# Multi-tenancy ###### tags: `PulpCon 2020` ## Agenda Even with RBAC, Pulp is not multi-user safe in two ways: ## Problem 1 -- Content isn't safe User Alice creates some secret content that contains special GPG keys in an RPM and uploads it to Pulp. User Eve falsifies an RPM of the same NEVRA and uploads it to Pulp Now Eve has Alice's secret keys in a package in her. The same content can play out for say Red Hat EL content existing on a system where not all users are subscribers. ## Problem 2 -- Object natural key uniqueness User Alice creates a repo named 'centos8' User Eve wants to create a repo named 'centos8' but cannot because "it's already taken". Now imagine, there are hundreds or thousands of users, this could get old fast. This is less of a safety concern but a pretty annoying problem for multi-user pulp systems just the same. * Actually, Eve being able to find out the names Alice used for their repos **is** a security concern ## General Solution: Isolate objects and content ### The Django approach: sites framework https://docs.djangoproject.com/en/3.1/ref/contrib/sites/ ### The Postgresql approach: Row Level Security (RLS) https://pganalyze.com/blog/postgres-row-level-security-django-python ### Discussion * How do we expose user/tenant values in URLs/attributes in ways that are most-useful to users? * Discussion about paths and uniqueness and artifacts