https://pulp.plan.io/https://pulp.plan.io/favicon.ico2020-07-10T13:20:49ZPulpAnsible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=593562020-07-10T13:20:49Zbmbouterbmbouter@redhat.com
<ul><li><strong>Project</strong> changed from <i>Pulp</i> to <i>Ansible Plugin</i></li></ul> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=677032021-02-16T15:47:54Zbmbouterbmbouter@redhat.com
<ul><li><strong>Tags</strong> <i>Katello</i> added</li></ul> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=677442021-02-16T17:24:32Zalikins
<ul></ul><p>What would be doing the auth checks in this scenario?</p>
<p>Would satellite be issuing and authenticating the tokens (and passing requests onto pulp_ansible / galaxy_ng)?</p>
<p>AnsibleContentGuard implies pulp_ansible (content app?) would be enforcing authentication when fetching content.
Would API use be different? Is the goal to require authentication for galaxy_ng / pulp_ansible API? And/or fetching content?</p>
<p>Are the auth tokens described here intended to be used across Satellite / galaxy_ng_pulp_ansible / tower API? ie, will
the same auth token instance be used for all the API's (and content access)?</p>
<p>I like the idea of a AnsibleContentGuard that is tied to the session auth used by galaxy_ng/pulp_ansible.</p> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=680962021-03-02T16:55:27Zalikins
<ul></ul><p>Note: "I can configure a token and auth_url" pretty much requires that auth_url points to a keycloak server</p>
<p>Or I guess, something that implements the same API...</p> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=680982021-03-02T17:00:35Zalikins
<ul></ul><p>I'd also mention that auth_url is pretty much just a special case for handling RH SSO for cloud.redhat.com.</p>
<p>I don't think it needs to be or should be implemented for other cases (short of deployment scenarios that have
keycloak servers with similar setup as sso.redhat.com).</p> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=683942021-03-08T14:56:33Zfao89
<ul><li><strong>Sprint/Milestone</strong> set to <i>1.0.0 - Candidates</i></li></ul> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=721822021-06-21T15:58:11Zgerrod
<ul><li><strong>Related to</strong> <i><a class="issue tracker-3 status-12 priority-6 priority-default closed" href="/issues/8939">Story #8939</a>: Add token authentication to pulpcore</i> added</li></ul> Ansible Plugin - Story #7118: As an ansible-galaxy CLI user, I can configure a token and auth_url and have pulp_ansible protect my contenthttps://pulp.plan.io/issues/7118?journal_id=772362021-11-17T19:43:35Zpulpbot
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/77236/diff?detail_id=77660">diff</a>)</li><li><strong>Status</strong> changed from <i>NEW</i> to <i>CLOSED - DUPLICATE</i></li></ul>