Skip to content

Commit

Permalink
feat(apiserver): Optionally restrict public API to a single client
Browse files Browse the repository at this point in the history
# Issue

As a platform operator you might want to restrict access to the public
API.

# Fix

The property `autoscaler.apiserver.autoscaler_api_client_id`, if set,
restricts the public API endpoint, to only allow requests providing an
oauth token from this client id to access the public API. The token
needs to be provided in the request header `X-Autoscaler-Token`.
  • Loading branch information
silvestre committed May 29, 2024
1 parent 5bb46fb commit 0ad3a27
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
5 changes: 5 additions & 0 deletions jobs/golangapiserver/spec
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,11 @@ properties:
description: ""
autoscaler.apiserver.broker.server.dashboard_redirect_uri:
description: ""
autoscaler.apiserver.server.autoscaler_api_client_id:
description: |
If set, restricts the public API endpoint, to only allow requests providing an oauth token from this client id to access the public API.
The token needs to be provided in the request header X-Autoscaler-Token.
default: ""
autoscaler.apiserver.public_api.server.port:
description: "Port where broker server will run"
default: 6102
Expand Down
1 change: 1 addition & 0 deletions jobs/golangapiserver/templates/apiserver.yml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ cf:
idle_connection_timeout_ms: <%= p("autoscaler.cf.idle_connection_timeout_ms") %>
max_idle_conns_per_host_ms: <%= p("autoscaler.cf.max_idle_conns_per_host_ms") %>

api_client_id: <%= p("autoscaler.apiserver.server.autoscaler_api_client_id") %>
public_api_server:
port: <%= p("autoscaler.apiserver.public_api.server.port") %>
<% if_p("autoscaler.apiserver.public_api.server.ca_cert", "autoscaler.apiserver.public_api.server.server_cert", "autoscaler.apiserver.public_api.server.server_key") do %>
Expand Down

0 comments on commit 0ad3a27

Please sign in to comment.