Architecture #4174
closedDeprecate API v1
Description
We want to get rid of API v1, as it is not a good thing from a security point of view.
Before being able to deprecate it, we need to
- list all of there current use cases
- port functionality to API v2,
- find workaround or usage evolution for past use case not cover at identity.
That last point is important, especially if a feature relies one the non-authenticated aspect of API
To remember purpose, API v1 covers:
- api/status
- api/deploy/reload
- api/dyngroup/reload
- api/techniqueLibrary/reload
- api/archives/{list, archive, restore, zip}/...
A quick search raise the following usage in our code base:
- in Techniques
- initial-promises and system technique "distributePolicy", in aliveCheck.cf => "sites_to_check": /api/status
- system technique "distributePolicy", techniqueReload.st => root_technique_reload_rest_url: /api/techniqueLibrary/reload
- some tools look for Rudder status with "curl -s http://localhost/rudder/api/status"
So, before trying to decide what to do, do I miss other usage ?
Matthieu, assigned to you so that you see it, but it's just because I feel that the main usage of these API v1 may be in tooling around Rudder and Techniques... So as soon as you don't see any other usage, please pass the token to other (NicoP, NicoC, etc) so that they can react.
Updated by Vincent MEMBRÉ about 11 years ago
why not having a "default" api account that can only access to /api/status and /technique/reload, having a fixed token?
Updated by François ARMAND about 11 years ago
How did you imagine that ?
I see at least two problem to overtake with that solution: the first is because we don't have authorization by API.
The second is: because having a default token-name with a fixed token is like having no authentication at all - and so, well, it's simpler to just kept the current situation.
Updated by Vincent MEMBRÉ about 11 years ago
- Target version changed from 2.9.0~rc1 to 2.9.0~rc2
This won't be done for beta1
Updated by Vincent MEMBRÉ about 11 years ago
- Target version changed from 2.9.0~rc2 to 2.9.0
Delayed to 2.9 finale release
Updated by François ARMAND almost 11 years ago
- Assignee changed from Matthieu CERDA to Nicolas CHARLES
- Target version changed from 2.9.0 to 2.10.0~beta1
Updated by Nicolas CHARLES almost 11 years ago
And we also have rewrite in the apache configuration
The technique reload is necessary after upgrade, and used by touching a file on the FS, and then promises checking this files existance, and curling the API
The site status is only for checking site availability, and restarting various part in case of failure
How could we replace these calls ?
Updated by François ARMAND almost 11 years ago
I feels like the status URL could be kept. It has zero impact (no read nowhere, no update, nothing), just handling a URL, so nothing more than the login page. And if that one does not follow standard API naming (and can be called without authz token), that seems to be OK.
For technique reloading, it seems that we could have it in the standard API. But in that case, it means that local script need to have a token (not sur it is already the case).
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.10.0~beta1 to 2.10.0
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.10.0 to 2.11.0~beta1
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.11.0~beta1 to 140
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 140 to 3.0.0~beta1
Updated by Jonathan CLARKE about 10 years ago
- Target version changed from 3.0.0~beta1 to 3.1.0~beta1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~rc1 to 3.1.0
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0 to 3.1.1
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.1 to 3.1.2
Updated by Jonathan CLARKE over 9 years ago
- Target version changed from 3.1.2 to 3.2.0~beta1
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 3.2.0~beta1 to 3.2.0~rc1
Updated by Benoît PECCATTE almost 9 years ago
- Target version changed from 3.2.0~rc1 to 3.2.0~rc2
Updated by Benoît PECCATTE almost 9 years ago
- Target version changed from 3.2.0~rc2 to 3.2.0
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.0 to 3.2.1
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.2.1 to 3.2.2
Updated by Alexis Mousset almost 9 years ago
- Target version changed from 3.2.2 to 4.0.0~rc2
Updated by François ARMAND about 8 years ago
Again missed the line. But 4.1 will have a focus on API !
Updated by François ARMAND about 8 years ago
- Target version changed from 4.0.0~rc2 to 4.1.0~beta1
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta1 to 4.1.0~beta2
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta2 to 4.1.0~beta3
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 4.1.0~beta3 to 4.1.0~rc1
Updated by François ARMAND almost 8 years ago
- Target version changed from 4.1.0~rc1 to 4.2.0~beta1
Updated by Benoît PECCATTE almost 8 years ago
- Subject changed from Deprecated API v1 to Deprecate API v1
- Description updated (diff)
Updated by Alexis Mousset over 7 years ago
- Target version changed from 4.2.0~beta1 to 4.2.0~beta2
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~beta2 to 4.2.0~beta3
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~beta3 to 4.2.0~rc1
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~rc1 to 4.2.0~rc2
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 4.2.0~rc2 to 4.2.0
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.0 to 4.2.1
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.1 to 4.2.2
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.2 to 4.2.3
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.2.3 to 4.2.4
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 4.2.4 to 4.2.5
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.2.5 to 4.2.6
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.2.6 to 4.2.7
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.2.7 to 414
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 414 to 5.0.0~beta1
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 5.0.0~beta1 to 5.0.0~beta2
Updated by Vincent MEMBRÉ over 6 years ago
- Related to User story #12516: Create system Rest API to replace V1 API added
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 5.0.0~beta2 to 5.0.0~rc1
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 5.0.0~rc1 to 5.0.0
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 5.0.0 to 5.0.1
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 5.0.1 to 5.0.2
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 5.0.2 to 5.0.3
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 5.0.3 to 5.0.4
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 5.0.4 to 5.0.5
Updated by Alexis Mousset almost 6 years ago
- Target version changed from 5.0.5 to 5.0.6
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 5.0.6 to 5.0.7
Updated by François ARMAND almost 6 years ago
- Target version changed from 5.0.7 to 5.0.9
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.9 to 5.0.10
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.10 to 5.0.11
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.11 to 5.0.12
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.12 to 5.0.13
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.13 to 5.0.14
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.14 to 5.0.15
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.15 to 5.0.16
Updated by Alexis Mousset almost 5 years ago
- Target version changed from 5.0.16 to 5.0.17
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 5.0.17 to 5.0.18
Updated by Benoît PECCATTE over 4 years ago
- Target version changed from 5.0.18 to 6.2.0~beta1
Updated by François ARMAND about 4 years ago
- Related to Bug #18511: Remove API v1 endpoints added