chef - [chef] Re: Restriction on REST API access

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Restriction on REST API access

From: Peter Donald < >
To: " " < >
Subject: [chef] Re: Restriction on REST API access
Date: Thu, 26 Apr 2012 23:00:41 +1000

Not out of the box but we put Apache in front of chef server ( so both API and web interface are on port 80 ) and we add a bunch of rules that check some rules and I suspect that would be easy enough with some appropriate Apache fu

On Thursday, April 26, 2012, wrote:

Hello,

In Puppet, there is a auth.conf file which permits to define some authorization
thanks to regex on path of the REST API

For example, by default in Puppet, there is:

# allow nodes to retrieve their own catalog (ie their configuration)
path ~ ^/catalog/([^/]+)$
method find
allow $1

which permits to dynamically setup the authorization on the request.
For exemple, the request
/catalogue/clienthostname
will only work if it is the client 'clienthostname' which request it, otherwise
it will fail with an authorization error.

Is there a similar feature in opensource Chef on the Chef REST API please ?

Thanks in advance for your answers.

Best regards,
Christophe

--
Cheers,

Peter Donald

[chef] Restriction on REST API access, cl.subscription, 04/26/2012
- [chef] Re: Restriction on REST API access, Peter Donald, 04/26/2012
- [chef] Re: Restriction on REST API access, Adam Jacob, 04/26/2012