Actions
Story #8074
closed
As an admin I can still have rbac enabled with token_auth disabled
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Sprint 90
Quarter:
Description
Extend logic of rbac to work with the token_auth disabled.
In this case, only admin will have the right to perform push operations. Pull operations will be opened to (1) any user, including anonymous or (2) to any valid user (TBD)
Updated by ipanova@redhat.com about 3 years ago
- Sprint/Milestone changed from 2.3.0 to 2.4.0
Updated by ipanova@redhat.com about 3 years ago
(pulp) [vagrant@pulp3-source-fedora32 docs]$ pjournal
-- Logs begin at Fri 2020-11-20 12:00:41 UTC. --
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: File "/usr/local/lib/pulp/lib64/python3.8/site-packages/django_lifecycle/decorators.py", line 69, in func
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: hooked_method(*args, **kwargs)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 72, in add_perms
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: self._handle_permissions_assignments(access_policy)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 77, in _handle_permissions_assignments
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: callable(permission_assignment["permissions"], permission_assignment["parameters"])
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: File "/home/vagrant/devel/pulp_container/pulp_container/app/models.py", line 233, in create_namespace_group
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: current_user.groups.add(group)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: AttributeError: 'NoneType' object has no attribute 'groups'
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: 127.0.0.1 - - [08/Feb/2021:12:12:42 +0000] "POST /v2/lukas1/that/blobs/uploads/ HTTP/1.1" 500 27 "-" "libpod/2.2.1"
Currently it's impossible to push with admin credentials with token_auth disabled and rbac enabled.
Updated by pulpbot about 3 years ago
- Status changed from NEW to POST
Added by mdellweg about 3 years ago
Added by mdellweg about 3 years ago
Revision 38236475 | View on GitHub
Fall back to BasicAuth if token is disabled
This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.
Updated by mdellweg about 3 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset 38236475a3cef33060605e329e14f7e9f9d69c5a.
Updated by pulpbot about 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
.
Fall back to BasicAuth if token is disabled
This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.
fixes #8074 https://pulp.plan.io/issues/8074