Re: [Pulp-dev] RBAC: Secure by default?

2020-12-16 Thread Tanya Tereshchenko 
It sounds like a good idea,  and additional +1 that it doesn't break
things.

On Tue, Dec 15, 2020 at 5:57 PM Matthias Dellweg 
wrote:

> In today's pulpcore meeting, we discussed that any endpoint that is not
> aware of RBAC yet will be open to every authenticated user.
>
> The suggestion that was given, is that we change that default. So all
> endpoints will raise permission errors unless RBAC opens them up.
> This would not affect any existing installation, where we only allowed the
> use of a single admin user. And by circumventing the permission framework
> this special user will remain to be able to talk to all available endpoints
> without restrictions.
> On the other hand it should smooth out the transition period until we have
> RBAC in all places. Since you could start giving permissions to users for
> viewsets that have an access_policy, while not risking to give them access
> to other sensitive parts that don't have it yet.
>
> What do you all think?
> ___
> Pulp-dev mailing list
> Pulp-dev@redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
>
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev

[Pulp-dev] Katello/Pulp3 Integration mtg

2020-12-16 Thread Grant Gainey 
December 17, 2020

Overview

   -

   Katello Schedule
   -

  3.18 branching:  Nov 2nd, Targeting Pulp 3.7
  -

  4.0 branching ~February 2021 (dry-run needed by end-of-Dec)
  -

  4.1 branching ~May 2021
  -

  4.2 branching ~August 2021
  -

  4.3 branching ~Nov 2021


Pulp

   -

   Last meeting for 2020
   -

   Pulpcore
   -

  3.9 changelog
  
  -

  FIPS stories finished/opened
  -

 See Epic 7960 
 -

  FIPS is January priority
  -

   RPM
   -

  Implementing the feature to enable/disable sqlite metadata generation
  -

 https://pulp.plan.io/issues/7852
 -

   Migration
   -

  Work on tests continues
  -

  2.21.5/pulpcore restart-on-failure ordering issue
  -

   3.9 compatibility releases
   -

  pulp-certguard 1.1.0
  -

  pulp_file 1.5.0
  -

  pulp-container 2.2.0
  -

 NOT compatible with 3.8
 -

  pulp-ansible 0.5.5
  -

  bmbouters 2.0 :)


Katello

   -

   Container registry work continuing
   -

   Will look to move to pulpcore-3.9 this sprint
   -

   Planning to test migration with another (large) customer db
   -

   Download timeouts question (per remote?)
   -

   Discussion/questions around correlation-id and where/how headers can be
   set
   -

  Maybe custom bindings-template?
  -

  Dkliban offered to help if this is the way we want to go
  -

 See also Gerrod when he starts in Jan
 -

  See pulp-openapigenerator
  


QE

   -

   No updates


-- 
Grant Gainey
Principal Software Engineer, Red Hat System Management Engineering
___
Pulp-dev mailing list
Pulp-dev@redhat.com
https://www.redhat.com/mailman/listinfo/pulp-dev