Architecture #6708
closed
Expose Allowed networks for policy server via API
Added by Janos Mattyasovszky over 9 years ago.
Updated over 4 years ago.
Description
Please allow modification of policy server's Allowed network over API.
This would be required for automated provisioning of Systems when a new IP network is opened for Maschines.
- Assignee set to François ARMAND
- Priority changed from N/A to 3
- Target version set to Ideas (not version specific)
Thanks !
Giving this to FAR too :)
@Janos Matya: you are of course right. But we wanted to have at least a basic authorisation model in place on API before completly opening the administration part of Rudder to them, as described in http://www.rudder-project.org/redmine/issues/5798
But clearly, these are the two (authz & admin management) big missing part in API.
Editing the allowed networks is not a bigger security risk then deleting all nodes from rudder after creating a new rule that trashes all servers by dd'ing out all disks, and these can already be done by API calls :)
Well, if we had authz, we wouldn't have that problem :)
But agreed, that's more security theatre than anything else at that point.
- Assignee deleted (
François ARMAND)
- Status changed from New to Resolved
Also available in: Atom
PDF
Updated by Matthieu CERDA 
Updated by 
Updated by 
Updated by