Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add full api restriction setting (#15656) #15724

Closed
wants to merge 1 commit into from
Closed

Add full api restriction setting (#15656) #15724

wants to merge 1 commit into from
+181 −0

Conversation

uber-dendy
Copy link

SUMMARY

This PR introduces a new configuration option, RESTRICT_API_ANONYMOUS_ACCESS, to enhance security by allowing administrators to restrict unauthorized access to all AWX API endpoints, with the exception of those specified in ANONYMOUS_ACCESS_API_ALLOWED_PATHS. This feature is especially important for environments with strict security policies that require more control over which endpoints can be accessed without authentication. By default, this feature is disabled to ensure backward compatibility with existing setups.

This is related to #15656, but more flexible

Proposal:

  • Add a new setting RESTRICT_API_ANONYMOUS_ACCESS to enable or disable the restriction of anonymous access to the API.
  • Introduce ANONYMOUS_ACCESS_API_ALLOWED_PATHS to define which paths can be accessed without authentication.
  • Modify the middleware to enforce these restrictions, returning a 401 Unauthorized response for any unauthorized API access attempts.
ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • API
ADDITIONAL INFORMATION
  • The feature ensures that current installations remain unaffected by default, and administrators can opt-in based on their security needs.

@uber-dendy uber-dendy force-pushed the restrict_api_access_setting branch from e61089d to 85bf949 Compare December 24, 2024 13:36
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@AlanCoding AlanCoding mentioned this pull request Jan 24, 2025
Merged
20 tasks
@djyasin
Copy link
Member

djyasin commented Jan 29, 2025

Hi @uber-dendy thank you for taking the time to contribute! After reviewing your PR, we think this functionality would be better suited to Django Ansible Base. You can contribute to that repository here:
https://github.com/ansible/django-ansible-base/pulls

@djyasin djyasin closed this Jan 29, 2025
@djyasin djyasin reopened this Jan 29, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@djyasin
Copy link
Member

djyasin commented Jan 29, 2025

Hello @uber-dendy, thank you again for your contribution. After further discussion of this PR, we have determined that this is not an appropriate implementation at this time. Thank you again for your time!

@djyasin djyasin closed this Jan 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
community component:api
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@uber-dendy @djyasin