Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10436

Content Selector - Route Security - PyPI

    XMLWordPrintable

    Details

    • Type: Story
    • Status: Ready for Development
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: 3.0.0
    • Fix Version/s: None
    • Component/s: Content Selectors, PyPI, Security
    • Labels:
      None

      Description

      Acceptance

      • Publishing components to hosted repositories using HTTP POST to root of PyPi hosted repository (typical of PyPi tooling) are protected by "path" based content selectors matching against the final path name
      • Single-artifact routes (put, get) are protected by content selector privileges
      • If an asset request matches any content selector privileges, the user must have at least one of the associated permissions, or the request is disallowed with HTTP 403
      • Selectors can refer to the "Nexus 3.1 Parity" attributes listed in https://docs.sonatype.com/display/Nexus/Nexus+3+Component+Selector+Normalized+Attributes

      PyPi coordinates consist of:

      • coordinate.name
      • coordinate.version

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            ahabot Aha Bot
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Team:
            NXRM - Mad Max
            Votes:
            12 Vote for this issue
            Watchers:
            27 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title