Story #7623
closed
Rest API to expose pulp settings
0%
Description
Pulp needs to expose things in settings like ALLOWED_IMPORT_PATHS, ALLOWED_EXPORT_PATHS with a Rest API. Katello and other tools using pulp3 can then use that for internal validation. You could do it either as a part of status check where you list the configuration or create a new api
Updated by fao89 over 3 years ago
- Tracker changed from Issue to Story
- % Done set to 0
- Severity deleted (
2. Medium) - Triaged deleted (
No)
Updated by bmbouter over 3 years ago
I'm concerned about the security implications of this feature because administrators put secrets in settings.
How can we do this another way? How does Katello set these settings? One naive idea is that however the settings are set, they could be read that same way. @paji what do you think about this approach?
Updated by paji@redhat.com over 3 years ago
""I'm concerned about the security implications of this feature because administrators put secrets in settings.""
You are going to have to be picky on what you choose to expose.
""One naive idea is that however the settings are set, they could be read that same way""
Tried this out already. Doesn't really work since pulp and katello can be on 2 different machines. While /var/lib/pulp is likely to be shared /etc/pulp may not be. Open for other ideas here.
Updated by daviddavis over 3 years ago
- Status changed from NEW to CLOSED - WONTFIX
Talked with katello and we'll support their need through use of dry run functionality #7549
.