Project

Profile

Help

Issue #3413

closed

"http" and "https" options in distribution have no effect

Added by Ichimonji10 almost 5 years ago. Updated over 3 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 34
Quarter:

Description

Let's say I create a distribution by making an HTTP POST request to /api/v3/distributions/, with the following JSON body:

{
  "base_path": "my-base-path",
  "http": false,
  "https": false,
  "name": "distribution-name",
  "publication": "http://pulp-3.example.com:8000/api/v3/publications/publication-id/",
}

This will return a distribution:

{
  "_href": "http://pulp-3.example.com:8000/api/v3/distributions/distribution-name/",
  "base_path": "my-base-path",
  "base_url": "pulp-3.example.com:8000/content/my-base-path",
  "http": false,
  "https": false,
  "name": "distribution-name",
  "publication": "http://pulp-3.example.com:8000/api/v3/publications/publication-id/",
  "publisher": null,
  "repository": null
}

Furthermore, let's say that the publication at …/api/v3/publications/publication-id/ contains a file named 1.iso. At which URLs are this file available? None at all. Right? After all, both "http" and "https" are false. Unfortunately, one can still GET the files at the following URLs:

  • http://pulp-3.example.com:8000/content/my-base-path/1.iso
  • https://pulp-3.example.com:8000/content/my-base-path/1.iso

Related issues

Related to Pulp - Issue #3416: Pulp 3 Jenkins jobs use the development webserverCLOSED - WONTFIXActions
Related to Pulp - Issue #3451: Remove http and https options on distributionsCLOSED - CURRENTRELEASEdaviddavisActions
Actions #1

Updated by Ichimonji10 almost 5 years ago

  • Description updated (diff)
Actions #2

Updated by daviddavis almost 5 years ago

  • Project changed from File Support to Pulp
Actions #3

Updated by dalley almost 5 years ago

  • Sprint/Milestone set to 56
  • Triaged changed from No to Yes
Actions #4

Updated by bmbouter over 4 years ago

  • Sprint set to Sprint 33
Actions #5

Updated by bmbouter over 4 years ago

  • Sprint/Milestone deleted (56)
Actions #6

Updated by dalley over 4 years ago

  • Related to Issue #3416: Pulp 3 Jenkins jobs use the development webserver added
Actions #7

Updated by dkliban@redhat.com over 4 years ago

We should just remove the http and https properties from the Distribution model.

Pulp is not in the business of providing SSL encryption. Web servers should be used to enforce SSL connections.

Actions #8

Updated by Ichimonji10 over 4 years ago

That solution would solve this issue. And from my personal experience in deploying web applications, shoveling that reponsibility onto a web server tends to work well.

Actions #9

Updated by jortel@redhat.com over 4 years ago

The proposal to remove the http & https attributes for the MVP is fine. The plan was always to delegate the SSL responsibilities to an external web server. There was another use case that required the content app to enforce the permitted schemes but I don't remember what it was.

Actions #10

Updated by jortel@redhat.com over 4 years ago

  • Sprint changed from Sprint 33 to Sprint 34
Actions #11

Updated by daviddavis over 4 years ago

  • Related to Issue #3451: Remove http and https options on distributions added
Actions #12

Updated by daviddavis over 4 years ago

  • Status changed from NEW to CLOSED - WONTFIX

Closing out in favor of https://pulp.plan.io/issues/3451

Actions #13

Updated by daviddavis over 3 years ago

  • Sprint/Milestone set to 3.0.0
Actions #14

Updated by bmbouter over 3 years ago

  • Tags deleted (Pulp 3)

Also available in: Atom PDF