Project

Profile

Help

Issue #6694

RHSM CertGuard needs to only verify the path of the Distribution.base_path

Added by bmbouter over 1 year ago. Updated over 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 73
Quarter:

Description

Problem

Currently the RHSMCertGuard checks the full path which includes the /pulp/content/

Katello's certs disinclude the /pulp/content/ in their entitlement certs.

Solution

Have RHSMCertGuard only perform path checking on the Distribution.base_path

Associated revisions

Revision ff4fd03d View on GitHub
Added by bmbouter over 1 year ago

Adjust RHSM cert checking to only use base_path

The RHSMCertGuard was requiring the settings.CONTENT_PATH_PREFIX to also be one of the authorized urls in the certificate. This is not desirable due to compatability with a huge number of certificates already deployed to clients.

This PR removes the settings.CONTENT_PATH_PREFIX from the request.path so RHSMCertGuard authorization check. Now only the Distribution.base_path is expected in the client RHSM certificate.

The test are also updated with new certificates and base_paths due to authorized urls changing for RHSMCertGuard.

https://pulp.plan.io/issues/6694 closes #6694

Revision 50e42a32 View on GitHub
Added by bmbouter over 1 year ago

Unskip test and RHSM path check and debug docs

This PR add:

  • Docs with examples of how the RHSM path authorization works
  • A debugging section on how to inspect RHSM certificates for authorized paths
  • unskips a test that was failing on Travis
  • A few very small fixes that did not affect users but could have been better

https://pulp.plan.io/issues/6694 closes #6694

History

#1 Updated by fao89 over 1 year ago

  • Project changed from Pulp to CertGuard
  • Triaged changed from No to Yes
  • Sprint set to Sprint 72

#2 Updated by rchan over 1 year ago

  • Sprint changed from Sprint 72 to Sprint 73

#3 Updated by bmbouter over 1 year ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to bmbouter

#4 Updated by pulpbot over 1 year ago

  • Status changed from ASSIGNED to POST

#5 Updated by bmbouter over 1 year ago

  • Status changed from POST to MODIFIED

#6 Updated by bmbouter over 1 year ago

#7 Updated by bmbouter over 1 year ago

  • Sprint/Milestone set to 1.0.0 Release

#8 Updated by bmbouter over 1 year ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF