[Pulp-list] Determining a repo from the request URL

John Matthews jmatthew at redhat.com
Wed Mar 23 12:37:04 UTC 2011 


----- Original Message -----
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I've hit a bit of a hurdle in the repo auth.
> 
> What we want to do is check the requested URL to see if the consumer
> is
> trying to access a protected repo. Problem is, I'm not sure how to
> know
> which repo is being accessed by the URL.
> 
> So for an example, when requesting a repo's metadata yum will look
> for:
> 
> https://guardian/pulp/repos/my-repo/pulp/fedora-13/i386/repodata/repomd.xml
> 
> To break that down:
> https://<host>/<pulp-repo-httpd-location>/<repo-relative-path>/<requested-file-path>
> 
> I can get pulp-repo-httpd-location out of the config, so I know how to
> chop off the leading part of that URL.
> 
> The trickier part is determining what is the repo-relative-path v. the
> requested-file. I could do it for things at the repo root, but
> anything
> in a subdirectory would throw a hiccup into that.
> 
> The best I could come up with is having a set of all protected repo
> relative paths and doing a greedy match of all of those against the
> URL
> to figure out which repo is being used. But that's, like, kinda ugly
> to
> do on a per request basis.
> 
> We could drop a yum plugin on consumers in pulp-client that takes the
> repo label and stuffs it into a request header, though there's nothing
> to stop consumers from just changing the label (we could do an
> integrity
> check to make sure the relative path still matches, but I still don't
> like putting that piece client-side).
> 
> Is there some magical extra information I don't know about? Some
> rockin
> way to extract the repo relative path from the requested file path
> which
> would let me look up the repo by relative path? Will that lookup even
> work; do we have sanity checks in repo create or the model definition
> that ensure relative paths are unique?
> 
> Any thoughts are appreciated.
> 

Jay, 

This problem is somewhat related to another issue we saw with relative paths and possible name collisions.  I spoke with dgao about this and he recommended a simple approach which I think will help my issue as well as yours.

What if we prepend the repo-id to the relative_path, the URL structure becomes:
https://<host>/<pulp-repo-httpd-location>/<repo-id>/<repo-relative-path>/<requested-file-path>

More information about the Pulp-list mailing list