Actions
Task #6692
closed
Add docs that Pulp's REST API is not safe for multi-user use
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:
Description
Background¶
Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.
Solution¶
Document this very clearly in these places:
- Above the changelog in the CHANGES.rst file
- To the REST API section of the architecture docs here
- To the REST API docs landing page here
- At the top of the Authentication page here
Updated by ttereshc almost 4 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ttereshc
Added by ttereshc almost 4 years ago
Updated by pulpbot almost 4 years ago
- Status changed from ASSIGNED to POST
Updated by ttereshc almost 4 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|8c3a6da5c43dfc51910052b38f67e835b51735a1.
Updated by dkliban@redhat.com almost 4 years ago
- Status changed from MODIFIED to CLOSED - COMPLETE
Actions
.
Add warning that REST API is not safe for multi-user use
closes #6692 https://pulp.plan.io/issues/6692