Actions
Task #6323
closed[Epic] Move certguard authentication from pulp-content to apache and nginx access scripts
Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Start date:
Due date:
% Done:
100%
Estimated time:
(Total: 0:00 h)
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 68
Quarter:
Description
Problem¶
Certificates cannot be passed as a header from the webserver that is reverse proxying to the content app because the newlines are invalid header characters. See how the current docs require the user to strip newlines here.
Also, we can't have the content app run "inside" the webserver because aiohttp doesn't run inside Apache. aiohttp is not wsgi so it won't run in Apache.
Solution¶
We need to move the authorization check of Content Guards to the webserver and out of the content app. In that environment it would have a PostgreSQL connection and Django models to query Distributions and ContentGuards with.
Actions