Story #7623
closed
Rest API to expose pulp settings
Description
Pulp needs to expose things in settings like ALLOWED_IMPORT_PATHS, ALLOWED_EXPORT_PATHS with a Rest API. Katello and other tools using pulp3 can then use that for internal validation.
You could do it either as a part of status check where you list the configuration or create a new api
- Tracker changed from Issue to Story
- % Done set to 0
- Severity deleted (
2. Medium)
- Triaged deleted (
No)
I'm concerned about the security implications of this feature because administrators put secrets in settings.
How can we do this another way? How does Katello set these settings? One naive idea is that however the settings are set, they could be read that same way. @paji what do you think about this approach?
""I'm concerned about the security implications of this feature because administrators put secrets in settings.""
You are going to have to be picky on what you choose to expose.
""One naive idea is that however the settings are set, they could be read that same way""
Tried this out already. Doesn't really work since pulp and katello can be on 2 different machines. While /var/lib/pulp is likely to be shared /etc/pulp may not be. Open for other ideas here.
How are these settings set initially?
- Status changed from NEW to CLOSED - WONTFIX
Talked with katello and we'll support their need through use of dry run functionality #7549
Also available in: Atom
PDF
.