[Openstack-operators] Restricting API access as "admin" users based on network

Tim Goddard timg at catalyst.net.nz
Mon Oct 20 04:11:04 UTC 2014

Hello all,

We have an established OpenStack cloud and as part of a round of security 
hardening would like to add some additional restrictions on the use of "admin" 

In particular, we would like to limit it so that API endpoints requiring admin 
access can only be used from a VPN (known range of source IP addresses). We do 
not want the public-facing APIs to expose these endpoints, even to users with 
the right credentials.

Has anyone already been through a similar process and have a method or advice 
for us to follow?



More information about the OpenStack-operators mailing list