On Apr 21, 2013, at 11:34 PM, Steffen Gebert wrote:
is there a way to limit an API client to access the databags/ REST
endpoint only? Using OpenSource Chef-Server… (I’m pretty sure the API
of closed Chef allows this).
My only idea would be to deny access to databags/ in the nginx proxy for
the IP running that client (a self-provision web frontend).
Any other ideas (doing it on a per-client basis)?
You can apply limits externally at the HTTP protocol layer but the only access restrictions available in OSC is if a client is marked as an admin or not. The Chef 11 server build is already fronted by nginx I think, so you could probably just alter the internal cookbook that generates the final nginx configs when you chef-server-ctl reconfigure.