Allow to configure which PuppetDB endpoints are allowed in the /query page #475
Comments
volans-
added a commit
to volans-/puppetboard
that referenced
this issue
Jul 18, 2018
Allow to configure which PuppetDB endpoints are allowed in the /query page, adding the ENABLED_QUERY_ENDPOINTS configuration variable, that if set restricts the allowed endpoints to query. If not set the previous behaviour is kept, allowing all PuppetDB endpoints to be queried, if the ENABLE_QUERY configuration is True. Closes: voxpupuli#475
volans-
added a commit
to volans-/puppetboard
that referenced
this issue
May 27, 2019
Allow to configure which PuppetDB endpoints are allowed in the /query page, adding the ENABLED_QUERY_ENDPOINTS configuration variable, that if set restricts the allowed endpoints to query. If not set the previous behaviour is kept, allowing all PuppetDB endpoints to be queried, if the ENABLE_QUERY configuration is True. Closes: voxpupuli#475
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now there is just a global switch to enable or disable the
/queryendpoint:ENABLE_QUERY.It would be nice to have an easy way to allow only a sub-selection of the available PuppetDB endpoints.
For example the catalog endpoint might return secrets from the host's catalog and this could be considered unsafe and to be forbidden in a given environment. But at the same time it would be very useful to allow fact queries. And this is my use case.
An additional configuration parameter that allow to specify the list of enabled PuppetDB endpoints that could be queried should be easy enough to add, increasing a lot Puppetboard flexibility.
The text was updated successfully, but these errors were encountered: