Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Settings page 403 when auth disabled #2694

Closed
lucasyvas opened this issue Dec 19, 2017 · 2 comments
Closed

Settings page 403 when auth disabled #2694

lucasyvas opened this issue Dec 19, 2017 · 2 comments

Comments

@lucasyvas
Copy link

lucasyvas commented Dec 19, 2017
edited
Loading

Environment

I'm trying to run Kubernetes 1.9 with the latest stable dashboard in an internal only environment (orchestrated with latest kubeadm). To play around, I've deployed the "alternative" dashboard flavour which runs over HTTP with no authentication. I've granted the dashboard service account admin privileges as indicated on the access control README page (this was required otherwise the dashboard would fetch no data)

Steps to reproduce

With the alternative dashboard deployed and giving dashboard admin level access, go to the Settings page on the dashboard.

Observed result

You get a 403 Forbidden page saying you don't have privileges.

Expected result

The settings page loads OK

Comments

This seems to have been introduced by #2639 intentionally, however I'm not sure it accounts for the case login is disabled. It may be expecting a logged in user even in this case. It's also possible the "alternative" dashboard config can be altered to allow this and it's simply something that was missed in that deploy config. I also had a similar problem leaving HTTPS login enabled and granting admin privileges. In that case, you can skip login and everything works except for the Settings page (so same behaviour).

Is there a workaround to this or would I be stuck trying to use HTTPS login and granting a single user to everyone for now?
@floreks
Copy link
Member

floreks commented Dec 19, 2017
edited
Loading

It was intentionally disabled in case user is not logged in and Dashboard is accessed with permissions of its' Service Account. Right now there is no workaround. We will add argument that will allow to override this behavior. To be honest I haven't thought about alternative deployment. If login page is enabled I think it is expected that "anonymous" users using Skip option are not able to modify global settings.

We will be doing v1.8.2 release real soon as I have found 1 major issue lately. I will add this feature to the release also.

@lucasyvas
Copy link
Author

@floreks, I agree and think the decisions made when adding this seem totally reasonable. The are always lots of options and it's sometimes hard to determine which cases are meant to be fully supported, so I appreciate the clarification and look forward to this :)

@floreks floreks mentioned this issue Dec 20, 2017
Merged
@tstromberg tstromberg mentioned this issue May 29, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@floreks @lucasyvas