Project

Profile

Help

Story #8940

closed

Add RBAC content guard to pulpcore

Added by gerrod over 3 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

Background

Content guards are added to distributions and are used to protect who can download (and view) content available in that distribution from the content app. Users create content guard instances with specific settings for each distribution they want to protect. RBAC in Pulp is provided by Django and DRF and currently has no relation to content guards, so users can protect who can manage content in Pulp using RBAC, but not who can download it. There is a need for an RBAC enabled content guard that protects content based on RBAC permissions.

Implementation

Add a new RBAC content guard that would ship by default in pulpcore. The access policy for these content guard instances should be customizable by the user and if not set should default to the policy used by the distribution. Some requests go through a plugin's extended REST API first and then redirect to the content app, so an option to authorized requests based on redirection origin should be added to the content guard.


Related issues

Related to Pulp - Story #8951: Add authentication to content appCLOSED - CURRENTRELEASEgerrod

Actions

Also available in: Atom PDF