How to make file repositories private #5715
Comments
|
Distributions can be "hidden", which hides them from view. A content-guard keeps even unauthorized users who know a Distribution's URL from accessing files within. We have a number of different kinds-of contentguards, but the doc for using them is definitely...sparse. The pulp_certguard plugin has a quickstart for the X509 and RHSM content-guards. The RBAC Content-Guard "feels like" it manages your use-case the most closely, with an example of use in its test-suite. Your request here calls out that we really need a section of our docs that goes over these concepts more clearly. |
|
I did end up eventually using a RBAC content-guard, and once it was in place it was actually pretty obvious how it works and how to configure it. I think that even a short paragraph in the RBAC docs that says "if you want to override the default read-only behavior, create an rbac content guard with the CLI, add users/groups, and assign it to a distribution" would be good because the average user probably doesn't know/care about content-guards and may not even know they exist. As far as I know, the only docs that really reference them in any meaningful way are those for pulp_container. I can try to get a PR up with what I think would be a good docs addition, if you want. |
That would be outstanding - nothing better than doc from someone Fresh From The Wars, as it were :) Thanks for the offer! |
Container distributions have a
privatesetting, but as far as I know there's not a similar setting for other repository types. I have a file repository that I would like to deny all access (even view) to by default so that I can give users permissions as needed, but it's not clear to me how to do that. Would that be done via a content guard? Are there any docs (I didn't see any, but maybe I'm missing something) that provide guidance on how to disable or work around the default read-all behavior of non-container distributions?The text was updated successfully, but these errors were encountered: