Hide Forgot
Description of problem: I am pasting the irc conversation as I am not sure what exactly the issue is <jdob> preethi: wow this is weird, did you do anything different to set the auth on it? <jdob> differetn from f14 I mean <jdob> hrm, ok, so its not applying auth cause its not listed in the protected repos file, but I need to figure out what you did that its not there <jdob> preethi: was auth set on that repo with repo update after the fact? <preethi> jdob, yes <jdob> but for f14 it was set at creation? <preethi> hmm thinking. I did for both at creation. then removed <preethi> just did for f14 <preethi> and then later on added f13 i think <preethi> i can't be quite sure though on the exact sequence <jdob> ah ha, I think I see what the issue is <jdob> jeez, you really had to have the moons align for this <jdob> preethi: file a bug please
commit d798f37a16d76319ab0e38424316fe024c8c9ccf tree e53c3e91d09af1a2f1adfd9aaafdbaf2a0c1e595 695483 - Need to pass in an empty bundle to trigger the files getting deleted on the server. src/pulp/client/core/repo.py Ok, here's what happened. When passing --remove_consumer_cert, the CLI was incorrectly doing the remove call. It wasn't passing in an empty bundle but rather just None. On the server, it expects an empty bundle and uses that bundle as the driver to cause the repo certs to be deleted. Since the bundle wasn't there, the certs weren't deleted. That's why /etc/pki/content/f13 still had certs in it. We'll come back to that later. What was successful on the server was removing the entry from pulp-protected-repos for f13. That means pulp's auth didn't think it was protected and didn't bother applying any validation. Hence, you got through. Getting back to the certs still existing in /etc/pki/content/f13, that's what the "Consumer Certs: Yes" used to determine if auth was enabled. So that's why it reported consumer auth was active even though it wasn't listed in pulp-protected-repos. So, to reproduce: - Configure a repo with individual auth. - Verify it's protected. - Remove the auth with --remove_consumer_cert - Verify it's unprotected. - Re-add the auth with repo update. - Verify it's protected.
Fixed in build 0.163.
verified [root@pulp-f15 ~]# rpm -q pulp pulp-0.0.229-1.fc15.noarch [root@pulp-f15 ~]# pulp-admin -u admin -p admin repo create --id=pulp --feed=http://repos.fedorapeople.org/repos/pulp/pulp/fedora-14/x86_64/ --consumer_ca=/root/certs/ca1.crt --consumer_cert=/root/certs/pulp-f14.crt --consumer_key=/root/certs/ca1.key Successfully created repository [ pulp ] [root@pulp-f15 ~]# pulp-admin repo list +------------------------------------------+ List of Available Repositories +------------------------------------------+ Id pulp Name pulp Feed URL http://repos.fedorapeople.org/repos/pulp/pulp/fedora-14/x86_64/ Feed Type remote Content Type yum Feed Certs CA:No Cert:No Consumer Certs CA:Yes Cert:Yes Architecture noarch Sync Schedule None Packages 0 Files 0 Distributions None Publish True Clones [] Groups None Filters [] Notes {} [root@pulp-f15 ~]# pulp-admin repo update --id=pulp --remove_consumer_cert Successfully updated repository [ pulp ] [root@pulp-f15 ~]# pulp-admin repo list +------------------------------------------+ List of Available Repositories +------------------------------------------+ Id pulp Name pulp Feed URL http://repos.fedorapeople.org/repos/pulp/pulp/fedora-14/x86_64/ Feed Type remote Content Type yum Feed Certs CA:No Cert:No Consumer Certs CA:No Cert:No Architecture noarch Sync Schedule None Packages 0 Files 0 Distributions None Publish True Clones [] Groups None Filters [] Notes {} [root@pulp-f15 ~]# pulp-admin -u admin -p admin repo update --id=pulp --consumer_ca=/root/certs/ca1.crt --consumer_cert=/root/certs/pulp-f14.crt --consumer_key=/root/certs/ca1.key Successfully updated repository [ pulp ] [root@pulp-f15 ~]# pulp-admin repo list +------------------------------------------+ List of Available Repositories +------------------------------------------+ Id pulp Name pulp Feed URL http://repos.fedorapeople.org/repos/pulp/pulp/fedora-14/x86_64/ Feed Type remote Content Type yum Feed Certs CA:No Cert:No Consumer Certs CA:Yes Cert:Yes Architecture noarch Sync Schedule None Packages 0 Files 0 Distributions None Publish True Clones [] Groups None Filters [] Notes {} [root@pulp-f15 ~]# pulp-admin -u admin -p admin repo update --id=pulp --consumer_ca=/root/certs/ca1.crt --consumer_cert=/root/certs/pulp-f14.crt --consumer_key=/root/certs/ca1.key Successfully updated repository [ pulp ] [root@pulp-f15 ~]# cat /etc/pki/content/pulp-protected-repos repos/pulp/pulp/fedora-14/x86_64,pulp [root@pulp-f15 ~]# [root@pulp-f15 ~]# [root@pulp-f15 ~]# [root@pulp-f15 ~]# pulp-admin repo update --id=pulp --remove_consumer_certSuccessfully updated repository [ pulp ] [root@pulp-f15 ~]# cat /etc/pki/content/pulp-protected-repos [root@pulp-f15 ~]# pulp-admin -u admin -p admin repo update --id=pulp --consumer_ca=/root/certs/ca1.crt --consumer_cert=/root/certs/pulp-f14.crt --consumer_key=/root/certs/ca1.key Successfully updated repository [ pulp ] [root@pulp-f15 ~]# cat /etc/pki/content/pulp-protected-repos repos/pulp/pulp/fedora-14/x86_64,pulp
Pulp v1.0 is released Closed Current Release.