[Pulp-dev] Moving Content Guard Authorization to Webserver and out of pulp-content

Eric Helms ehelms at redhat.com
Wed Mar 11 18:18:02 UTC 2020

On Wed, Mar 11, 2020 at 2:12 PM Brian Bouterse <bmbouter at redhat.com> wrote:

> tl;dr: What we have today cannot work with rhsm certificates which Katello
> uses. To resolve, we need to have content guard checking moved to the
> webserver configs for apache and nginx and not done in pulp-content as it
> is today.  https://pulp.plan.io/issues/6323
> We need to bring the auth to where TLS is terminated because we can't
> being the client certs to pulp-content due to invalid header characters. As
> is, pulp-certguard cannot work with Katello's cert types (rhsm certs) so
> that is driving my changes.
> If anyone has major concerns or other ideas please let me know. In the
> meantime I'm proceeding moving the authorization to the webserver and then
> updating pulp-certguard to work with that. This will make pulp-certguard's
> GA tied to pulpcore 3.3.0. Feedback is welcome.

What will this mean from a runtime perspective? Or rather, what within the
webserver layer will be handling this auth?

> [0]: https://pulp.plan.io/issues/6323
> Thanks,
> Brian
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev

Eric Helms
Principal Software Engineer
Satellite and Cloud Services
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20200311/9b4e8a95/attachment.htm>

More information about the Pulp-dev mailing list