Project

Profile

Help

31+ Ideas (post MVP) » History » Sprint/Milestone 24

bmbouter, 12/14/2017 08:56 PM
Adding the JWT stories

1 12 bmbouter
# Core 3.1+ Ideas (post MVP)
2 1 bmbouter
3 11 bmbouter
## Authentication
4 1 bmbouter
5
  - External
6
  - Expiring passwords
7
  - REMOTE_USER support?
8
9 24 bmbouter
As an API user, I can have documentation to generate a JSON Web Token (JWT) without the server being online.
10
11
As an administrator, I can disable JWT token expiration. This configuration is in the settings file and is system-wide.
12
13
As an administrator, I can configure the JWT tokens to expire after a configurable amount of time. This configuration is in the settings file and is system-wide.
14
15
The JWT shall have a username identifier
16
17
As an API user, I can authenticate any API call with a valid JWT
18
19
As a JWT authenticated user, I can refresh my JWT token if Pulp is configured with JWT_ALLOW_REFRESH set to True (default is False)
20
21
As an API user, I can invalidate all existing JWT tokens for a given user.
22
23
As an authenticated user, when deleting a user 'foo', all of user 'foo's existing JWTs are invalidated.
24
25
As an un-authenticated user, I can obtain a JWT token by using a username and password.
26
27 11 bmbouter
## Authorization
28 1 bmbouter
29
\<put ideas here\>
30
31 11 bmbouter
## Versioned Repository
32 1 bmbouter
33 22 bmbouter
As an authenticated user, I can get a list of a repo's versions.
34 6 bmbouter
35 22 bmbouter
As an authenticated user, I can specify how many versions to keep at a time.
36 6 bmbouter
37 22 bmbouter
As an authenticated user, I can get a reference to a new repo version from any task that adds or removes content.
38 6 bmbouter
39 22 bmbouter
As an authenticated user, I can publish a repo and have it default to the latest version.
40 6 bmbouter
41 22 bmbouter
As an authenticated user, I can run a publisher with a repository version.
42 1 bmbouter
43 11 bmbouter
## Content Manipulation
44 2 bmbouter
45
  - Sync can have "sync" options.
46
  - Sync options are different than "importer" attributes.
47
48 14 bmbouter
As an authenticated user, I can remove one or more units from one or more repositories
49
50
  - filtering support on the unit(s)
51
  - filtering support on the repositories
52
53 22 bmbouter
As an authenticated user I can specify a filter to identify content to be added to a repo
54 16 bmbouter
55 21 bmbouter
## Content Deletion
56
57
As an authenticated user, artifacts are deleted if they were exclusively used by the content unit
58
59
As an authenticated user, I can delete multiple content units with filtering
60
61
  - If a content unit is still in at least one repository the delete fails with a listing of all repositories the unit is part of.
62
  - Artifacts and associated files from deleted units are cleaned up
63
64 19 bmbouter
## Content Filtering
65
66
As a user, I can search all content for a specific content unit regardless of type
67
68
As a user, I can find out all the repos in which a piece of content appears
69
70
  - example: bad content the user wants to remove from all repos in Pulp
71
72 20 bmbouter
## Publications
73
74
As an authenticated user, I have filters on the Publication list:
75
76
  - id: (id_in_list) \# id equality is not necessary, objects are referenced by id
77
  - filter by created range
78
  - filter by not associated w/ distribution.
79
80 11 bmbouter
## Upload
81 5 bmbouter
82
  - Allow for a large single file to have its chunks uploaded in parallel.
83
84 18 amacdona@redhat.com
Repositories 3.1+  
85
filter by content type(ex. repository_contains_type: rpm)  
86
last_content_added(content_added_since)  
87
last_content_removed(content_removed_since)  
88
"partial" repo name search (name: substring)  
89
"tagged" repo names (name: substring)
90
91
Importer 3.1+
92
93 11 bmbouter
## Importers
94 1 bmbouter
95
  - Sync from multiple importers
96
  - We need to support multiple importers to properly support distributions and ostree (with distributions).
97
  - add auto-publish feature
98
  - As an authenticated user I have a notes field I can use to store arbitrary \<key, value\> tuples with both key and value being strings.
99 11 bmbouter
  - Add the force-full option.
100 18 amacdona@redhat.com
  - add filter for last_synced, either last_synced_lt or last_syced_in_range
101
  - add filter by repository if we no longer nest
102
  - add filter for feed_url: (equality, substring)
103 1 bmbouter
