RBAC Proof of Content -- Implementation

# RBAC Proof of Content -- Implementation ###### tags: `RBAC` ## Users 3 users in the system: Alice, Bob, and Eve username = password export ALICE='Authorization: Basic YWxpY2U6YWxpY2U=' export BOB='Authorization: Basic Ym9iOmJvYg==' export EVE='Authorization: Basic ZXZlOmV2ZQ==' ## Groups fileGlobalAdmin - The group that can manage all file Remotes and Repository Content no matter what ## Permissions Added by the Admin This is done through the django-admin UI. * Added Alice as a member of the fileGlobalAdmin group * Grant the following permissions to Bob at the user level * file | file remote | Can add a file remote * file | file repository | Can add a file repository ## Alice's operations As a fileGlobalAdmin Alice can do anything: Alice uses: 'Authorization: Basic YWxpY2U6YWxpY2U=' #### List remotes: http localhost/pulp/api/v3/remotes/file/file/ 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Create a remote: http POST localhost/pulp/api/v3/remotes/file/file/ name="alice's remote" url='https://fixtures.pulpproject.org/file/PULP_MANIFEST' 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Retrieve a remote: http localhost/pulp/api/v3/remotes/file/file/1a6aa7f4-f03c-4bc7-a632-68d80a26063a/ 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Patch a remote: http PATCH localhost/pulp/api/v3/remotes/file/file/48f8e321-41f4-400c-a691-e72349541b06/ name="alice's remote modified" 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Delete a remote: http DELETE localhost/pulp/api/v3/remotes/file/file/48f8e321-41f4-400c-a691-e72349541b06/ 'Authorization: Basic YWxpY2U6YWxpY2U=' #### List Repositories http localhost/pulp/api/v3/repositories/file/file/ 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Create a Repository http POST localhost/pulp/api/v3/repositories/file/file/ name="alice's repo" 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Patch a Repository http PATCH localhost/pulp/api/v3/repsitories/file/file/48f8e321-41f4-400c-a691-e72349541b06/ name="alice's repo modified" 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Delete a Repository http DELETE localhost/pulp/api/v3/repositories/file/file/48f8e321-41f4-400c-a691-e72349541b06/ 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Sync a Repository export REMOTE_HREF='' export REPO_HREF='' http POST localhost$REPO_HREF'sync/' remote=$REMOTE_HREF mirror=False 'Authorization: Basic YWxpY2U6YWxpY2U=' #### Modify a Repository export REPO_HREF='' http POST localhost$REPO_HREF'modify/' 'Authorization: Basic YWxpY2U6YWxpY2U=' ## Bob's operations Bob can create a new remote because he has "Can add a file remote" as a user level permission Bob uses: 'Authorization: Basic Ym9iOmJvYg==' #### List remotes: http localhost/pulp/api/v3/remotes/file/file/ 'Authorization: Basic Ym9iOmJvYg==' #### Create a remote: http POST localhost/pulp/api/v3/remotes/file/file/ name="bob's remote" url='https://fixtures.pulpproject.org/file/PULP_MANIFEST' 'Authorization: Basic Ym9iOmJvYg==' #### Retrieve a remote: http localhost/pulp/api/v3/remotes/file/file/1a6aa7f4-f03c-4bc7-a632-68d80a26063a/ 'Authorization: Basic Ym9iOmJvYg==' #### Patch a remote: http PATCH localhost/pulp/api/v3/remotes/file/file/48f8e321-41f4-400c-a691-e72349541b06/ name="bob's remote modified" 'Authorization: Basic Ym9iOmJvYg==' #### Delete a remote: http DELETE localhost/pulp/api/v3/remotes/file/file/48f8e321-41f4-400c-a691-e72349541b06/ 'Authorization: Basic Ym9iOmJvYg==' #### List Repositories http localhost/pulp/api/v3/repositories/file/file/ 'Authorization: Basic Ym9iOmJvYg==' #### Create a Repository http POST localhost/pulp/api/v3/repositories/file/file/ name="bob's repo" 'Authorization: Basic Ym9iOmJvYg==' #### Patch a Repository http PATCH localhost/pulp/api/v3/repsitories/file/file/48f8e321-41f4-400c-a691-e72349541b06/ name="bob's repo modified" 'Authorization: Basic Ym9iOmJvYg==' #### Delete a Repository http DELETE localhost/pulp/api/v3/repositories/file/file/48f8e321-41f4-400c-a691-e72349541b06/ 'Authorization: Basic Ym9iOmJvYg==' #### Sync a Repository export REMOTE_HREF='' export REPO_HREF='' http POST localhost$REPO_HREF'sync/' remote=$REMOTE_HREF mirror=False 'Authorization: Basic Ym9iOmJvYg==' #### Modify a Repository export REPO_HREF='' http POST localhost$REPO_HREF'modify/' 'Authorization: Basic Ym9iOmJvYg==' ## Eve's operations None Eve uses: 'Authorization: Basic ZXZlOmV2ZQ=='