Hello.
I want to use Pulpcore as a repository management solution for our internal RPM repos. Installation and config worked fine and Pulpcore is working as expected.
Now I want/need to give limited access to some colleagues to maintain their repositories. I don’t quite understand what the necessary steps are to get there.
The important permissions would be:
- Upload RPM content
- Add RPM content to a specific repository
- Publish that repository
The CHANGES.rst in the repo says:
Until Role-Based Access Control is added to Pulp, REST API is not safe for multi-user use. Sensitive credentials can be read by any user, e.g.
Remote.password
,Remote.client_key
.
but the Pulp CLI tool seems to include RBAC stuff. As a user it’s totally unclear, what the status of RBAC (or permissions in general) currently is…
For authentication I do use httpd with basic auth (because I don’t need support for client cert auth) with matching users created in Pulp itself and the following config:
AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']
REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
'rest_framework.authentication.SessionAuthentication',
'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)
Is there any documentation on the commands needed for this? Or some sort of example configuration?
Pulpcore version: pulpcore-3.17.7
Pulp plugins installed and their versions: pulp-rpm-3.17.5
Operating system - distribution and version: RHEL 8