Project

General

Profile

Actions
Copy link

Feature #8103

closed

As an admin user, I should be able to provide access control for docker pull.

Added by Partha Aji over 9 years ago. Updated almost 6 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Container
Target version:
Katello Recycle Bin
Difficulty:
medium
Triaged:
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

At the present time any user can do something like
"
docker pull <FQDN>:5000/default_organization-docker_images-fedora
"
or other org/env/cv images and pull docker content. There is no mechanism to acl this based on user permissions/credentials. Need a way to address this.

Related issues 1 (0 open1 closed)

Blocks Katello - Tracker #7125: Docker Content SupportClosedDavid Davis

Actions
Actions
Copy link
 #1

Updated by Partha Aji over 9 years ago

Actions
Copy link
 #2

Updated by Eric Helms over 9 years ago

  • Tracker changed from Bug to Feature
  • Subject changed from Need a way to acl off docker pull to As an admin user, I should be able to provide access control for docker pull.
  • translation missing: en.field_release set to 14
  • Triaged changed from No to Yes
Actions
Copy link
 #3

Updated by Eric Helms over 9 years ago

  • translation missing: en.field_release changed from 14 to 23
Actions
Copy link
 #4

Updated by Daniel Lobato Garcia over 9 years ago

I don't think you can prevent this from Foreman-Docker or Katello, the idea is that the Docker host connections are restricted to the Foreman host, so that you manage operations through it. That is a way to enforce Foreman authorization.

If we have the assumption the person creating the containers have access to the Docker host, our authorization model simply wouldn't work, but we never make such an assumption. Foreman users creating regular hosts don't have to have access to the Foreman host, the bare metal or the compute resources, it's up to Foreman to decide who can do what.

Unless I misunderstood this one, can we close it?

Actions
Copy link
 #5

Updated by Eric Helms about 9 years ago

  • Target version set to 66
Actions
Copy link
 #6

Updated by Eric Helms about 9 years ago

  • Target version changed from 66 to 67
Actions
Copy link
 #7

Updated by Eric Helms about 9 years ago

  • Target version changed from 67 to 68
Actions
Copy link
 #8

Updated by Eric Helms about 9 years ago

  • translation missing: en.field_release deleted (23)
Actions
Copy link
 #9

Updated by Partha Aji about 9 years ago

Intent at the present time is to protect redhat content, while not necessarily the custom content. That being said the hosted does not have redhat content for docker images. This bug will be addressed at that point..

Actions
Copy link
 #10

Updated by Eric Helms about 9 years ago

  • Target version deleted (68)
Actions
Copy link
 #11

Updated by Eric Helms over 8 years ago

  • translation missing: en.field_release set to 114
Actions
Copy link
 #12

Updated by Thomas McKay almost 6 years ago

  • Status changed from New to Duplicate

Will be covered by 22951

Actions
Copy link
 #13

Updated by Thomas McKay almost 6 years ago

  • translation missing: en.field_release changed from 114 to 166
Actions
Copy link

Also available in: Atom PDF