The command `pulp-vulnerability show --href` accepts any href

[pedro-psb]

Summary

The command effectively acts like the pulp show --href, accepting any kind of href.

I found that because pulp_python vuln report test does that (takes a task where it really wanted to take a vulnerability report). Tested with a few other resources and concluded it can take anything.

Steps to reproduce

# grab a task (there is usually one available)
TASK_HREF=$(pulp task list | jq -r '.[0].pulp_href')

# show task info with vuln report command
pulp vulnerability-report show --href "$TASK_HREF"

Expected behavior

It should error for resources which are not vulnerability reports.

Stacktrace/Error log

No applicable.

Pulp and pulp-cli version info

$ pulp --version
Pulp3 Command Line Interface, Version 0.40.0
Plugin Versions:
  common: 0.40.0

$ pulp status
{
  "versions": [
    {
      "component": "core",
      "version": "3.113.0.dev",
      "package": "pulpcore",
      "module": "pulpcore.app",
      "domain_compatible": true
    },
    {
      "component": "certguard",
      "version": "3.113.0.dev",
      "package": "pulpcore",
      "module": "pulp_certguard.app",
      "domain_compatible": true
    },
    {
      "component": "file",
      "version": "3.113.0.dev",
      "package": "pulpcore",
      "module": "pulp_file.app",
      "domain_compatible": true
    },
    {
      "component": "python",
      "version": "3.32.0.dev",
      "package": "pulp-python",
      "module": "pulp_python.app",
      "domain_compatible": true
    },
    {
      "component": "rpm",
      "version": "3.38.0.dev",
      "package": "pulp-rpm",
      "module": "pulp_rpm.app",
      "domain_compatible": true
    }
  ],
(...)

Additional context

[pedro-psb]

If pulp vulnerability-report show only accepts the vuln report href, it doesn't make much sense in having that over just using pulp show.

Maybe to justify it's existence we could add the option to provide a repository version href/prn or a content href/prn, which then makes a two step action (get repover/content to get vuln report href -> get vuln report result) into one (get vuln report result using repover/content href directly).

[pedro-psb]

Also, it doesn't accept href with query arguments (which may be fine, if there are options to just provide the repository version or content):

$ uv run --isolated pulp vulnerability-report show --href /pulp/api/v3/vuln_report/?repo_versions=prn:core.repositoryversion:019ebc46-7c91-7238-9709-119839e62d59
Installed 60 packages in 51ms
Error: '/pulp/api/v3/vuln_report/?repo_versions=prn:core.repositoryversion:019ebc46-7c91-7238-9709-119839e62d59' is not a valid HREF value for a vulnerability report

$ uv run --isolated pulp show --href /pulp/api/v3/vuln_report/?repo_versions=prn:core.repositoryversion:019ebc46-7c91-7238-9709-119839e62d59
Installed 60 packages in 53ms
{
  "count": 0,
  "next": null,
  "previous": null,
  "results": []
}