Project

Profile

Help

Story #4954

As a user, I can restrict a Distribution to serve a particular scheme

Added by bmbouter 4 months ago.

Status:
NEW
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:

Description

Problem

A user wants to configure specific repositories to serve via http, others via https, and yet others via both. The use case for https is that people want security. The use case for http is that some clients may not support https.

Solution

Add a field named allowed_scheme to BaseDistribution so it's available to all subclassed Distribution types. This is a choice field that accepts one of 3 values:

http - Only serve the request if the scheme is 'http'
https - Only serve the request if the scheme is 'https'
any - Serve all requests regardless of the scheme     <----- this is the default

Use the X-Forwarded-Proto header so Pulp can know the scheme being served in cases where TLS occurs before the reverse proxy call to Pulp. If the header is not present, the current request scheme is the one assumed.

Please register to edit this issue

Also available in: Atom PDF