You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2021/03/07 02:09:59 UTC

[GitHub] [skywalking] alexjoybc opened a new issue #6502: Implement Authentication for skywalking-ui

alexjoybc opened a new issue #6502:
URL: https://github.com/apache/skywalking/issues/6502


   Please answer these questions before submitting your issue.
   
   - Why do you submit this issue?
   - [ ] Question or discussion
   - [ ] Bug
   - [ ] Requirement
   - [x] Feature or performance improvement
   
   
   ### Requirement or improvement
   
   #### Summary
   
   I'm using skywalking for monitoring multiple service. I've protected access to the application using nginx but it would be nice to have a built-in feature to secure the application using openId Connect.
   
   #### Environment
   
   - skywalking-aop and skywalking-ui running on same openshift project.
   - multiple skywalking agent running on different environment reporting to the central skywalking-aop service
   
   #### Feature
   
   - Secure access to skywalking-ui using openId connect
   
   #### Out of scope
   
   - Secure access to skywalking-aop server.
   
   
   
   
   
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #6502:
URL: https://github.com/apache/skywalking/issues/6502#issuecomment-792235823


   ### Conclusion
   This feature requires > 2 PMC members  agreed on maintaining.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #6502:
URL: https://github.com/apache/skywalking/issues/6502#issuecomment-792230964


   > My requirement is more about all or nothing access, if I was to control access to specific service data for different groups I would run different instances.
   
   I know, but the community may not keep in this way. Once the login and authentication accepted, people could add mechanism around it. That is why we don't say no to this, instead, we request anyone gets to do this, having > 2 PMC members back him up, to keep this thing in maintainable for a long term.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng commented on issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

wu-sheng commented on issue #6502:
URL: https://github.com/apache/skywalking/issues/6502#issuecomment-792172378


    Hi @alexjoybc , we(SkyWalking) received this kind of request from time to time. There are following reason there is no login
   1. Login usually means access control + data authentication control. Such as, which services' data could be read by specific group of people. This would lead the project into an endless direction like an internal management system.
   2. We used to have a simple version of login, PMC reviewed, and made a vote to remove it. Because no member in the PMC is willing to keep eyes on it to maintain this feature direction.
   3. Login control means more risks to expose security issues, which from the ASF perspective, PMC has to take the responsibility. This makes the thing back to (2).
   
   Until there are at least 2 PMC members said they will take the responsibility at that direction, start a new PMC vote, and make it passed. This feature may not be able to show up in the upstream.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] alexjoybc edited a comment on issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

alexjoybc edited a comment on issue #6502:
URL: https://github.com/apache/skywalking/issues/6502#issuecomment-792208310


   Hi @wu-sheng and thank you for considering my request. I could not agree more on point 1, access control could definitely lead to overhead. My requirement is more about all or nothing access, if I was to control access to specific service data for different groups I would run different instances. Thinking about it now, managing access outside skywalking is probably a better approach. Thanks again for taking the time to explain your vision.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] wu-sheng closed issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

wu-sheng closed issue #6502:
URL: https://github.com/apache/skywalking/issues/6502


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [skywalking] alexjoybc commented on issue #6502: Implement Authentication for skywalking-ui

Posted by GitBox <gi...@apache.org>.

alexjoybc commented on issue #6502:
URL: https://github.com/apache/skywalking/issues/6502#issuecomment-792208310


   Hi @wu-sheng and thank you for considering my request. I could not agree more on point 1, access control could definitely lead to overhead. My requirements is more about all or nothing access, if I was to control access to specific service data for different groups I would run different instances. Thinking about it now, managing access outside skywalking is probably a better approach. Thanks again for taking the time to explain your vision.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org