Project

Profile

Help

Story #8074

closed

As an admin I can still have rbac enabled with token_auth disabled

Added by ipanova@redhat.com over 1 year ago. Updated over 1 year ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Sprint 90
Quarter:

Description

Extend logic of rbac to work with the token_auth disabled.

In this case, only admin will have the right to perform push operations. Pull operations will be opened to (1) any user, including anonymous or (2) to any valid user (TBD)

Actions #1

Updated by ipanova@redhat.com over 1 year ago

  • Sprint/Milestone set to 2.3.0
Actions #2

Updated by ipanova@redhat.com over 1 year ago

  • Sprint/Milestone changed from 2.3.0 to 2.4.0
Actions #3

Updated by ipanova@redhat.com over 1 year ago

(pulp) [vagrant@pulp3-source-fedora32 docs]$ pjournal 
-- Logs begin at Fri 2020-11-20 12:00:41 UTC. --
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/usr/local/lib/pulp/lib64/python3.8/site-packages/django_lifecycle/decorators.py", line 69, in func
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     hooked_method(*args, **kwargs)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 72, in add_perms
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     self._handle_permissions_assignments(access_policy)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 77, in _handle_permissions_assignments
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     callable(permission_assignment["permissions"], permission_assignment["parameters"])
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulp_container/pulp_container/app/models.py", line 233, in create_namespace_group
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     current_user.groups.add(group)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: AttributeError: 'NoneType' object has no attribute 'groups'
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: 127.0.0.1 - - [08/Feb/2021:12:12:42 +0000] "POST /v2/lukas1/that/blobs/uploads/ HTTP/1.1" 500 27 "-" "libpod/2.2.1"

Currently it's impossible to push with admin credentials with token_auth disabled and rbac enabled.

Actions #4

Updated by pulpbot over 1 year ago

  • Status changed from NEW to POST
Actions #5

Updated by mdellweg over 1 year ago

  • Assignee set to mdellweg

Added by mdellweg over 1 year ago

Revision 38236475

Fall back to BasicAuth if token is disabled

This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.

fixes #8074 https://pulp.plan.io/issues/8074

Added by mdellweg over 1 year ago

Revision 38236475

Fall back to BasicAuth if token is disabled

This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.

fixes #8074 https://pulp.plan.io/issues/8074

Actions #6

Updated by mdellweg over 1 year ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #7

Updated by ipanova@redhat.com over 1 year ago

  • Tags GalaxyNG added
Actions #8

Updated by ipanova@redhat.com over 1 year ago

  • Sprint set to Sprint 90
Actions #9

Updated by pulpbot over 1 year ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF