Project

General

Profile

Actions
Copy link

Feature #8484

closed

Make SmartProxyAuth concern more useful to plugins

Added by Stephen Benjamin almost 10 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Stephen Benjamin
Category:
Authentication
Target version:
1.8.0
Difficulty:
Triaged:
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/1975
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Instead of being only handling the Puppet case, change the concern to authenticate arbitrary Smart Proxies / Features

Related issues 4 (0 open4 closed)

Related to Foreman - Bug #8949: Setting rename migration for {restrict_registered, require_ssl}_puppetmaster is actually a noopClosedStephen Benjamin01/14/2015Actions
Related to Foreman - Bug #8922: authorized_smart_proxy_features should not fail if not implementedClosedDaniel Lobato Garcia01/13/2015Actions
Related to ABRT - Bug #8646: Foreman will refuse reports from proxies that are not Puppet/Chef proxiesClosedMartin Milata12/10/2014Actions
Related to Foreman - Bug #11921: Features in controller authentication are not loaded correctly if you modify them from pluginsClosedMarek Hulán09/22/2015Actions
Actions
Copy link
 #1

Updated by Marek Hulán almost 10 years ago

I was thinking about this few days ago. I think Feature model should define whether we should trust that SmartProxy for authentication. Other plugins adds their own features to SmartProxy so they could just create it with (e.g.) authentication flag set to true.

Actions
Copy link
 #2

Updated by The Foreman Bot almost 10 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/1975 added
  • Pull request deleted ()
Actions
Copy link
 #3

Updated by Stephen Benjamin almost 10 years ago

@Marek - That could work also. The end goal for me was just to get rid of all the alias_method_chains and hacking I have on this Concern in foreman_salt.

The way I have it in the PR, each controller specifies which features are allowed to access it. This does have the advantage that a Salt-only Smart Proxy won't have access to say for example, an endpoint for the ABRT or OpenScap plugins.

FactImporters (and hopefully soon ReportImporters) are special in that the plugin's implementation would supply authorized features.

Actions
Copy link
 #4

Updated by Marek Hulán almost 10 years ago

Yeah, nice one! I'm looking forward to test it with chef plugin.

Actions
Copy link
 #5

Updated by Dominic Cleal almost 10 years ago

  • Translation missing: en.field_release set to 28
Actions
Copy link
 #6

Updated by Anonymous almost 10 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions
Copy link
 #7

Updated by Dominic Cleal almost 10 years ago

  • Related to Bug #8949: Setting rename migration for {restrict_registered, require_ssl}_puppetmaster is actually a noop added
Actions
Copy link
 #8

Updated by Dominic Cleal almost 10 years ago

  • Related to Bug #8922: authorized_smart_proxy_features should not fail if not implemented added
Actions
Copy link
 #9

Updated by Stephen Benjamin almost 10 years ago

  • Related to Bug #8646: Foreman will refuse reports from proxies that are not Puppet/Chef proxies added
Actions
Copy link
 #10

Updated by Marek Hulán about 9 years ago

  • Related to Bug #11921: Features in controller authentication are not loaded correctly if you modify them from plugins added
Actions
Copy link

Also available in: Atom PDF