-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've hit a bit of a hurdle in the repo auth.
What we want to do is check the requested URL to see if the consumer is trying to access a protected repo. Problem is, I'm not sure how to know which repo is being accessed by the URL. So for an example, when requesting a repo's metadata yum will look for: https://guardian/pulp/repos/my-repo/pulp/fedora-13/i386/repodata/repomd.xml To break that down: https://<host>/<pulp-repo-httpd-location>/<repo-relative-path>/<requested-file-path> I can get pulp-repo-httpd-location out of the config, so I know how to chop off the leading part of that URL. The trickier part is determining what is the repo-relative-path v. the requested-file. I could do it for things at the repo root, but anything in a subdirectory would throw a hiccup into that. The best I could come up with is having a set of all protected repo relative paths and doing a greedy match of all of those against the URL to figure out which repo is being used. But that's, like, kinda ugly to do on a per request basis. We could drop a yum plugin on consumers in pulp-client that takes the repo label and stuffs it into a request header, though there's nothing to stop consumers from just changing the label (we could do an integrity check to make sure the relative path still matches, but I still don't like putting that piece client-side). Is there some magical extra information I don't know about? Some rockin way to extract the repo relative path from the requested file path which would let me look up the repo by relative path? Will that lookup even work; do we have sanity checks in repo create or the model definition that ensure relative paths are unique? Any thoughts are appreciated. - -- Jay Dobies RHCE# 805008743336126 Freenode: jdob http://pulpproject.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNiQoUAAoJEOMmcTqOSQHCTQoH/itWASne6gQ+M4K8cI1/OvPA YquwwQQWdqMFValdeQ8jgnDTX6PM9JMuEyfdP76YwlFd5neFfbNUoawatMcO5zKE 2QaiE9IuJphchqTZgKXEy9VSAa1K69zLslkl924+5Xl+k2ERkihKAgWhNdu4kD4N UlPJ9ejU3GEu+uluQwbMSp8km1CgzXr3AL8ybXMZah4kvKlB1xWixhZyvCwrGLTK RaRKKQqqL3pAXpAeBOVaoMSK7MJUpH/3zFuiGiWudwr3ghqearOTzMOLfQCCKLnl iP6MJ7e3t3VJNN4/mXVBx56VngWXNLjt9a4rB664uylEFEiAgQZR9GN2ld6+ROM= =cfPh -----END PGP SIGNATURE----- _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
