17 Apr 2024 |
dralley | https://github.com/pulp/pulp_rpm/issues/3285 | 17:38:58 |
dkliban | dralley: thank you very much | 17:45:08 |
18 Apr 2024 |
hyagi | Hi team,
can someone help me with: https://discourse.pulpproject.org/t/error-with-pulp-operator-in-openshift/1156/15 ?
I guess the database was corrupt and after recovery some artifacts are missing | 15:18:18 |
dkliban | looks like discourse is not working | 15:19:31 |
dkliban | i pinged the discourse admins | 15:20:34 |
dkliban | yeah ... it seems like his database crashed and is now corrupted | 15:34:15 |
hyagi | Thank you!
I'll suggest the user to check https://wiki.postgresql.org/wiki/Corruption (when discourse get back) | 17:31:42 |
dkliban | hyagi: i was planning to comment with a suggestion to forget about this database and start with a fresh one and give it some more resources. | 17:41:44 |
hyagi | oh... ok, your idea seems to be better | 17:42:32 |
hyagi | * dkliban: oh... ok, your idea seems to be better | 17:42:45 |
dkliban | it's frustrating the discourse is still not working | 17:43:13 |
22 Apr 2024 |
| francisco joined the room. | 14:30:07 |
| francisco | 14:32:34 |
francisco | Is it possible to use pulp with an OAuth or SAML identity provider? My company is using Authentik. | 14:39:44 |
bmbouter | Having oauth support is something we want to do and something we think we are somewhat close to having | 19:02:44 |
dkliban | We are working on adding OAuth support. | 19:43:38 |
dkliban | We recently added the ability for an administrator to add a new security scheme to the OpenAPI schema that Pulp advertises. We are now working on adding support to pulp-cli to use that OpenAPI schema to introspect as to where a client_id and client_secret can be used to obtain a token that can be used to make the request to Pulp. | 19:45:40 |
dkliban | However, we are relying on a gateway/reverse proxy in front of Pulp to validate the token and add a header to the request that will tell Pulp the username of the user making the request | 19:46:42 |
dkliban | the gateway is expected to add a header to the request that Pulp can introspect | 19:49:28 |
dkliban | https://staging-docs.pulpproject.org/pulpcore/docs/admin/guides/authentication/05-json_header/#json-header-authentication | 19:49:29 |
dkliban | francisco: does this kind of workflow make sense for your use case? | 19:49:52 |
23 Apr 2024 |
francisco | So is the gateway/reverse proxy something the user provides, or that pulp already implements? | 06:12:03 |
x9c4 | https://www.nginx.com/blog/validating-oauth-2-0-access-tokens-nginx/ <- This kind of workflow should be supported with the RemoteAuthentication feature. | 07:06:50 |
dkliban | The user provides. | 12:26:11 |
x9c4 | Depends. The reverse proxy is running in the single container, and the operator has an nginx resource also. | 13:59:12 |
x9c4 | You can obviously reverse proxy the reverse proxy again... | 13:59:58 |
dkliban | that is true | 14:00:09 |
dkliban | thank you for that clarification x9c4 | 14:00:34 |
lmjachky | All plugin writers are encouraged to run the CI update job on their respective repositories if ci_update_docs: true is set in template_config.yml.
We fixed a CI issue that caused the docs runner to fail. See https://github.com/pulp/plugin_template/pull/859.
| 15:17:01 |
ggainey | the core PRs are merged - I'm'a re-run the nightly-ci job and see how it goes, I expect green :) | 15:30:32 |