From 571bcba7823e9f74fcd7e87d9358c8089e6e5ef8 Mon Sep 17 00:00:00 2001
From: Richard Collins <rbcollins@gmail.com>
Date: Wed, 14 Aug 2024 12:33:14 -0400
Subject: [PATCH] Document an example adding RBACContentGuard to prevent
 unauthenticated download of index content

[noissue]
---
 docs/admin/guides/rbac.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/admin/guides/rbac.md b/docs/admin/guides/rbac.md
index 4d07de6a..fe48a5e9 100644
--- a/docs/admin/guides/rbac.md
+++ b/docs/admin/guides/rbac.md
@@ -54,6 +54,22 @@ protect who can download Python content then do so by adding a content guard to
 pulp python distribution update --name foo --content-guard $CONTENT_GUARD_HREF_OR_NAME
 ```
 
+Example pulp-cli workflow to add RBAC-based access to download from the index:
+
+```bash
+pulp content-guard rbac create --name foo-guard
+pulp content-guard rbac assign --name foo-guard --user user1 --user user2 --group group1 --group group2
+CG_HREF=$(pulp content-guard rbac list --name foo-guard | jq -r ".[0].pulp_href")
+pulp python distribution update --name foo --content-guard $CG_HREF
+```
+
+Links for using basic auth with various python package tools to pass the 
+new RBACContentGuard:
+- [pip](https://pip.pypa.io/en/stable/topics/authentication/)
+- [poetry](https://python-poetry.org/docs/repositories/#private-repository-example)
+- [pipenv](https://pipenv.pypa.io/en/latest/credentials.html)
+- [pdm](https://pdm-project.org/en/latest/usage/config/#store-credentials-with-the-index)
+
 !!! warning
     The PyPI access policies do not support `creation_hooks` or `queryset_scoping`.