Project

Profile

Help

Story #7623

Rest API to expose pulp settings

Added by paji@redhat.com over 1 year ago. Updated over 1 year ago.

Status:
CLOSED - WONTFIX
Priority:
Normal
Assignee:
-
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Katello
Sprint:
Quarter:

Description

Pulp needs to expose things in settings like ALLOWED_IMPORT_PATHS, ALLOWED_EXPORT_PATHS with a Rest API. Katello and other tools using pulp3 can then use that for internal validation. You could do it either as a part of status check where you list the configuration or create a new api

History

#1 Updated by daviddavis over 1 year ago

  • Tags Katello added

#2 Updated by fao89 over 1 year ago

  • Tracker changed from Issue to Story
  • % Done set to 0
  • Severity deleted (2. Medium)
  • Triaged deleted (No)

#3 Updated by bmbouter over 1 year ago

I'm concerned about the security implications of this feature because administrators put secrets in settings.

How can we do this another way? How does Katello set these settings? One naive idea is that however the settings are set, they could be read that same way. @paji what do you think about this approach?

#4 Updated by paji@redhat.com over 1 year ago

""I'm concerned about the security implications of this feature because administrators put secrets in settings.""

You are going to have to be picky on what you choose to expose.

""One naive idea is that however the settings are set, they could be read that same way""

Tried this out already. Doesn't really work since pulp and katello can be on 2 different machines. While /var/lib/pulp is likely to be shared /etc/pulp may not be. Open for other ideas here.

#5 Updated by bmbouter over 1 year ago

How are these settings set initially?

#6 Updated by daviddavis over 1 year ago

  • Status changed from NEW to CLOSED - WONTFIX

Talked with katello and we'll support their need through use of dry run functionality #7549

Also available in: Atom PDF