[Pulp-list] Repo Auth Requirements and Design
jason.dobies at redhat.com
Wed Mar 23 20:28:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
I updated the doc given today's discussions.
In short, there will be two granularities of repo auth.
- - Individual, which is what the original design covered, that allows
credentials to be specified on a per-repo basis. "Repo X is protected
but Repo Y isn't."
- - Global, which secures *all* repos under a single set of credentials
defined at the Pulp level instead of the repo level. "I have 30 repos
and I want to secure access to everything, and it'd be cumbersome to add
the credentials to each repo individually."
The global case meets both RHUI as well as other Red Hat project
The other complication that came into consideration is that if a repo is
protected, it needs to be protected if it's exposed on a CDS as well
(applies both to the individual and global cases). We will leverage the
existing communication from server to CDS to send that information. The
repo auth code has already been written in a way that will let it be its
own RPM which will then be installed on both Pulp server and CDS so they
can both apply the logic.
I'm also dropping out of tomorrow's deep dive. These changes added a lot
of stuff that won't be in place, and I'd rather review a more finished
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Pulp-list