Project

General

Profile

Actions

Architecture #6708

closed

Expose Allowed networks for policy server via API

Added by Janos Mattyasovszky almost 9 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
3
Assignee:
-
Category:
API
Effort required:
Name check:
Fix check:
Regression:

Description

Please allow modification of policy server's Allowed network over API.
This would be required for automated provisioning of Systems when a new IP network is opened for Maschines.

Actions #1

Updated by Matthieu CERDA almost 9 years ago

  • Assignee set to François ARMAND
  • Priority changed from N/A to 3
  • Target version set to Ideas (not version specific)

Thanks !

Giving this to FAR too :)

Actions #2

Updated by François ARMAND almost 9 years ago

@Janos Matya: you are of course right. But we wanted to have at least a basic authorisation model in place on API before completly opening the administration part of Rudder to them, as described in http://www.rudder-project.org/redmine/issues/5798

But clearly, these are the two (authz & admin management) big missing part in API.

Actions #3

Updated by Janos Mattyasovszky almost 9 years ago

Editing the allowed networks is not a bigger security risk then deleting all nodes from rudder after creating a new rule that trashes all servers by dd'ing out all disks, and these can already be done by API calls :)

Actions #4

Updated by François ARMAND about 8 years ago

Well, if we had authz, we wouldn't have that problem :)

But agreed, that's more security theatre than anything else at that point.

Actions #5

Updated by François ARMAND about 6 years ago

  • Assignee deleted (François ARMAND)
Actions #6

Updated by Alexis Mousset almost 4 years ago

  • Status changed from New to Resolved

Done in 6.0 (finally!)

Actions

Also available in: Atom PDF