         break
         if blocked:
-            raise ValidationError(
-                "Blocklisted packages cannot be added to this repository: {}".format(
-                    ", ".join(blocked)
-                )
-            )
+            raise BlocklistedPackageError(blocked)
 
 
 class PythonBlocklistEntry(BaseModel):

pulp_python/app/serializers.py

@@ -9,15 +9,23 @@
 from drf_spectacular.utils import extend_schema_serializer
 from packaging.requirements import Requirement
 from packaging.version import InvalidVersion, Version
-from pydantic import TypeAdapter, ValidationError
+from pydantic import TypeAdapter
+from pydantic import ValidationError as PydanticValidationError
 from pypi_attestations import AttestationError
 from rest_framework import serializers
 
 from pulpcore.plugin import models as core_models
 from pulpcore.plugin import serializers as core_serializers
+from pulpcore.plugin.exceptions import DigestValidationError
 from pulpcore.plugin.util import get_current_authenticated_user, get_domain, get_prn, reverse
 
 from pulp_python.app import models as python_models
+from pulp_python.app.exceptions import (
+    InvalidProvenanceError,
+    InvalidPythonExtensionError,
+    MissingRelativePathError,
+    ProvenanceVerificationError,
+)
 from pulp_python.app.provenance import (
     AnyPublisher,
     Attestation,
@@ -387,7 +395,7 @@ def validate_attestations(self, value):
                 attestations = TypeAdapter(list[Attestation]).validate_json(value)
             else:
                 attestations = TypeAdapter(list[Attestation]).validate_python(value)
-        except ValidationError as e:
+        except PydanticValidationError as e:
             raise serializers.ValidationError(_("Invalid attestations: {}").format(e))
         return attestations
 
@@ -421,26 +429,18 @@ def deferred_validate(self, data):
         try:
             filename = data["relative_path"]
         except KeyError:
-            raise serializers.ValidationError(detail={"relative_path": _("This field is required")})
+            raise MissingRelativePathError()
 
         artifact = data["artifact"]
         try:
             _data = artifact_to_python_content_data(filename, artifact, domain=get_domain())
         except ValueError:
-            raise serializers.ValidationError(
-                _(
-                    "Extension on {} is not a valid python extension "
-                    "(.whl, .exe, .egg, .tar.gz, .tar.bz2, .zip)"
-                ).format(filename)
-            )
+            raise InvalidPythonExtensionError(filename)
 
         if data.get("sha256") and data["sha256"] != artifact.sha256:
-            raise serializers.ValidationError(
-                detail={
-                    "sha256": _(
-                        "The uploaded artifact's sha256 checksum does not match the one provided"
-                    )
-                }
+            raise DigestValidationError(
+                actual=artifact.sha256,
+                expected=data["sha256"],
             )
 
         data.update(_data)
@@ -654,15 +654,13 @@ def deferred_validate(self, data):
         try:
             provenance = Provenance.model_validate_json(data["file"].read())
             data["provenance"] = provenance.model_dump(mode="json")
-        except ValidationError as e:
-            raise serializers.ValidationError(
-                _("The uploaded provenance is not valid: {}").format(e)
-            )
+        except PydanticValidationError as e:
+            raise InvalidProvenanceError(str(e))
         if data.pop("verify"):
             try:
                 verify_provenance(data["package"].filename, data["package"].sha256, provenance)
             except AttestationError as e:
-                raise serializers.ValidationError(_("Provenance verification failed: {}").format(e))
+                raise ProvenanceVerificationError(str(e))
         return data
 
     def retrieve(self, validated_data):

pulp_python/app/tasks/sync.py

@@ -1,7 +1,6 @@
 import asyncio
 import logging
 from functools import partial
-from gettext import gettext as _
 from urllib.parse import urljoin
 
 from aiohttp import ClientError, ClientResponseError
@@ -12,9 +11,9 @@
 from packaging.requirements import Requirement
 from pypi_attestations import Provenance
 from pypi_simple import IndexPage
-from rest_framework import serializers
 
 from pulpcore.plugin.download import HttpDownloader
+from pulpcore.plugin.exceptions import SyncError
 from pulpcore.plugin.models import Artifact, ProgressReport, Remote, Repository
 from pulpcore.plugin.stages import (
     DeclarativeArtifact,
@@ -52,7 +51,7 @@ def sync(remote_pk, repository_pk, mirror):
     repository = Repository.objects.get(pk=repository_pk)
 
     if not remote.url:
-        raise serializers.ValidationError(detail=_("A remote must have a url attribute to sync."))
+        raise SyncError("A remote must have a url attribute to sync.")
 
     first_stage = PythonBanderStage(remote)
     DeclarativeVersion(first_stage, repository, mirror).create()
@@ -115,7 +114,8 @@ async def run(self):
         url = self.remote.url.rstrip("/")
         downloader = self.remote.get_downloader(url=url)
         if not isinstance(downloader, HttpDownloader):
-            raise ValueError("Only HTTP(S) is supported for python syncing")
+            protocol = type(downloader).__name__
+            raise SyncError(f"Only HTTP(S) is supported for python syncing, got: {protocol}")
 
         async with Master(url, allow_non_https=True) as master:
             # Replace the session with the remote's downloader session

pulp_python/app/tasks/upload.py

@@ -4,10 +4,13 @@
 from django.contrib.sessions.models import Session
 from django.db import transaction
 from pydantic import TypeAdapter
+from pydantic import ValidationError as PydanticValidationError
+from pypi_attestations import AttestationError
 
 from pulpcore.plugin.models import Artifact, Content, ContentArtifact, CreatedResource
 from pulpcore.plugin.util import get_current_authenticated_user, get_domain, get_prn
 
+from pulp_python.app.exceptions import AttestationVerificationError, InvalidAttestationsError
 from pulp_python.app.models import PackageProvenance, PythonPackageContent, PythonRepository
 from pulp_python.app.provenance import (
     AnyPublisher,
@@ -123,13 +126,19 @@ def create_provenance(package, attestations, domain):
     Returns:
         the newly created PackageProvenance
     """
-    attestations = TypeAdapter(list[Attestation]).validate_python(attestations)
+    try:
+        attestations = TypeAdapter(list[Attestation]).validate_python(attestations)
+    except PydanticValidationError as e:
+        raise InvalidAttestationsError(str(e))
 
     user = get_current_authenticated_user()
     publisher = AnyPublisher(kind="Pulp User", prn=get_prn(user))
     att_bundle = AttestationBundle(publisher=publisher, attestations=attestations)
     provenance = Provenance(attestation_bundles=[att_bundle])
-    verify_provenance(package.filename, package.sha256, provenance)
+    try:
+        verify_provenance(package.filename, package.sha256, provenance)
+    except AttestationError as e:
+        raise AttestationVerificationError(str(e))
     provenance_json = provenance.model_dump(mode="json")
 
     prov_sha256 = PackageProvenance.calculate_sha256(provenance_json)