- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: Limiting a client to data bag access with OpenSource Chef-Server
- Date: Mon, 22 Apr 2013 00:29:22 -0700
On Apr 21, 2013, at 11:34 PM, Steffen Gebert wrote:
>
Hi,
>
>
is there a way to limit an API client to access the databags/ REST
>
endpoint only? Using OpenSource Chef-Server.. (I'm pretty sure the API
>
of closed Chef allows this).
>
>
My only idea would be to deny access to databags/ in the nginx proxy for
>
the IP running that client (a self-provision web frontend).
>
>
Any other ideas (doing it on a per-client basis)?
You can apply limits externally at the HTTP protocol layer but the only
access restrictions available in OSC is if a client is marked as an admin or
not. The Chef 11 server build is already fronted by nginx I think, so you
could probably just alter the internal cookbook that generates the final
nginx configs when you chef-server-ctl reconfigure.
--Noah
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Archive powered by MHonArc 2.6.16.