Bug #3766: It is impossible to know who has created or removed an API account for Rudder - Rudder - Issue Tracker

Actions

Bug #3766

closed

It is impossible to know who has created or removed an API account for Rudder

Added by Nicolas PERRON over 10 years ago. Updated over 10 years ago.

Status:

Released

Priority:

1

Assignee:

Jonathan CLARKE

Category:

Web - Maintenance

Target version:

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

Fix check:

Regression:

Description

An API account is like an admin one since it has many rights on the application but there is no log about its creation or removal in the event log.
In this situation, it could be possible to create an API account to destroy all the configuration or do something harmful, remove the API account without knowing who where behind. In my opinion, we should at least know who created and removed any API account.

Related issues 1 (0 open — 1 closed)

Actions

#1

Updated by Nicolas PERRON over 10 years ago

Assignee set to François ARMAND

Actions

#2

Updated by Nicolas PERRON over 10 years ago

Tracker changed from Bug to User story

Actions

#3

Updated by Nicolas PERRON over 10 years ago

Target version changed from 2.7.0~beta1 to 2.7.0~rc1

Actions

#4

Updated by François ARMAND over 10 years ago

Assignee deleted (~~François ARMAND~~)

Actions

#5

Updated by Jonathan CLARKE over 10 years ago

Tracker changed from User story to Bug
Status changed from New to 8
Assignee set to Nicolas CHARLES

I absolutely agree, this is really a problem. And this is a bug, not a user story - no changes should be possible in Rudder without event logs.

Actions

#6

Updated by Jonathan CLARKE over 10 years ago

Priority changed from N/A to 1

Actions

#7

Updated by Nicolas CHARLES over 10 years ago

Status changed from 8 to In progress

i'm on it

Actions

#8

Updated by Nicolas CHARLES over 10 years ago

Status changed from In progress to 8

Actions

#9

Updated by Nicolas CHARLES over 10 years ago

Status changed from 8 to In progress

Actions

#10

Updated by Nicolas CHARLES over 10 years ago

Status changed from In progress to Pending technical review
Assignee changed from Nicolas CHARLES to Jonathan CLARKE
% Done changed from 0 to 100
Pull Request set to https://github.com/Normation/rudder/pull/282

Actions

#11

Updated by Nicolas CHARLES over 10 years ago

Pull Request changed from https://github.com/Normation/rudder/pull/282 to https://github.com/Normation/rudder/pull/283

PR is here
https://github.com/Normation/rudder/pull/283

Actions

#12

Updated by Nicolas CHARLES over 10 years ago

Status changed from Pending technical review to Pending release

Applied in changeset 5e46ef6e15d2888ec4010ea4b36f75632eadf68e.

Actions

#13

Updated by Jonathan CLARKE over 10 years ago

Status changed from Pending release to Released

This bug has been fixed in Rudder 2.7.0~rc1, which was released today.

Check out:

The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2013-July/000038.html
The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog27
Download information: http://www.rudder-project.org/foswiki/Download/

Actions

Also available in: Atom PDF