104 11 bmbouter
## Publishers
105 2 bmbouter
106 11 bmbouter
  - Add an auto_publish feature. Possibly a field called auto_publish \[default to true\] that indicates that the publisher will publish automatically when the associated repository's content has changed.
107 1 bmbouter
  - Add the force-full option.
108 12 bmbouter
  - Add a no-op publishing feature
109 11 bmbouter
110
## Task Management
111
112 3 bmbouter
Allow filtering of tasks on 'completed' or 'started'. These 'meta' states are not states directly, but they represent a group of states. For instance 'completed' would be represent 'skipped', 'completed', 'failed', and 'canceled'.
113
114
Additional filtering support:
115 1 bmbouter
116 3 bmbouter
  - worker
117
  - started_at, filtered by less than, greater than
118 1 bmbouter
  - finished_at, filtered by less than, greater than
119 3 bmbouter
  - resource field on an associated ReservedResource
120
121
As an authenticated user I can DELETE a task
122
123 11 bmbouter
## Data Exports
124 4 bmbouter
125
As an authenticated user, I can export a group of published repositories to a single media
126
127
As an authenticated user, I can export an incremental publish of a group of repositories to a single media
128
129
For both use cases \^, the layout needs some more discussion.
130
131
  - maybe it is specified by the user?
132 1 bmbouter
  - maybe it is maintains the published filesystem tree structure?
133
134 4 bmbouter
Also there are two main options in this area.
135
136
1\. One is a publish bundler that bundles up all the units published to disk. Then this media (e.g. an iso) is mounted and brought into another Pulp installation using a sync. This will only work for content types that don't require 'live APIs'
137
138
2\. Another option is to export database model data and disk content units from one Pulp to media and then import by directly adding those units to another Pulp. This could be done through the API possibly. This would allow things like Docker to be exported and imported, but it may not work for OSTree??
139
140 1 bmbouter
Also there was discussion about OSTree possibly never supporting and incremental export/import due to how OSTree stores content.
141
142
## Server Plugins (which content types are available and importers and publishers)
143 9 bmbouter
144
## Orphans
145
146 14 bmbouter
As an authenticated user, I can force delete content units even when associated with repositories.  
147
As an authenticated user, I can cleanup orphaned content units for a specific "type" without specifying the units specifically.  
148 15 bmbouter
As an authenticated user, I can filter orphan cleanup to only remove orphaned content units and artifacts created before a specified datetime.  
149
As an authenticated user, I list all orphaned content units and orphaned artifacts that are not in any repositories
150 1 bmbouter
151
## Plugin API
152
153
Incremental publishing support
154 23 bmbouter
155
## Consumer Profile Applicability
156
157
Using Consumer Profiles and repository bindings I can compute applicability with 2.y parity
158
159
  - Performance needs to be awesome
160
161
Glossary term:  
162
Consumer Profile - A set of installed units on a specific machine. In Pulp3 this machine is not a "consumer" in the same sense as Pulp2. Pulp is not "managing" the machine anymore; Pulp3 only collects Profile information.
163 8 dkliban@redhat.com
164 11 bmbouter
## Status API
165 8 dkliban@redhat.com
166
Status API return status of Squid (aka Proxy), web server, streamer
167
168
API to view an overall health attribute that returns a message when something is not operating properly or True.
169
170
I can view information about unapplied migrations
171
172 1 bmbouter
I can view a verbose Status API which returns a Pulp version for each component along with a list of all plugins and their versions.
173
174
## Alternate content source support
175 12 bmbouter
176 17 bmbouter
## Deployment
177
178 22 bmbouter
As a user, I can deploy the Pulp content serving view without all of Pulp's requirements.
179 17 bmbouter
180 12 bmbouter
# Plugin Feature Set 3.1+ Ideas (post MVP)
181
182
## Python
183
184
  - Add a mirror sync policy
185 13 mhrivnak
186
## Event Listener Notifier
187
188
I can receive serialized task info via AMQP on each task save
189
190
*Can this be restated in more pedantic terms? Does this mean that an arbitrary host can attach itself to Pulp's AMQP message bus and get updates on the progress of tasks?*