Project

General

Profile

Actions

User story #5627

closed

Readonly API or otherwise restrictable API Accounts

Added by Florian Heigl about 10 years ago. Updated over 6 years ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Hi,

currently it is possible to create different API Accounts for different tasks.
For outside interaction (other applications pulling data from rudder) the API works but not in all cases the accessing application should be permitted to do any changes in rudder.

Some way for this would be having accounts that are restricted to i.e. readonly accesses.


Subtasks 4 (0 open4 closed)

User story #11946: Interface to manage API account authorizationReleasedVincent MEMBRÉActions
User story #11947: Add an interface to manage api account expiration dateRejectedActions
Bug #12055: Admin user cannot create Rules with Rudder 4.3ReleasedNicolas CHARLESActions
User story #12111: Make fine-grained API authorization a pluginReleasedFrançois ARMANDActions

Related issues 3 (0 open3 closed)

Related to Rudder - User story #7893: [API] Expose all configuration options from the WebUI in the APIRejectedFrançois ARMANDActions
Related to API authorizations - User story #13009: Documentation for API authorizations pluginReleasedFrançois ARMANDActions
Has duplicate Rudder - User story #5798: Different access levels for API keys / REST API authorizations and rightsRejectedActions
Actions #1

Updated by François ARMAND about 10 years ago

Hello,

A clearly valid use case !

Some more thought on it:

- do you want more than just read/write authorization granularity ? For example, we may thing that some coniguration details are not at all public (port, passwords - even only hashes, etc)
- as a first workaround, one can configure Rudder Apache to only accept GET method on API url. As we really use verbs semantic, GET === read-only (write is done with PUT or POST).

Actions #2

Updated by Benoît PECCATTE over 9 years ago

  • Category set to API
  • Target version set to Ideas (not version specific)
Actions #3

Updated by François ARMAND over 8 years ago

  • Related to User story #5798: Different access levels for API keys / REST API authorizations and rights added
Actions #4

Updated by François ARMAND about 7 years ago

  • Target version changed from Ideas (not version specific) to 4.3.0~beta1
Actions #5

Updated by François ARMAND about 7 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #11

Updated by François ARMAND almost 7 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1822
Actions #12

Updated by Rudder Quality Assistant almost 7 years ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
Actions #13

Updated by François ARMAND almost 7 years ago

  • Status changed from Pending technical review to Pending release
Actions #14

Updated by Vincent MEMBRÉ almost 7 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.0~beta1 which was released today.

Actions #15

Updated by François ARMAND almost 7 years ago

  • Related to deleted (User story #5798: Different access levels for API keys / REST API authorizations and rights)
Actions #16

Updated by François ARMAND almost 7 years ago

  • Has duplicate User story #5798: Different access levels for API keys / REST API authorizations and rights added
Actions #17

Updated by François ARMAND almost 7 years ago

  • Related to User story #7893: [API] Expose all configuration options from the WebUI in the API added
Actions #18

Updated by François ARMAND over 6 years ago

Actions

Also available in: Atom PDF