Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove skip login option #2672

Closed
floreks opened this issue Dec 13, 2017 · 8 comments
Closed

Remove skip login option #2672

floreks opened this issue Dec 13, 2017 · 8 comments
Assignees
@maciaszczykm
Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.

Comments

@floreks
Copy link
Member

floreks commented Dec 13, 2017

As per request from #2668 (comment).
@floreks floreks changed the title Add option to disasble "Skip" button on login screen Add option to disable "Skip" button on login screen Dec 13, 2017
@floreks floreks added good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. priority/P3 labels Dec 13, 2017
@floreks floreks mentioned this issue Dec 13, 2017
Closed
@dohnto
Copy link

dohnto commented Dec 21, 2017

Our company would like to see this feature implemented since we use several clusters across different teams and we would like to disable even read-only access to some clusters.

@maciaszczykm maciaszczykm added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Feb 27, 2018
@onitake
Copy link
Contributor

onitake commented May 31, 2018

Enforcing a read-only mode for unauthenticated users may be useful, but is unnecessary as this can be modelled easily with proper RBAC rules.

However, under very restrictive rules (i.e. no permissions at all), the SKIP button is useless, so an option to disable it would improve the user experience.

@onitake onitake mentioned this issue Jun 4, 2018
Merged
@maciaszczykm maciaszczykm changed the title Add option to disable "Skip" button on login screen Remove skip login option Nov 9, 2018
@maciaszczykm maciaszczykm added priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. and removed priority/P3 labels Nov 9, 2018
@maciaszczykm maciaszczykm mentioned this issue Nov 30, 2018
Merged
@maciaszczykm maciaszczykm self-assigned this Dec 5, 2018
@maciaszczykm
Copy link
Member

maciaszczykm commented Dec 5, 2018
edited
Loading

@jessfraz @liggitt @floreks I would like to restart our discussion here as we still have this issue in our backlog and its priority is critical. What do you think about making a new release as soon as possible to include the current fix in it (#3289) and waiting with completely removing the skip option until the migration finish (#3152)? I would say that it should take around a month to get migration on master and to start work on this issue. Would it be okay for you or you think that the current solution is not enough and we should focus on it right now? What would be your requirements for it then?

@bryk
Copy link
Contributor

bryk commented Dec 7, 2018

and waiting with completely removing the skip option until the migration finish

I think we should not wait and remove the skip option immediately. Making this project secure should always be highest priority.

@floreks floreks mentioned this issue Dec 7, 2018
Merged
@liggitt liggitt mentioned this issue Dec 12, 2018
Closed
@Liz4v
Copy link

Liz4v commented Dec 22, 2018

Because googling my problem landed in this bug report for the top result:

If you want to keep the skip login button, you need to edit the yaml file to include --enable-skip-login as one of the args of the deployment.

@floreks
Copy link
Member Author

floreks commented Dec 27, 2018

@ekevoo Thanks for this. We've missed that one on the release notes. I have updated changelog and wiki has been also updated to contain new argument.

@joekohlsdorf
Copy link

joekohlsdorf commented Dec 28, 2018
edited
Loading

Sad to see that such a breaking change was done in a minor release and that it was originally not even in the changelog.

@floreks
Copy link
Member Author

floreks commented Dec 28, 2018

@joekohlsdorf It was in the changelog from the beginning but it was not so prominent and obvious. You would need to check linked issues.

CVE-2018-18264: Fix security issue related to using Dashboard's Service Account (#3400 and #3289)

@bergerx bergerx mentioned this issue Jan 31, 2019
Closed
@MirzaSikander MirzaSikander mentioned this issue Feb 28, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maciaszczykm maciaszczykm

Labels
good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@onitake @Liz4v @bryk @floreks @dohnto @maciaszczykm @joekohlsdorf