Title
#kolide
a

asvoboda

09/04/2020, 12:02 PM
This might be a weird q, but is there a way to prevent UI edits in Fleet? Ideally I’d like to enforce that all changes to queries/packs are made only via automation (or by specific user tokens if such an ACL exists), so changes can be driven by fleetctl or terraform.
z

Zach Zeid

09/04/2020, 12:07 PM
you can disable ad-hoc queries, but I don't think RBAC has been implemented in a way that'll prevent that.
a

asvoboda

09/04/2020, 12:16 PM
Yeah I’m actually less worried about adhoc queries, though they are a concern
12:17 PM
I’m more concerned that a human is manually twiddling with queries on prod, rather than running them through ci + review
CptOfEvilMinions

CptOfEvilMinions

09/04/2020, 3:40 PM
@asvoboda an UN-supported method could be to setup NGINX to only allow
POST
requests to certain API endpoints from a certain IP range/user-agent/etc