Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
Professional Edition
-
$ svn info
Path: .
Working Copy Root Path: /opt/observium
URL: http://svn.observium.org/svn/observium/trunk
Repository Root: http://svn.observium.org/svn
Repository UUID: 61d68cd4-352d-0410-923a-c4978735b2b8
Revision: 10084
Node Kind: directory
Schedule: normal
Last Changed Author: mike
Last Changed Rev: 10084
Last Changed Date: 2019-10-08 02:54:10 +1000 (Tue, 08 Oct 2019)
$$ svn info Path: . Working Copy Root Path: /opt/observium URL: http://svn.observium.org/svn/observium/trunk Repository Root: http://svn.observium.org/svn Repository UUID: 61d68cd4-352d-0410-923a-c4978735b2b8 Revision: 10084 Node Kind: directory Schedule: normal Last Changed Author: mike Last Changed Rev: 10084 Last Changed Date: 2019-10-08 02:54:10 +1000 (Tue, 08 Oct 2019) $
Description
Relying on the webUI's auth mechanism for API auth is painful, particularly so when using LDAP or RADIUS external modules, which can cause long delays/timeouts with auth, impacting software integrations against Observium. It also means that some kind of service account needs to be defined in the external authentication store, which opens a can of worms in terms of compliance and security policy with respect to password expiration and enforced changes over time.
Attached .sql defines a new table for SQL schema, 'api_tokens'. API tokens are intended to be tied to a mysql defined user in order to perform RBAC based on user levels in API if implemented.
Attached .diff adds code to support 'api_token' as an auth mechanism for requests beginning with the URI '/api/'
Authentication for webUI is not impacted.
Default for API auth mechanism inherits from top level auth mechanism to avoid impacting existing API auth methods by users.
Attachments
Activity
Note, currently does not provide webUI capability to create/manage API tokens. Intended to be added as future patch.
Hello, Any ETA for this Feature Request?