Project

General

Profile

User story #5627

Readonly API or otherwise restrictable API Accounts

Added by Florian Heigl about 4 years ago. Updated 5 months ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Suggestion strength:
User visibility:
Effort required:

Description

Hi,

currently it is possible to create different API Accounts for different tasks.
For outside interaction (other applications pulling data from rudder) the API works but not in all cases the accessing application should be permitted to do any changes in rudder.

Some way for this would be having accounts that are restricted to i.e. readonly accesses.


Subtasks

User story #11946: Interface to manage API account authorizationReleasedVincent MEMBRÉ
User story #11947: Add an interface to manage api account expiration dateRejected
Bug #12055: Admin user cannot create Rules with Rudder 4.3ReleasedNicolas CHARLES
User story #12111: Make fine-grained API authorization a pluginReleasedFrançois ARMAND

Related issues

Related to Rudder - User story #7893: [API] Expose all configuration options from the WebUI in the APIRejected
Related to API Authorizations - User story #13009: Documentation for API authorizations pluginReleased
Has duplicate Rudder - User story #5798: Different access levels for API keys / REST API authorizations and rightsRejected

Associated revisions

Revision 808526a5 (diff)
Added by François ARMAND 11 months ago

Fixes #5627: Readonly API or otherwise restrictable API Accounts

Revision f7d1caae (diff)
Added by François ARMAND 11 months ago

Fixes #5627: Readonly API or otherwise restrictable API Accounts

History

#1 Updated by François ARMAND about 4 years ago

Hello,

A clearly valid use case !

Some more thought on it:

- do you want more than just read/write authorization granularity ? For example, we may thing that some coniguration details are not at all public (port, passwords - even only hashes, etc)
- as a first workaround, one can configure Rudder Apache to only accept GET method on API url. As we really use verbs semantic, GET === read-only (write is done with PUT or POST).

#2 Updated by Benoît PECCATTE over 3 years ago

  • Category set to API
  • Target version set to Ideas (not version specific)

#3 Updated by François ARMAND over 2 years ago

  • Related to User story #5798: Different access levels for API keys / REST API authorizations and rights added

#4 Updated by François ARMAND about 1 year ago

  • Target version changed from Ideas (not version specific) to 4.3.0~beta1

#5 Updated by François ARMAND about 1 year ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND

#11 Updated by François ARMAND 12 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/1822

#12 Updated by Normation Quality Assistant 11 months ago

  • Assignee changed from Vincent MEMBRÉ to François ARMAND

#13 Updated by François ARMAND 11 months ago

  • Status changed from Pending technical review to Pending release

#14 Updated by Vincent MEMBRÉ 10 months ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 4.3.0~beta1 which was released today.

#15 Updated by François ARMAND 10 months ago

  • Related to deleted (User story #5798: Different access levels for API keys / REST API authorizations and rights)

#16 Updated by François ARMAND 10 months ago

  • Has duplicate User story #5798: Different access levels for API keys / REST API authorizations and rights added

#17 Updated by François ARMAND 10 months ago

  • Related to User story #7893: [API] Expose all configuration options from the WebUI in the API added

#18 Updated by François ARMAND 5 months ago

Also available in: Atom PDF