[Pulp-dev] Moving Content Guard Authorization to Webserver and out of pulp-content
Brian Bouterse
bmbouter at redhat.com
Wed Mar 11 18:11:56 UTC 2020
tl;dr: What we have today cannot work with rhsm certificates which Katello
uses. To resolve, we need to have content guard checking moved to the
webserver configs for apache and nginx and not done in pulp-content as it
is today. https://pulp.plan.io/issues/6323
We need to bring the auth to where TLS is terminated because we can't being
the client certs to pulp-content due to invalid header characters. As is,
pulp-certguard cannot work with Katello's cert types (rhsm certs) so that
is driving my changes.
If anyone has major concerns or other ideas please let me know. In the
meantime I'm proceeding moving the authorization to the webserver and then
updating pulp-certguard to work with that. This will make pulp-certguard's
GA tied to pulpcore 3.3.0. Feedback is welcome.
[0]: https://pulp.plan.io/issues/6323
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20200311/0805a992/attachment.htm>
More information about the Pulp-dev
mailing list