SUMMARY

Communication to the Pulp API is currently only possible via http/https[1] - one might have the Pulp API listening only on unix domain socket (security reasons, performance reasons, portability reasons) - And this should be considered a valid use case.

While this wasn't an issue until this restriction[2] was introduced, now when using a UDS whenever galaxy tries to reach for the Pulp API a 403 is being returned. Example is getting access to the import log.

Logs:

GET /pulp_ansible/galaxy/automation-hub/api/v3/imports/collections/866ec93d-f5df-432a-a44d-d551731b930d/ HTTP/1.1" 403 153 "-" "OpenAPI-Generator/1.0.0/python"

The query here would be to allow for configuration.host to be set to something like unix:/var/run/pulpcore-api/pulpcore-api.sock and for galaxy ng to be able to properly handle that and pass it on - in which case the restriction introduced in commit[1] won't have effect no more and won't be blocking

[1] https://github.com/ansible/galaxy_ng/blob/master/galaxy_ng/app/common/pulp.py#L7-L11
[2] 4325d65

STEPS TO REPRODUCE

Deploy pulp api to listen on Unix Domain Socket (UDS)
Deploy galaxy ng

EXPECTED RESULTS

Everything to operate as normal

ACTUAL RESULTS

403 Forbidden on calls to the pulp api directly (via the reverse proxy)