Project

Profile

Help

Send by e-mail

Task #6692

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter 6 months ago. Updated 5 months ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
ttereshc
Category:
-
Sprint/Milestone:
3.4.0
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here

Associated revisions

Revision 8c3a6da5 View on GitHub
Added by ttereshc 5 months ago

Add warning that REST API is not safe for multi-user use

closes #6692 https://pulp.plan.io/issues/6692

History

#1 Updated by bmbouter 6 months ago

  • Description updated (diff)

#2 Updated by dkliban@redhat.com 6 months ago

  • Sprint set to Sprint 72

#3 Updated by rchan 6 months ago

  • Sprint changed from Sprint 72 to Sprint 73

#4 Updated by fao89 5 months ago

  • Sprint/Milestone set to 3.4.0

#5 Updated by ttereshc 5 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc

#6 Updated by pulpbot 5 months ago

  • Status changed from ASSIGNED to POST

#7 Updated by ttereshc 5 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#8 Updated by dkliban@redhat.com 5 months ago

  • Status changed from MODIFIED to CLOSED - COMPLETE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF