Project

Profile

Help

Task #6323

closed

[Epic] Move certguard authentication from pulp-content to apache and nginx access scripts

Added by bmbouter about 4 years ago. Updated about 4 years ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:

100%

Estimated time:
(Total: 0:00 h)
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 68
Quarter:

Description

Problem

Certificates cannot be passed as a header from the webserver that is reverse proxying to the content app because the newlines are invalid header characters. See how the current docs require the user to strip newlines here.

Also, we can't have the content app run "inside" the webserver because aiohttp doesn't run inside Apache. aiohttp is not wsgi so it won't run in Apache.

Solution

We need to move the authorization check of Content Guards to the webserver and out of the content app. In that environment it would have a PostgreSQL connection and Django models to query Distributions and ContentGuards with.


Sub-issues 3 (0 open3 closed)

Pulp - Story #6324: As a user, CertGuard checking does *not* happen in pulp-contentCLOSED - WONTFIX

Actions
Pulp - Story #6325: As a user, I have an Nginx config that performs ContentGuard authorization checkingCLOSED - WONTFIX

Actions
Pulp - Story #6326: As a user, I have an Apache config that performs ContentGuard authorization checkingCLOSED - WONTFIX

Actions

Also available in: Atom PDF