Open dmsimard opened 2 years ago
Authentication for the API and reporting interface can be managed by django or a frontend server like apache or nginx with a .htpasswd.
The current implementation for nginx hardcodes it for every URL and every method: https://github.com/ansible-community/ara-collection/blob/2fea65a38cb5f736e4471d53fb24b3b505a6fb9f/roles/ara_frontend_nginx/templates/ara-api-ssl.conf.j2#L15-L22
We could provide a "read only" implementation by allowing HEAD/GET/OPTIONS just like the django authentication toggle for authenticating reads or writes: https://github.com/ansible-community/ara-collection/blob/2fea65a38cb5f736e4471d53fb24b3b505a6fb9f/roles/ara_api/defaults/main.yaml#L140-L144
_(These above should stay false when using ara_api_external_auth: true since it's the web server handling the authentication)_
ara_api_external_auth: true
Authentication for the API and reporting interface can be managed by django or a frontend server like apache or nginx with a .htpasswd.
The current implementation for nginx hardcodes it for every URL and every method: https://github.com/ansible-community/ara-collection/blob/2fea65a38cb5f736e4471d53fb24b3b505a6fb9f/roles/ara_frontend_nginx/templates/ara-api-ssl.conf.j2#L15-L22
We could provide a "read only" implementation by allowing HEAD/GET/OPTIONS just like the django authentication toggle for authenticating reads or writes: https://github.com/ansible-community/ara-collection/blob/2fea65a38cb5f736e4471d53fb24b3b505a6fb9f/roles/ara_api/defaults/main.yaml#L140-L144
_(These above should stay false when using
ara_api_external_auth: true
since it's the web server handling the authentication)_