This might be a weird q, but is there a way to prevent UI edits in Fleet? Ideally I’d like to enforce that all changes to queries/packs are made only via automation (or by specific user tokens if such an ACL exists), so changes can be driven by fleetctl or terraform.
09/04/2020, 12:07 PM
you can disable ad-hoc queries, but I don't think RBAC has been implemented in a way that'll prevent that.
09/04/2020, 12:16 PM
Yeah I’m actually less worried about adhoc queries, though they are a concern
I’m more concerned that a human is manually twiddling with queries on prod, rather than running them through ci + review
09/04/2020, 3:40 PM
@asvoboda an UN-supported method could be to setup NGINX to only allow
requests to certain API endpoints from a certain IP range/user-agent/etc