Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • stork stork
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 267
    • Issues 267
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 23
    • Merge requests 23
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • storkstork
  • Issues
  • #493
Closed
Open
Issue created Feb 26, 2021 by Tomek Mrugalski@tomek🛰Owner

Make getState API unavailable for unauthorized machines

Following on Marcin's response, we need to tighten up getState API command. Here's the original issue:

  1. start the demo
  2. go to machines, show unauthorized
  3. click on the machine name (I used agent-kea-ha2)
  4. click on the get latest state

This scenario is no longer possible from the UI as Marcin blocked the GetState button, but it's still possible using API. There should be an API check that would fail if machine is not authorized.

Assignee
Assign to
Time tracking