Architecture #6708
closedExpose Allowed networks for policy server via API
Description
Please allow modification of policy server's Allowed network over API.
This would be required for automated provisioning of Systems when a new IP network is opened for Maschines.
Updated by Matthieu CERDA over 9 years ago
- Assignee set to François ARMAND
- Priority changed from N/A to 3
- Target version set to Ideas (not version specific)
Thanks !
Giving this to FAR too :)
Updated by François ARMAND over 9 years ago
@Janos Matya: you are of course right. But we wanted to have at least a basic authorisation model in place on API before completly opening the administration part of Rudder to them, as described in http://www.rudder-project.org/redmine/issues/5798
But clearly, these are the two (authz & admin management) big missing part in API.
Updated by Janos Mattyasovszky over 9 years ago
Editing the allowed networks is not a bigger security risk then deleting all nodes from rudder after creating a new rule that trashes all servers by dd'ing out all disks, and these can already be done by API calls :)
Updated by François ARMAND almost 9 years ago
Well, if we had authz, we wouldn't have that problem :)
But agreed, that's more security theatre than anything else at that point.
Updated by François ARMAND almost 7 years ago
- Assignee deleted (
François ARMAND)
Updated by Alexis Mousset over 4 years ago
- Status changed from New to Resolved
Done in 6.0 (finally!)