Project

Profile

Help

Issue #3413

"http" and "https" options in distribution have no effect

Added by Ichimonji10 over 1 year ago. Updated 6 months ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
Start date:
Due date:
Severity:
2. Medium
Version:
Platform Release:
Blocks Release:
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:
Sprint 34

Description

Let's say I create a distribution by making an HTTP POST request to /api/v3/distributions/, with the following JSON body:

{
  "base_path": "my-base-path",
  "http": false,
  "https": false,
  "name": "distribution-name",
  "publication": "http://pulp-3.example.com:8000/api/v3/publications/publication-id/",
}

This will return a distribution:

{
  "_href": "http://pulp-3.example.com:8000/api/v3/distributions/distribution-name/",
  "base_path": "my-base-path",
  "base_url": "pulp-3.example.com:8000/content/my-base-path",
  "http": false,
  "https": false,
  "name": "distribution-name",
  "publication": "http://pulp-3.example.com:8000/api/v3/publications/publication-id/",
  "publisher": null,
  "repository": null
}

Furthermore, let's say that the publication at …/api/v3/publications/publication-id/ contains a file named 1.iso. At which URLs are this file available? None at all. Right? After all, both "http" and "https" are false. Unfortunately, one can still GET the files at the following URLs:

  • http://pulp-3.example.com:8000/content/my-base-path/1.iso
  • https://pulp-3.example.com:8000/content/my-base-path/1.iso

Related issues

Related to Pulp - Issue #3416: Pulp 3 Jenkins jobs use the development webserver CLOSED - WONTFIX Actions
Related to Pulp - Issue #3451: Remove http and https options on distributions MODIFIED Actions

History

#1 Updated by Ichimonji10 over 1 year ago

  • Description updated (diff)

#2 Updated by daviddavis over 1 year ago

  • Project changed from File Support to Pulp

#3 Updated by dalley over 1 year ago

  • Sprint/Milestone set to 56
  • Triaged changed from No to Yes

#4 Updated by bmbouter over 1 year ago

  • Sprint set to Sprint 33

#5 Updated by bmbouter over 1 year ago

  • Sprint/Milestone deleted (56)

#6 Updated by dalley over 1 year ago

  • Related to Issue #3416: Pulp 3 Jenkins jobs use the development webserver added

#7 Updated by dkliban@redhat.com over 1 year ago

We should just remove the http and https properties from the Distribution model.

Pulp is not in the business of providing SSL encryption. Web servers should be used to enforce SSL connections.

#8 Updated by Ichimonji10 over 1 year ago

That solution would solve this issue. And from my personal experience in deploying web applications, shoveling that reponsibility onto a web server tends to work well.

#9 Updated by jortel@redhat.com over 1 year ago

The proposal to remove the http & https attributes for the MVP is fine. The plan was always to delegate the SSL responsibilities to an external web server. There was another use case that required the content app to enforce the permitted schemes but I don't remember what it was.

#10 Updated by jortel@redhat.com over 1 year ago

  • Sprint changed from Sprint 33 to Sprint 34

#11 Updated by daviddavis over 1 year ago

  • Related to Issue #3451: Remove http and https options on distributions added

#12 Updated by daviddavis over 1 year ago

  • Status changed from NEW to CLOSED - WONTFIX

Closing out in favor of https://pulp.plan.io/issues/3451

#13 Updated by daviddavis 6 months ago

  • Sprint/Milestone set to 3.0

#14 Updated by bmbouter 6 months ago

  • Tags deleted (Pulp 3)

Please register to edit this issue

Also available in: Atom PDF