[Openstack-operators] Restricting API access as "admin" users based on network
Tim Goddard
timg at catalyst.net.nz
Mon Oct 20 04:11:04 UTC 2014
Hello all,
We have an established OpenStack cloud and as part of a round of security
hardening would like to add some additional restrictions on the use of "admin"
permissions.
In particular, we would like to limit it so that API endpoints requiring admin
access can only be used from a VPN (known range of source IP addresses). We do
not want the public-facing APIs to expose these endpoints, even to users with
the right credentials.
Has anyone already been through a similar process and have a method or advice
for us to follow?
Cheers,
Tim
More information about the OpenStack-operators
mailing list