Project

Profile

Help

Story #8074

As an admin I can still have rbac enabled with token_auth disabled

Added by ipanova@redhat.com 9 months ago. Updated 7 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Sprint 90
Quarter:

Description

Extend logic of rbac to work with the token_auth disabled.

In this case, only admin will have the right to perform push operations. Pull operations will be opened to (1) any user, including anonymous or (2) to any valid user (TBD)

Associated revisions

Revision 38236475 View on GitHub
Added by mdellweg 8 months ago

Fall back to BasicAuth if token is disabled

This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.

fixes #8074 https://pulp.plan.io/issues/8074

Revision 38236475 View on GitHub
Added by mdellweg 8 months ago

Fall back to BasicAuth if token is disabled

This will allow push for admin and pull for everyone including AnonymousUser, if TOKEN_AUTH_DISABLED=True.

fixes #8074 https://pulp.plan.io/issues/8074

History

#1 Updated by ipanova@redhat.com 9 months ago

  • Sprint/Milestone set to 2.3.0

#2 Updated by ipanova@redhat.com 9 months ago

  • Sprint/Milestone changed from 2.3.0 to 2.4.0

#3 Updated by ipanova@redhat.com 8 months ago

(pulp) [vagrant@pulp3-source-fedora32 docs]$ pjournal 
-- Logs begin at Fri 2020-11-20 12:00:41 UTC. --
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/usr/local/lib/pulp/lib64/python3.8/site-packages/django_lifecycle/decorators.py", line 69, in func
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     hooked_method(*args, **kwargs)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 72, in add_perms
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     self._handle_permissions_assignments(access_policy)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulpcore/pulpcore/app/models/access_policy.py", line 77, in _handle_permissions_assignments
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     callable(permission_assignment["permissions"], permission_assignment["parameters"])
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:   File "/home/vagrant/devel/pulp_container/pulp_container/app/models.py", line 233, in create_namespace_group
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]:     current_user.groups.add(group)
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: AttributeError: 'NoneType' object has no attribute 'groups'
Feb 08 12:12:42 pulp3-source-fedora32.fluffy.example.com gunicorn[703259]: 127.0.0.1 - - [08/Feb/2021:12:12:42 +0000] "POST /v2/lukas1/that/blobs/uploads/ HTTP/1.1" 500 27 "-" "libpod/2.2.1"

Currently it's impossible to push with admin credentials with token_auth disabled and rbac enabled.

#4 Updated by pulpbot 8 months ago

  • Status changed from NEW to POST

#5 Updated by mdellweg 8 months ago

  • Assignee set to mdellweg

#6 Updated by mdellweg 8 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#7 Updated by ipanova@redhat.com 8 months ago

  • Tags GalaxyNG added

#8 Updated by ipanova@redhat.com 8 months ago

  • Sprint set to Sprint 90

#9 Updated by pulpbot 7 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF