Project

Profile

Help

Send by e-mail

Task #6692

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter about 2 months ago. Updated about 1 month ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
ttereshc
Category:
-
Sprint/Milestone:
3.4.0
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here

Associated revisions

Revision 8c3a6da5 View on GitHub
Added by ttereshc about 1 month ago

Add warning that REST API is not safe for multi-user use

closes #6692 https://pulp.plan.io/issues/6692

History

#1 Updated by bmbouter about 2 months ago

  • Description updated (diff)

#2 Updated by dkliban@redhat.com about 2 months ago

  • Sprint set to Sprint 72

#3 Updated by rchan about 2 months ago

  • Sprint changed from Sprint 72 to Sprint 73

#4 Updated by fao89 about 1 month ago

  • Sprint/Milestone set to 3.4.0

#5 Updated by ttereshc about 1 month ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc

#6 Updated by pulpbot about 1 month ago

  • Status changed from ASSIGNED to POST

#7 Updated by ttereshc about 1 month ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#8 Updated by dkliban@redhat.com about 1 month ago

  • Status changed from MODIFIED to CLOSED - COMPLETE

Please register to edit this issue

Send by e-mail

Also available in: Atom PDF