{"id":28842732,"url":"https://github.com/pulp/pulp-access-controller","last_synced_at":"2025-10-11T18:39:23.925Z","repository":{"id":298354100,"uuid":"987777472","full_name":"pulp/pulp-access-controller","owner":"pulp","description":null,"archived":false,"fork":false,"pushed_at":"2025-10-08T00:20:35.000Z","size":68,"stargazers_count":0,"open_issues_count":4,"forks_count":0,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-10-08T02:36:23.819Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pulp.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-21T15:11:32.000Z","updated_at":"2025-09-26T14:45:33.000Z","dependencies_parsed_at":"2025-06-10T18:41:44.504Z","dependency_job_id":"5b442652-d1ae-41ca-a26e-49b490fd0552","html_url":"https://github.com/pulp/pulp-access-controller","commit_stats":null,"previous_names":["pulp/pulp-access-controller"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pulp/pulp-access-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-access-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-access-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-access-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-access-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pulp","download_url":"https://codeload.github.com/pulp/pulp-access-controller/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulp%2Fpulp-access-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279008290,"owners_count":26084431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-19T16:06:09.248Z","updated_at":"2025-10-11T18:39:23.920Z","avatar_url":"https://github.com/pulp.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pulp Access Controller\n\nA Kubernetes operator that automates the creation of secrets for accessing Red Hat Pulp services. Built using the [Kopf framework](https://github.com/nolar/kopf), this controller watches for `PulpAccessRequest` custom resources and automatically provisions the necessary authentication materials.\n\n## Overview\n\nThe Pulp Access Controller simplifies access management for Red Hat Pulp by automatically creating Kubernetes secrets containing:\n- `cli.toml` - Configuration file for pulp-cli with mTLS settings (always included)\n- `oauth-cli.toml` - Configuration file for pulp-cli with OAuth2 settings (when client credentials provided)\n- `tls.crt` - Custom TLS certificate in base64 encoding (when custom certificate provided)\n- `tls.key` - Custom TLS private key in base64 encoding (when custom key provided)\n- `client_id` - OAuth2 client ID in base64 encoding (when provided)\n- `client_secret` - OAuth2 client secret in base64 encoding (when provided)  \n- `domain` - Pulp domain name in base64 encoding (when provided)\n- Optional ImageRepository resources for Quay.io OCI backend integration\n\n## Features\n\n### **Multiple Authentication Methods**\n- **mTLS Authentication**: Support for mutual TLS using custom certificates\n- **OAuth2 Authentication**: Client credentials flow for API access\n- **Flexible Configuration**: Mix and match authentication methods as needed\n\n### **Automated Resource Management**\n- **Domain Creation**: Automatically create Pulp domains via API\n- **Quay Integration**: Optional OCI storage backend configuration with Quay.io\n- **Secret Generation**: Automated Kubernetes secret creation with proper encoding\n\n### **Easy Configuration**\n- **Custom Certificates**: Bring your own TLS certificates and keys\n- **CLI Ready**: Pre-configured `pulp-cli` configuration files included\n- **Kubernetes Native**: Fully integrated with Kubernetes RBAC and lifecycle management\n\n## Usage\n\n### Basic Usage\n\nCreate a `PulpAccessRequest` to generate authentication secrets:\n\n```yaml\napiVersion: pulp.konflux-ci.dev/v1alpha1\nkind: PulpAccessRequest\nmetadata:\n  name: my-pulp-access\n  namespace: my-namespace\nspec:\n  # OAuth2 credentials (optional)\n  client_id: \"my-client-id\"\n  client_secret: \"my-client-secret\"\n  \n  # Domain management (optional)\n  domain: \"my-pulp-domain\"\n  \n  # Custom TLS certificate and key (optional)\n  cert: |\n    -----BEGIN CERTIFICATE-----\n    ... your certificate content ...\n    -----END CERTIFICATE-----\n  key: |\n    -----BEGIN PRIVATE KEY-----\n    ... your private key content ...\n    -----END PRIVATE KEY-----\n```\n\n### Pulp with Quay Backend\n\nIf you want Pulp to use Quay.io as storage backend:\n\n```yaml\napiVersion: pulp.konflux-ci.dev/v1alpha1\nkind: PulpAccessRequest\nmetadata:\n  name: pulp-with-quay-backend\n  namespace: my-namespace\nspec:\n  client_id: \"my-oauth-client\"\n  client_secret: \"my-oauth-secret\"\n  domain: \"production-domain\"\n  use_quay_backend: true\n  cert: |\n    -----BEGIN CERTIFICATE-----\n    ... certificate for mTLS ...\n    -----END CERTIFICATE-----\n  key: |\n    -----BEGIN PRIVATE KEY-----\n    ... private key for mTLS ...\n    -----END PRIVATE KEY-----\n```\n\n## Generated Secret Structure\n\nThe controller creates a secret named `pulp-access` containing:\n\n| Key | Description | When Included |\n|-----|-------------|---------------|\n| `cli.toml` | mTLS configuration for pulp-cli | Always |\n| `oauth-cli.toml` | OAuth2 configuration for pulp-cli | When client credentials provided |\n| `tls.crt` | TLS certificate | When custom certificate provided |\n| `tls.key` | TLS private key | When custom key provided |\n| `client_id` | OAuth2 client ID | When provided in spec |\n| `client_secret` | OAuth2 client secret | When provided in spec |\n| `domain` | Pulp domain name | When provided in spec |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulp-access-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpulp%2Fpulp-access-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulp%2Fpulp-access-controller/lists"}