[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pulp-list] Determining a repo from the request URL



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've hit a bit of a hurdle in the repo auth.

What we want to do is check the requested URL to see if the consumer is
trying to access a protected repo. Problem is, I'm not sure how to know
which repo is being accessed by the URL.

So for an example, when requesting a repo's metadata yum will look for:

https://guardian/pulp/repos/my-repo/pulp/fedora-13/i386/repodata/repomd.xml

To break that down:
https://<host>/<pulp-repo-httpd-location>/<repo-relative-path>/<requested-file-path>

I can get pulp-repo-httpd-location out of the config, so I know how to
chop off the leading part of that URL.

The trickier part is determining what is the repo-relative-path v. the
requested-file. I could do it for things at the repo root, but anything
in a subdirectory would throw a hiccup into that.

The best I could come up with is having a set of all protected repo
relative paths and doing a greedy match of all of those against the URL
to figure out which repo is being used. But that's, like, kinda ugly to
do on a per request basis.

We could drop a yum plugin on consumers in pulp-client that takes the
repo label and stuffs it into a request header, though there's nothing
to stop consumers from just changing the label (we could do an integrity
check to make sure the relative path still matches, but I still don't
like putting that piece client-side).

Is there some magical extra information I don't know about? Some rockin
way to extract the repo relative path from the requested file path which
would let me look up the repo by relative path? Will that lookup even
work; do we have sanity checks in repo create or the model definition
that ensure relative paths are unique?

Any thoughts are appreciated.

- -- 
Jay Dobies
RHCE# 805008743336126
Freenode: jdob
http://pulpproject.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNiQoUAAoJEOMmcTqOSQHCTQoH/itWASne6gQ+M4K8cI1/OvPA
YquwwQQWdqMFValdeQ8jgnDTX6PM9JMuEyfdP76YwlFd5neFfbNUoawatMcO5zKE
2QaiE9IuJphchqTZgKXEy9VSAa1K69zLslkl924+5Xl+k2ERkihKAgWhNdu4kD4N
UlPJ9ejU3GEu+uluQwbMSp8km1CgzXr3AL8ybXMZah4kvKlB1xWixhZyvCwrGLTK
RaRKKQqqL3pAXpAeBOVaoMSK7MJUpH/3zFuiGiWudwr3ghqearOTzMOLfQCCKLnl
iP6MJ7e3t3VJNN4/mXVBx56VngWXNLjt9a4rB664uylEFEiAgQZR9GN2ld6+ROM=
=cfPh
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]