Architecture #6708
closed
Expose Allowed networks for policy server via API
Description
Please allow modification of policy server's Allowed network over API.
This would be required for automated provisioning of Systems when a new IP network is opened for Maschines.
Updated by Matthieu CERDA over 9 years ago
- Assignee set to François ARMAND
- Priority changed from N/A to 3
- Target version set to Ideas (not version specific)
Thanks !
Giving this to FAR too :)
Updated by François ARMAND over 9 years ago
@Janos Matya: you are of course right. But we wanted to have at least a basic authorisation model in place on API before completly opening the administration part of Rudder to them, as described in http://www.rudder-project.org/redmine/issues/5798
But clearly, these are the two (authz & admin management) big missing part in API.
Updated by Janos Mattyasovszky over 9 years ago
Editing the allowed networks is not a bigger security risk then deleting all nodes from rudder after creating a new rule that trashes all servers by dd'ing out all disks, and these can already be done by API calls :)
Updated by François ARMAND over 8 years ago
Well, if we had authz, we wouldn't have that problem :)
But agreed, that's more security theatre than anything else at that point.
Updated by François ARMAND almost 7 years ago
- Assignee deleted (
François ARMAND)
Updated by Alexis Mousset over 4 years ago
- Status changed from New to Resolved
Done in 6.0 (finally!)