Issue #5361 has been updated by James Turnbull. Target version set to 1.1.0
---------------------------------------- Feature #5361: Dashboard should have access controls for submitting reports https://projects.puppetlabs.com/issues/5361 Author: Jeff McCune Status: Closed Priority: Low Assignee: Nigel Kersten Category: Target version: 1.1.0 Keywords: ae8890f89d318e0c2716bb0d9ba4e90e iteration_2010-12-01 Branch: Affected URL: Affected Dashboard version: Overview ======== A customer needs to limit access to the report submission API. This could be easily implemented currently using a <Limit></Limit> block in Apache to ensure only specific IP Addresses allow reports to be submitted. Doing so conflicts with the dashboard user interface view of /reports, however. As a short term solution, the dashboard could be modified to accepts POST requests at a unique location which does not conflict with other operations such as the user interface. As a long term solution, the dashboard should support access control to limit the systems able to upload reports into the dashboard. The relevant code I'm referring to is: # ext/puppet/puppet_dashboard.rb def process Net::HTTP.start(HOST, PORT) do |conn| conn.post "/reports", "report=" + CGI.escape(self.to_yaml) end end In the user interface, the URL is: http://dashboard.puppetlabs.com/reports These two URI's conflict, and as such I cannot impose Apache Limits on the discrete request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
