As an admin user, I should be able to provide access control for docker pull.
At the present time any user can do something like
docker pull <FQDN>:5000/default_organization-docker_images-fedora
or other org/env/cv images and pull docker content. There is no mechanism to acl this based on user permissions/credentials. Need a way to address this.
#4 Updated by Daniel Lobato Garcia over 7 years ago
I don't think you can prevent this from Foreman-Docker or Katello, the idea is that the Docker host connections are restricted to the Foreman host, so that you manage operations through it. That is a way to enforce Foreman authorization.
If we have the assumption the person creating the containers have access to the Docker host, our authorization model simply wouldn't work, but we never make such an assumption. Foreman users creating regular hosts don't have to have access to the Foreman host, the bare metal or the compute resources, it's up to Foreman to decide who can do what.
Unless I misunderstood this one, can we close it?