Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Public/Private API Classification After Full Flask Migration #405

Closed
sadsfae opened this issue Mar 4, 2022 · 1 comment
Closed

[RFE] Public/Private API Classification After Full Flask Migration #405

sadsfae opened this issue Mar 4, 2022 · 1 comment
Labels
API enhancement flask
Milestone
2.x Series - Bowie

Comments

@sadsfae
Copy link
Member

sadsfae commented Mar 4, 2022

Summary

This is an RFE for how we want to design our separation of public, private and authenticated API RBAC model after we migrate fully from CherryPy to Flask API endpoints.

Depends on:

Related RFE

Details

We'll want to separate our API endpoints (prominent endpoints documented here: https://github.com/redhat-performance/quads/blob/master/docs/quads-api.md ) into a more role-based or purpose-driven separation design for the following reasons below.

Why?

  • Provide basic public API access to tenant automation about their machines
  • Provide web-based API access to endpoints that help build our landing pages, requests, wiki and status pages to illustrate more up-to-date and granular systems, assignment and availability information
  • Protect API endpoints that should be private or local (re-architect them to use localsocket only for example)
  • Extend capabilities in other areas

Design

We want to ensure any local API calls are done against gunicorn listening on localhost as well, skipping the nginx reverse proxy tier while ensuring all public API calls utilize nginx reverse proxy tier and can reap all the benefits that gives us.

As a first pass, here might be some of the API classification we'd want to do:

Open / Public API Calls
Protected / Local API Calls
Authenticated / Protected Public API Calls
  • (brainstorm) We might allow a subset of API calls for tenants to interact with their hosts after they receive them, this might require the implementation of [RFE] LDAP integration #191 first.
@sadsfae sadsfae added this to the 2.0 Series - Bowie milestone Mar 4, 2022
@sadsfae sadsfae mentioned this issue May 10, 2022
Open
@sadsfae sadsfae moved this from To do to To Do: High Priority and Bugs in QUADS 2.0 Series Jun 14, 2024
@sadsfae
Copy link
Member Author

sadsfae commented Jun 26, 2024

Resolving this as we mostly accomplished everything with release of 2.0.0.

I think that we'll need to further granularize concept of users as generic cloud environments but this can be separate RFE's as needed to support: #487

@sadsfae sadsfae closed this as completed Jun 26, 2024
@github-project-automation github-project-automation bot moved this from To Do: High Priority and Bugs to Done in QUADS 2.0 Series Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
API enhancement flask
Projects
No open projects
QUADS 2.0 Series
Status: Done
Milestone
2.x Series - Bowie
Development

No branches or pull requests
1 participant
@sadsfae