How to use certificate in pulp-cli

xm1234567 · January 4, 2024, 3:03pm

Hello everyone and happy new year of 2024

Problem:
I have a pulp-all-in-one-container instance running by podman, it runs on port 443 and uses the self-sign certificates for nginx server.
I can use username and password way ( configured in .config/pulp/cli.toml) to access pulp and create rpm repos.

According to the doc Using the CLI - Pulp CLI , there are also --cert and–key` existed. Looks like a pulp user can authentication with his certificate and do repo operations.

Is there a detailed doc somewhere? Would be nice to share some example if possible?

Expected outcome:
I would like to use a user certificate in .config/pulp/cli.toml to do pulp cli operation.

Pulpcore version:
“component”: “core”,
“version”: “3.41.0”,
“package”: “pulpcore”,
“domain_compatible”: true

Pulp plugins installed and their versions:
{
“component”: “rpm”,
“version”: “3.24.0”,
“package”: “pulp-rpm”,
“domain_compatible”: true
},

Thanks in advance !

xm

gerrod · January 4, 2024, 8:50pm

@xm1234567 Happy New Year!

Have you read the section about the config file in the docs? Configuration - Pulp CLI There is a section at the bottom detailing how to set up certificates for Katello users, since they use certs for authentication for their Pulp installations. I think that section should help answer your question.

xm1234567 · January 5, 2024, 9:26am

Hello @gerrod , I read that section and tested simply with a self-signed certificate, but not working. Sure, there are some other conf to do , like described here Authentication — Pulp Project 3.43.1 documentation . but I don’t understand all these yet.

gerrod · January 6, 2024, 1:59am

Can you describe the error code you get back, is it a 401 or a 403? Use -v in the cli command to get the response code.

xm1234567 · January 7, 2024, 2:23pm

Error code is 401.
In fact I am not sure how to mapping user with his certificate. What I do:
=> use pulp user create to create a test user account, give some permissions, this user account can do pulp rpm repository list with its username and password.
=> then I create a self-signed certificate for this user,
I tried

pulp -v --cert xxxx.crt --key xxx.key rpm repository list
repositories_rpm_rpm_list : get https://xxx.xxx.xxx.xxx/pulp/api/v3/repositories/rpm/rpm/?offset=0&limit=25
Response: 401
Error: {“detail”:“Authentication credentials were not provided.”}