Closed k4kfh closed 3 years ago
grossmj
commented
3 years ago We are already working on this on branch 3.0, version 3.0 will have a new API, new architecture etc. and will support user management with a RBAC model, authentication, HTTPS etc. The main goal is to allow GNS3 to be used in a classroom environment.
We expect to have a fairly strong base early next year. Please do not hesitate to share your ideas and/or would like to contribute.
k4kfh
commented
3 years ago Awesome! Thanks for the information. I'd love to help out as much as I can.
Is there a particular issue I should start trying to tackle, or just go straight for the RBAC? Also, do I need anything out of the ordinary set up for my dev environment?
I have some ideas for the specifics of the RBAC implementation. I'd love it if we had the option to use local authentication (for simpler setups) or RADIUS auth. I feel that would give plenty of flexibility to integrate with complex SSO stuff (e.g. Active Directory), and in my use case, it has the advantage of making it way easier to comply with university 2FA policy. We use DUO for 2FA, and it's very easy to integrate into any application capable of using RADIUS.
I noticed you discussed this some in #1337 , and I like the role ideas you mention there. Has any work been done on this already, or should I just start and see where it goes?
grossmj
commented
3 years ago We already have started work on the RBAC part, it will be added to the 3.0 server branch in time. Once we have done that you will be able to try and give us your ideas and contribute. In the meantime you may want to have a look at FastAPI, this is what we are using to run GNS3 starting with version 3.0: https://fastapi.tiangolo.com/
Regarding the authentication, the API will support OAuth2. Once we have that in place, it shouldn't too hard to add support additional authentication methods.
grossmj
commented
3 years ago RBAC support has been added.
I'm doing some academic work that would really benefit from user isolation (on a very large scale). I know that there is gns3-proxy, and that is an option, but I'd rather just add the feature to GNS3 if it's a manageable amount of work.
I'm not very familiar with this codebase. Could some experienced folks give your opinion on this idea? Is it going to be a 10 year process that requires fundamental changes? Or fairly do-able? I am trying to decide whether it will be more work to implement an elaborate system around gns3-proxy, or simply add the feature to GNS3 directly.