Closed eukaryote closed 9 years ago
Could you try adding your username to acl_upload? I'm pretty sure it's a bug for the push command in devpi-server, it seems like it's checking the username directly instead of the general permissions.
I just got in to work and verified that the push does work when the username is included, as you suspected.
Thanks so much for making that pull request, and so quickly too! I'll check out the source from bitbucket and apply the pull request to verify there are no other issues.
Confirming that it does work using the ':developer' group perm in acl_upload when pushing.
Thanks again for the fix and for this really great software!
Fixed in devpi-server 2.1.5.
I'm using the latest devpi and devpi-ldap at pypi as of a few days ago, and have devpi-ldap configured correctly, I believe. I'm able to run devpi-ldap and authenticate, and I do see the correct groups in the output that comes from LDAP in the response.
I created a user account for myself after logging in using my ldap credentials, and then created an index as that user, but when I try to push from my personal index to an index that the root user owns, I get the following:
I don't see any extra information in the logs with --debug enabled, and the 'root/dev' is one that specifies:
When I authenticate using the devpi-ldap script, it shows that I'm in the 'developer' group, which as I understand things should allow me to be able to push to the '/root/dev' index, given that acl_upload is 'root' or ':developer'.
Am I overlooking anything or should this should be working for me? Is there any way for me to check what groups devpi thinks I belong to apart from the devpi-ldap script, which does show me being in the 'developer' group, or anything I can try?
I am starting two instances of devpi-server on different hosts with
--ldap-config /abs/path/to/devpi-ldap.yml --restrict-modify root,:developer
on both (one is configured as master, one as replica), and everything else appears to be working fine. I can upload directly to the index that doesn't allow me to push to it when logged in as the same user, so it seems that the acl_upload is being obeyed for uploads but not for pushing between indexes.