Project

Profile

Help

Task #6692

closed

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter over 2 years ago. Updated over 2 years ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here
Actions #1

Updated by bmbouter over 2 years ago

  • Description updated (diff)
Actions #2

Updated by dkliban@redhat.com over 2 years ago

  • Sprint set to Sprint 72
Actions #3

Updated by rchan over 2 years ago

  • Sprint changed from Sprint 72 to Sprint 73
Actions #4

Updated by fao89 over 2 years ago

  • Sprint/Milestone set to 3.4.0
Actions #5

Updated by ttereshc over 2 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc

Added by ttereshc over 2 years ago

Revision 8c3a6da5

Add warning that REST API is not safe for multi-user use

closes #6692 https://pulp.plan.io/issues/6692

Actions #6

Updated by pulpbot over 2 years ago

  • Status changed from ASSIGNED to POST
Actions #7

Updated by ttereshc over 2 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #8

Updated by dkliban@redhat.com over 2 years ago

  • Status changed from MODIFIED to CLOSED - COMPLETE

Also available in: Atom PDF