Actions
Task #6692
closedAdd docs that Pulp's REST API is not safe for multi-user use
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:
Description
Background¶
Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.
Solution¶
Document this very clearly in these places:
- Above the changelog in the CHANGES.rst file
- To the REST API section of the architecture docs here
- To the REST API docs landing page here
- At the top of the Authentication page here
Actions
Add warning that REST API is not safe for multi-user use
closes #6692 https://pulp.plan.io/issues/6692