Task #6692
Add docs that Pulp's REST API is not safe for multi-user use
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:
Description
Background¶
Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.
Solution¶
Document this very clearly in these places:
- Above the changelog in the CHANGES.rst file
- To the REST API section of the architecture docs here
- To the REST API docs landing page here
- At the top of the Authentication page here
Associated revisions
History
#2
Updated by dkliban@redhat.com 8 months ago
- Sprint set to Sprint 72
#7
Updated by ttereshc 8 months ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|8c3a6da5c43dfc51910052b38f67e835b51735a1.
#8
Updated by dkliban@redhat.com 8 months ago
- Status changed from MODIFIED to CLOSED - COMPLETE
Please register to edit this issue
Add warning that REST API is not safe for multi-user use
closes #6692 https://pulp.plan.io/issues/6692