- From: Adam Jacob <
>
- To:
- Subject: [chef] Re: Restriction on REST API access
- Date: Thu, 26 Apr 2012 10:04:08 -0700
There isn't a direct analog. Chef requires every request to be
authenticated (even the initial request is authenticated by the
validation certificate,) and there is no way to turn it off.
In Open Source chef, there are only two permission settings - either
you are an administrator with full privileges, or a client with
permissions to read/write your own node object, and read other
objects.
As Peter Donald replied later, you can certainly add these rules at
the proxy layer.
Adam
On Thu, Apr 26, 2012 at 2:42 AM,
<
>
wrote:
>
Hello,
>
>
In Puppet, there is a auth.conf file which permits to define some
>
authorization
>
thanks to regex on path of the REST API
>
>
For example, by default in Puppet, there is:
>
>
# allow nodes to retrieve their own catalog (ie their configuration)
>
path ~ ^/catalog/([^/]+)$
>
method find
>
allow $1
>
>
which permits to dynamically setup the authorization on the request.
>
For exemple, the request
>
/catalogue/clienthostname
>
will only work if it is the client 'clienthostname' which request it,
>
otherwise
>
it will fail with an authorization error.
>
>
Is there a similar feature in opensource Chef on the Chef REST API please ?
>
>
Thanks in advance for your answers.
>
>
Best regards,
>
Christophe
--
Opscode, Inc.
Adam Jacob, Chief Customer Officer
T: (206) 619-7151 E:
Archive powered by MHonArc 2.6.16.