Project

Profile

Help

Actions
Send by e-mail Copy link

Task #6692

closed

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter over 2 years ago. Updated over 2 years ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
ttereshc
Category:
-
Sprint/Milestone:
3.4.0
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here
Actions
Copy link
 #1

Updated by bmbouter over 2 years ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by dkliban@redhat.com over 2 years ago

  • Sprint set to Sprint 72
Actions
Copy link
 #3

Updated by rchan over 2 years ago

  • Sprint changed from Sprint 72 to Sprint 73
Actions
Copy link
 #4

Updated by fao89 over 2 years ago

  • Sprint/Milestone set to 3.4.0
Actions
Copy link
 #5

Updated by ttereshc over 2 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc

Added by ttereshc over 2 years ago

Revision 8c3a6da5

Add warning that REST API is not safe for multi-user use

closes #6692 https://pulp.plan.io/issues/6692

Actions
Copy link
 #6

Updated by pulpbot over 2 years ago

  • Status changed from ASSIGNED to POST
Actions
Copy link
 #7

Updated by ttereshc over 2 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions
Copy link
 #8

Updated by dkliban@redhat.com over 2 years ago

  • Status changed from MODIFIED to CLOSED - COMPLETE
Actions
Send by e-mail Copy link

Also available in: Atom PDF