Project

Profile

Help

Task #6692

closed

Add docs that Pulp's REST API is not safe for multi-user use

Added by bmbouter almost 4 years ago. Updated almost 4 years ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Documentation
Sprint:
Sprint 73
Quarter:

Description

Background

Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another.

Solution

Document this very clearly in these places:

  1. Above the changelog in the CHANGES.rst file
  2. To the REST API section of the architecture docs here
  3. To the REST API docs landing page here
  4. At the top of the Authentication page here

Also available in: Atom PDF