Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: token-based ro access #33

Open
crpb opened this issue Nov 8, 2024 · 2 comments
Open

api: token-based ro access #33

crpb opened this issue Nov 8, 2024 · 2 comments

Comments

@crpb
Copy link
Contributor

crpb commented Nov 8, 2024

Hey,

The idea is to have simple tokens created with say.. echo MOOO| shasum -a 512224 |awk '{print $1}' >> /etc/grommunio-admin-api/conf.d/MOO.token which only allow "GET" requests with the REST api.
The usecase could be something like a monitoring system which should be able to read those endpoints but we don't want to store any admin credentials on those other systems.

And if that even gets picked up than it should also be noted that maybe time-based tokens might also be a good idea so to automatically expire them after N days.
@juliaschroeder
Copy link
Member

This can be achieved by creating a user with SystemAdminRO permissions and then generating an access token via grommunio-admin user login <username> --nopass --token.
I can also add an explicit expiry parameter to the CLI call if needed, otherwise the global default for login tokens applies (security.jwtExpiresAfter configuration).

@crpb
Copy link
Contributor Author

crpb commented Nov 11, 2024

Oh, wow, didn't knew about those. I asked about the roles at the support but never got an answer on how to use them :-(..

Thanks, and yeah that might be even better with expiry 👍🏼 .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crpb @juliaschroeder