Issue #8014
Ensure that container-push repo endpoint is read-only
Description
It is possible to create and delete push repositories using API. It doesn't make sense, it doesn't benefit users in any way, it only potentially creates problems and adds complexity to the code and future RBAC.
Push repositories are automatically created during docker/podman push as a part of distribution creation. Push repositories are automatically removed when their distributions are removed.
Related issues
Associated revisions
Revision 5978f4ce
View on GitHub
Make push repositories REST API read-only
History
#2
Updated by ipanova@redhat.com 2 months ago
- Status changed from POST to CLOSED - NOTABUG
#3
Updated by ipanova@redhat.com about 2 months ago
- Status changed from CLOSED - NOTABUG to NEW
I am re-opening this bug. Users not should be able to create push repos via api. A distribution should be created instead and if needed assign needed permissions ahead of push operation. Push-repo will be created only during 'podman push' operation or alongside with the distribution creation.
#4
Updated by ipanova@redhat.com about 2 months ago
- Sprint/Milestone set to 2.3.0
#5
Updated by ipanova@redhat.com about 2 months ago
- Status changed from NEW to ASSIGNED
- Assignee set to ttereshc
#6
Updated by ttereshc about 2 months ago
- Related to Story #8103: As a plugin writer, I have a read-only viewset for repository available in the plugin API added
#7
Updated by ttereshc about 2 months ago
- Has duplicate Issue #7839: push repository can be created without a distribution added
#8
Updated by ttereshc about 2 months ago
- Subject changed from Disable POST for container-push repo endpoint to Ensure that container-push repo endpoint is read-only
- Description updated (diff)
#9
Updated by ttereshc about 2 months ago
- Sprint set to Sprint 88
#10
Updated by pulpbot about 2 months ago
- Status changed from ASSIGNED to POST
#11
Updated by ttereshc about 2 months ago
- Status changed from POST to MODIFIED
Applied in changeset 5978f4ceda73b2ab870fe094edad56d597188f31.
Please register to edit this issue
Make push repositories REST API read-only
closes #8014 https://pulp.plan.io/issues/8014