Project

Profile

Help

Story #4009

closed

Pulp - Story #3968: As a Pulp user, I can protect content I have stored in Pulp

Make CertGuard capabilities in Pulp3

Added by bmbouter over 5 years ago. Updated over 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
No
Tags:
Sprint:
Sprint 47
Quarter:

Description

In RPM for Pulp2, there is a WSGIAccessScript that uses the client script to verify the client's right to access a specific URL. This should be a RPM-specific guard that is provided by the RPM plugin.

In Pulp2 here are some links that are related:

https://github.com/pulp/pulp/tree/2-master/repoauth/pulp/repoauth <--- the actual checking code itself
https://github.com/pulp/pulp_rpm/blob/2-master/plugins/etc/httpd/conf.d/pulp_rpm.conf#L48 <---- the httpd WSGIAccessScript

We need to get some test data posted on here that can be used for development.

For crypto the Red Hat security team has recommended: https://pypi.org/project/cryptography/ as a portable crypto library for Python.

This should inherit from ContentGuard and be discoverable by core as an available ContentGuard.

Here are some field names:

class OidContentGuard(ContentGuard):

  • name 32 Charfield
  • CA certificate - TextFile (not a path) <------ note this is uploaded by the user

Related issues

Blocked by Pulp - Story #4074: As a user, the content guard logic needs to be loaded and used by the content app.CLOSED - CURRENTRELEASEjortel@redhat.com

Actions
Copied to CertGuard - Test #4363: Test the RHSMCertGuardCLOSED - DUPLICATEActions

Also available in: Atom PDF