how bad would it be if we allowed all systems in communishift to get read-only access to fasjson?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I want to sync group membership to Discourse. See one idea for this here:
https://pagure.io/fedora-infrastructure/issue/10952

However, this would be approximately one billion times easier if I didn't
need to worry about the hard part of automating something with fasjson,
which is keeping a kerberos ticket fresh from a keytab. (I'd love to run my
whole thing as a function-as-a-service function.)

I get why we require authentication, but since this info is open to anyone
who authenticates, it's only one part of our protection. And it occured to
me that one needs a FAS account to create something in Communishift anyway.
Unless I am missing something (and I might be)... that really offers
basically the same protection. So..... would it be possible to just
allow-list connections coming from the Communishift nodes?



-- 
Matthew Miller
<mattdm@xxxxxxxxxxxxxxxxx>
Fedora Project Leader
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux