[Pulp-dev] Concerns about Users in Pulp3 API
Brian Bouterse
bbouters at redhat.com
Tue Feb 5 18:17:47 UTC 2019
I want us to check-in on the User aspects of Pulp 3.0's feature set w.r.t
some concerns I have and I've heard echoed on the list before. Overall the
only change I'm advocating for is the removal of Users from the API
entirely [0] and a shared understanding that Pulp is for single-user
environments only (for now). The pulp-manager [1] parts are probably ok
as-is.
First, Pulp isn't safe to use as a multi-user system because it provide no
content isolation. Any user can create falsified packages of any type via
Upload and have these packages be used by other users instead of other
valid packages that come from trusted remote sources. Think about an
impersonation of the rpm providing the 'passwd' binary w/ a slightly
modified one. A Pulp system is safe iff a single user, e.g. Katello's user,
or a single sysadmin has exclusive control of it.
Also, having distinct user identity but no way to authorize and limit what
operations a user can take within the Pulp system isn't very usable.
Finally, I'm concerned about Pulp having identity management built into its
own feature set at all. Identity management can be very complicated. There
are whole projects dedicated to it. Users who want "real" identity
management I don't believe will choose Pulp's. If third-party ID management
is Pulp's recommended approach to having ID management then these User APIs
will not be used, maybe by anyone.
What do you think?
My recommendation is to clearly label Pulp3 as a single-user system and
also remove the User parts from the API pre RC. Pulp's API does need
protection for its single user, so we could continue to create a single
'admin' User object called like we do now via pulp-manager [1].
[0]: https://github.com/pulp/pulp/blob/master/pulpcore/app/viewsets/user.py
[1]:
https://github.com/pulp/pulp/blob/master/pulpcore/app/management/commands/reset-admin-password.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20190205/c33e5eac/attachment.htm>
More information about the Pulp-dev
mailing list