[Pulp-dev] Moving Content Guard Authorization to Webserver and out of pulp-content
ehelms at redhat.com
Wed Mar 11 18:18:02 UTC 2020
On Wed, Mar 11, 2020 at 2:12 PM Brian Bouterse <bmbouter at redhat.com> wrote:
> tl;dr: What we have today cannot work with rhsm certificates which Katello
> uses. To resolve, we need to have content guard checking moved to the
> webserver configs for apache and nginx and not done in pulp-content as it
> is today. https://pulp.plan.io/issues/6323
> We need to bring the auth to where TLS is terminated because we can't
> being the client certs to pulp-content due to invalid header characters. As
> is, pulp-certguard cannot work with Katello's cert types (rhsm certs) so
> that is driving my changes.
> If anyone has major concerns or other ideas please let me know. In the
> meantime I'm proceeding moving the authorization to the webserver and then
> updating pulp-certguard to work with that. This will make pulp-certguard's
> GA tied to pulpcore 3.3.0. Feedback is welcome.
What will this mean from a runtime perspective? Or rather, what within the
webserver layer will be handling this auth?
> : https://pulp.plan.io/issues/6323
> Pulp-dev mailing list
> Pulp-dev at redhat.com
Principal Software Engineer
Satellite and Cloud Services
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev