[Openstack-operators] Restricting API access as "admin" users based on network
timg at catalyst.net.nz
Mon Oct 20 04:11:04 UTC 2014
We have an established OpenStack cloud and as part of a round of security
hardening would like to add some additional restrictions on the use of "admin"
In particular, we would like to limit it so that API endpoints requiring admin
access can only be used from a VPN (known range of source IP addresses). We do
not want the public-facing APIs to expose these endpoints, even to users with
the right credentials.
Has anyone already been through a similar process and have a method or advice
for us to follow?
More information about the OpenStack-operators