Pulpcore permission support

Hello.

I want to use Pulpcore as a repository management solution for our internal RPM repos. Installation and config worked fine and Pulpcore is working as expected.

Now I want/need to give limited access to some colleagues to maintain their repositories. I don’t quite understand what the necessary steps are to get there.
The important permissions would be:

  • Upload RPM content
  • Add RPM content to a specific repository
  • Publish that repository

The CHANGES.rst in the repo says:

Until Role-Based Access Control is added to Pulp, REST API is not safe for multi-user use. Sensitive credentials can be read by any user, e.g. Remote.password , Remote.client_key .

but the Pulp CLI tool seems to include RBAC stuff. As a user it’s totally unclear, what the status of RBAC (or permissions in general) currently is…

For authentication I do use httpd with basic auth (because I don’t need support for client cert auth) with matching users created in Pulp itself and the following config:

AUTHENTICATION_BACKENDS = ['pulpcore.app.authentication.PulpNoCreateRemoteUserBackend']

REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
    'rest_framework.authentication.SessionAuthentication',
    'pulpcore.app.authentication.PulpRemoteUserAuthentication'
)

Is there any documentation on the commands needed for this? Or some sort of example configuration?

Pulpcore version: pulpcore-3.17.7

Pulp plugins installed and their versions: pulp-rpm-3.17.5

Operating system - distribution and version: RHEL 8

2 Likes

Hey @laugmanuel,

We are currently implementing RBAC for pulp_rpm and haven’t updated the documentation yet, so sorry for the confusion. RBAC support should be released in the next version of pulp_rpm which should hopefully come out a little after pulpcore 3.20 is released around June 14. I believe it should have all the permission features you require and will come with documentation for how to set it up.

1 Like

Hey @gerrod,

thank’s for clarifying!
I’ll keep an eye out for the release of pulpcore 3.20 and see if I can implement the required permissions.