-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://fedorahosted.org/pulp/wiki/RepoAuth
I updated the doc given today's discussions. In short, there will be two granularities of repo auth. - - Individual, which is what the original design covered, that allows credentials to be specified on a per-repo basis. "Repo X is protected but Repo Y isn't." - - Global, which secures *all* repos under a single set of credentials defined at the Pulp level instead of the repo level. "I have 30 repos and I want to secure access to everything, and it'd be cumbersome to add the credentials to each repo individually." The global case meets both RHUI as well as other Red Hat project requirements. The other complication that came into consideration is that if a repo is protected, it needs to be protected if it's exposed on a CDS as well (applies both to the individual and global cases). We will leverage the existing communication from server to CDS to send that information. The repo auth code has already been written in a way that will let it be its own RPM which will then be installed on both Pulp server and CDS so they can both apply the logic. I'm also dropping out of tomorrow's deep dive. These changes added a lot of stuff that won't be in place, and I'd rather review a more finished product. - -- Jay Dobies RHCE# 805008743336126 Freenode: jdob http://pulpproject.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNilfZAAoJEOMmcTqOSQHC6/UH/RuNfsu8LskEjKfB4zVPkrxt lwbo7zEoYD7YYtFYf+HnXOd51q4fdvaf9ITFHKqCBImaw6i/4TOnKDJaW1QpcH4F yKBWt9+fd7/vHNpOltagxH/I7g8K5GckG1fTKHj8/Oa7RnDHYDGmA6iF0fMYugAQ 6WoPn61VYY7E+8Iz20DlRRp6n5ZCZo2b7Naqgqe/3KjlTVHAswMxeTioBRwHHC9I WOuzE739HiWCC6qlKNRX95fLfy8AytIPqrTBm3ZSpY/30Vdsx4E77UWFzAJb+CCI /loJQ8mxOGNcMpRKbV/o/0T+xYuKw4tad/Ple4lsjKi+ndKVNe/cYWaqcC97OtI= =IAkJ -----END PGP SIGNATURE----- _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
