Trying to get token_restrictions working
38 views
Skip to first unread message
fred
May 29, 2017, 12:02:46 PM5/29/17
to 2600hz-users
Some help would be appreciated.
I read this document several times.
It's not clear from the documentation but I don't think I can add system_config/crossbar.token_restrictions via API. Just gives an error about no datasource or something. When I try do it for a specific reseller account (just so I can see an example of what the document should look like) it does create a document in that reseller account but I don't see my rules in there. They must be put somewhere else but I can't find them.
So after failing miserably to do anything via API, I tried to create
template document manually as per the instructions.
system_config/crossbar.token_restrictionstemplate document manually as per the instructions.
My document in system_config looks like this.
{
"_id":"crossbar.token_restrictions",
"_rev":"5-dbab3fcc3da6b3532fd842149c006ac9",
"default":{
"_":{
"_":{
"rules":{
"#":[
"GET"
]
}
}
}
}
}
As far as I can tell, that should limit all API users to only do GET. So if I try create anything like a device or user, it should 403 fail. That is not happening. I also tried to replace the catch_all "_" with "user" and "admin" and see if it limits user and admin users but it doesn't seem to be doing anything. I am rebooting the server each time I make a change just to be sure the changes are loaded because I don't know for sure what SUP commands will ensure my DB changes will be applied.
fred
May 31, 2017, 11:26:00 AM5/31/17
to 2600hz-users
Anyone? I'm really stuck here. Been trying to get this working for days.
Andre S.
Jun 2, 2017, 11:40:05 AM6/2/17
to 2600hz-users
I'm looking forward to the answer too. Restricting API to certain calls is really powerful.
James Aimonetti
Jun 8, 2017, 2:49:07 AM6/8/17
to 2600hz...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I've found the issue, issued a PR for master:
https://github.com/2600hz/kazoo/pull/3804
I'll be issuing a smaller one for 4.0/4.1 in the morning just to patch
the issue but not update the docs and other stuff.
- --
James Aimonetti
Lead Systems Architect
"If Dialyzer don't care, I don't care"
2600HzPDX | http://2600hz.com
sip:ja...@2600hz.com
tel:415.886.7905
irc:mc_ @ freenode
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEvSh+xZ5hP1H8lVIU1Mpr4k9cJWAFAlk481sACgkQ1Mpr4k9c
JWBuGwf/SJH78Mfk5Bes/GFfMdrShEREo9sNntkOtPHHsFJYz9wKO4izTIcHe8jq
SbA03+cQ5YQRyszqko9X1avF9uTTFA76J0qxOZCoQ/xorYJMPULTIKCuyu7bCKN9
8geyegMQuHtAkAl6Joz+2061+euW7b/zCaXpd48cr9CXUF7Q3u5faUT93mqQ30Lg
Y+qRuZ8l9tXuaXdG1xN3yvt00eNoqLhrTgmBsuVEpkl0rCP6tva2NBAfpflYU9wJ
9uYZCR28xV2bVwuj0I1drXN+TqsQBqYs0JGX/h58CHV2IdslfwU/1pG94wPjPKzG
qxEcJUNhJykoAZS75iwvghn1XeuR4Q==
=brmW
-----END PGP SIGNATURE-----
Hash: SHA256
I've found the issue, issued a PR for master:
https://github.com/2600hz/kazoo/pull/3804
I'll be issuing a smaller one for 4.0/4.1 in the morning just to patch
the issue but not update the docs and other stuff.
James Aimonetti
Lead Systems Architect
"If Dialyzer don't care, I don't care"
2600HzPDX | http://2600hz.com
sip:ja...@2600hz.com
tel:415.886.7905
irc:mc_ @ freenode
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEvSh+xZ5hP1H8lVIU1Mpr4k9cJWAFAlk481sACgkQ1Mpr4k9c
JWBuGwf/SJH78Mfk5Bes/GFfMdrShEREo9sNntkOtPHHsFJYz9wKO4izTIcHe8jq
SbA03+cQ5YQRyszqko9X1avF9uTTFA76J0qxOZCoQ/xorYJMPULTIKCuyu7bCKN9
8geyegMQuHtAkAl6Joz+2061+euW7b/zCaXpd48cr9CXUF7Q3u5faUT93mqQ30Lg
Y+qRuZ8l9tXuaXdG1xN3yvt00eNoqLhrTgmBsuVEpkl0rCP6tva2NBAfpflYU9wJ
9uYZCR28xV2bVwuj0I1drXN+TqsQBqYs0JGX/h58CHV2IdslfwU/1pG94wPjPKzG
qxEcJUNhJykoAZS75iwvghn1XeuR4Q==
=brmW
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages