Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add full api restriction setting (#15656) #15724

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

Add full api restriction setting (#15656) #15724

wants to merge 1 commit into from
+181 −0

Conversation

uber-dendy
Copy link

SUMMARY

This PR introduces a new configuration option, RESTRICT_API_ANONYMOUS_ACCESS, to enhance security by allowing administrators to restrict unauthorized access to all AWX API endpoints, with the exception of those specified in ANONYMOUS_ACCESS_API_ALLOWED_PATHS. This feature is especially important for environments with strict security policies that require more control over which endpoints can be accessed without authentication. By default, this feature is disabled to ensure backward compatibility with existing setups.

This is related to #15656, but more flexible

Proposal:

  • Add a new setting RESTRICT_API_ANONYMOUS_ACCESS to enable or disable the restriction of anonymous access to the API.
  • Introduce ANONYMOUS_ACCESS_API_ALLOWED_PATHS to define which paths can be accessed without authentication.
  • Modify the middleware to enforce these restrictions, returning a 401 Unauthorized response for any unauthorized API access attempts.
ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • API
ADDITIONAL INFORMATION
  • The feature ensures that current installations remain unaffected by default, and administrators can opt-in based on their security needs.

@uber-dendy uber-dendy force-pushed the restrict_api_access_setting branch from e61089d to 85bf949 Compare December 24, 2024 13:36
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community component:api
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@uber-dendy