Feature #8103
closed
As an admin user, I should be able to provide access control for docker pull.
Added by Partha Aji about 10 years ago.
Updated over 6 years ago.
Description
At the present time any user can do something like
"
docker pull <FQDN>:5000/default_organization-docker_images-fedora
"
or other org/env/cv images and pull docker content. There is no mechanism to acl this based on user permissions/credentials. Need a way to address this.
- Tracker changed from Bug to Feature
- Subject changed from Need a way to acl off docker pull to As an admin user, I should be able to provide access control for docker pull.
- Translation missing: en.field_release set to 14
- Triaged changed from No to Yes
- Translation missing: en.field_release changed from 14 to 23
I don't think you can prevent this from Foreman-Docker or Katello, the idea is that the Docker host connections are restricted to the Foreman host, so that you manage operations through it. That is a way to enforce Foreman authorization.
If we have the assumption the person creating the containers have access to the Docker host, our authorization model simply wouldn't work, but we never make such an assumption. Foreman users creating regular hosts don't have to have access to the Foreman host, the bare metal or the compute resources, it's up to Foreman to decide who can do what.
Unless I misunderstood this one, can we close it?
- Target version changed from 66 to 67
- Target version changed from 67 to 68
- Translation missing: en.field_release deleted (
23)
Intent at the present time is to protect redhat content, while not necessarily the custom content. That being said the hosted does not have redhat content for docker images. This bug will be addressed at that point..
- Target version deleted (
68)
- Translation missing: en.field_release set to 114
- Status changed from New to Duplicate
- Translation missing: en.field_release changed from 114 to 166
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by