[Pulp-list] Determining a repo from the request URL
John Matthews
jmatthew at redhat.com
Wed Mar 23 12:37:04 UTC 2011
----- Original Message -----
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've hit a bit of a hurdle in the repo auth.
>
> What we want to do is check the requested URL to see if the consumer
> is
> trying to access a protected repo. Problem is, I'm not sure how to
> know
> which repo is being accessed by the URL.
>
> So for an example, when requesting a repo's metadata yum will look
> for:
>
> https://guardian/pulp/repos/my-repo/pulp/fedora-13/i386/repodata/repomd.xml
>
> To break that down:
> https://<host>/<pulp-repo-httpd-location>/<repo-relative-path>/<requested-file-path>
>
> I can get pulp-repo-httpd-location out of the config, so I know how to
> chop off the leading part of that URL.
>
> The trickier part is determining what is the repo-relative-path v. the
> requested-file. I could do it for things at the repo root, but
> anything
> in a subdirectory would throw a hiccup into that.
>
> The best I could come up with is having a set of all protected repo
> relative paths and doing a greedy match of all of those against the
> URL
> to figure out which repo is being used. But that's, like, kinda ugly
> to
> do on a per request basis.
>
> We could drop a yum plugin on consumers in pulp-client that takes the
> repo label and stuffs it into a request header, though there's nothing
> to stop consumers from just changing the label (we could do an
> integrity
> check to make sure the relative path still matches, but I still don't
> like putting that piece client-side).
>
> Is there some magical extra information I don't know about? Some
> rockin
> way to extract the repo relative path from the requested file path
> which
> would let me look up the repo by relative path? Will that lookup even
> work; do we have sanity checks in repo create or the model definition
> that ensure relative paths are unique?
>
> Any thoughts are appreciated.
>
Jay,
This problem is somewhat related to another issue we saw with relative paths and possible name collisions. I spoke with dgao about this and he recommended a simple approach which I think will help my issue as well as yours.
What if we prepend the repo-id to the relative_path, the URL structure becomes:
https://<host>/<pulp-repo-httpd-location>/<repo-id>/<repo-relative-path>/<requested-file-path>
More information about the Pulp-list
mailing list