Project

General

Profile

User story #5627

Readonly API or otherwise restrictable API Accounts

Added by Florian Heigl over 5 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Suggestion strength:
User visibility:
Effort required:

Description

Hi,

currently it is possible to create different API Accounts for different tasks.
For outside interaction (other applications pulling data from rudder) the API works but not in all cases the accessing application should be permitted to do any changes in rudder.

Some way for this would be having accounts that are restricted to i.e. readonly accesses.


Subtasks

User story #11946: Interface to manage API account authorizationReleasedVincent MEMBRÉActions
User story #11947: Add an interface to manage api account expiration dateRejectedActions
Bug #12055: Admin user cannot create Rules with Rudder 4.3ReleasedNicolas CHARLESActions
User story #12111: Make fine-grained API authorization a pluginReleasedFrançois ARMANDActions

Related issues

Related to Rudder - User story #7893: [API] Expose all configuration options from the WebUI in the APIRejectedFrançois ARMANDActions
Related to API Authorizations - User story #13009: Documentation for API authorizations pluginReleasedFrançois ARMANDActions
Has duplicate Rudder - User story #5798: Different access levels for API keys / REST API authorizations and rightsRejectedActions
#1

Updated by François ARMAND over 5 years ago

Hello,

A clearly valid use case !

Some more thought on it:

- do you want more than just read/write authorization granularity ? For example, we may thing that some coniguration details are not at all public (port, passwords - even only hashes, etc)
- as a first workaround, one can configure Rudder Apache to only accept GET method on API url. As we really use verbs semantic, GET === read-only (write is done with PUT or POST).

#2

Updated by Benoît PECCATTE almost 5 years ago

  • Category set to API
  • Target version set to Ideas (not version specific)
#3

Updated by François ARMAND over 3 years ago

  • Related to User story #5798: Different access levels for API keys / REST API authorizations and rights added
#4

Updated by François ARMAND over 2 years ago

  • Target version changed from Ideas (not version specific) to 4.3.0~beta1
#5

Updated by François ARMAND over 2 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
#11

Updated by François ARMAND about 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1822
#12

Updated by Rudder Quality Assistant about 2 years ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND
#13

Updated by François ARMAND about 2 years ago

  • Status changed from Pending technical review to Pending release
#14

Updated by Vincent MEMBRÉ about 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.0~beta1 which was released today.

#15

Updated by François ARMAND about 2 years ago

  • Related to deleted (User story #5798: Different access levels for API keys / REST API authorizations and rights)
#16

Updated by François ARMAND about 2 years ago

  • Has duplicate User story #5798: Different access levels for API keys / REST API authorizations and rights added
#17

Updated by François ARMAND about 2 years ago

  • Related to User story #7893: [API] Expose all configuration options from the WebUI in the API added
#18

Updated by François ARMAND over 1 year ago

Also available in: Atom PDF