As a user of single container, I can easily use token auth for container registry API
The instructions for the all in one container tell the user to provide a setting that disables token auth. When token auth is disabled, RBAC is not used. It would be much better to provide instructions for how the user can enable token auth.
Perhaps it would be possible to enable the all in one container to check if the certs needed for token auth are present. If they are not present, the container would generate certs.
Updated by firstname.lastname@example.org about 1 year ago
The logic in ./assets/pulpcore-api.prep already checks if the certs exist. If they do not, it does not generate them. (I'm 95% sure of this.)
So we should update the docs on how to put the certs in settings/certs/ , which maps to /etc/pulp/certs/