Rudder plugin: API Authorizations
This project is part of Rudder - Continuous configuration for effective compliance
Rudder is an easy to use, web-driven, role-based solution for IT Infrastructure Automation & Compliance.
See: http://rudder-project.org for more information.
This plugin provides fine grained Access Control List on APIs. It also allows registered Rudder users to get private token with the same rights as their role allows.
You can log information about ACL (behavior and errors) by adding the following lines in your
<!-- API ACLs ======== Information about ALC evalutation for APIs. This logger allows to get extra information about API ACLs resolution. --> <logger name="api-acl" level="off" />
User personnal API Token
When you use
api-authorizations plugin, any logged user can get a personnal API token by clicking on
its login information:
Once you click on the button, you get you personnal API token that can get revoked at any time:
The user can use that token to execute API requests for the same action that his role allows him to do:
These actions are recorded as done by the user owning the API token in Rudder events log:
The plugin also allows to configure fine grained access control for a token. By selecting "Custom ACL" access level, you can choose what endpoints are accessible for that API token.
For example, you can create an API token which can only access compliance information:
That token can of course access
compliance related endpoints:
But if it tries to access an other endpoint, it get an authorization error: