Bug 1516293

Summary: no Grafana authentication/authorization
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Lubos Trilety <ltrilety>
Component: web-admin-tendrl-monitoring-integrationAssignee: Ankush Behl <anbehl>
Status: CLOSED WONTFIX QA Contact: sds-qe-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: rhgs-3.3CC: gshanmug, negupta, rhs-bugs, sankarshan, ssaha
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-05-08 18:34:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1516301    

Description Lubos Trilety 2017-11-22 12:23:51 UTC 
Description of problem:
Grafana is used without any authentication/authorization. If someone knows URL he/she can use Grafana the same way as any RHGSWA user. No secure connection is granted using link from RHGSWA UI to Grafana.

Version-Release number of selected component (if applicable):
tendrl-selinux-1.5.3-2.el7rhgs.noarch
tendrl-commons-1.5.4-3.el7rhgs.noarch
tendrl-api-httpd-1.5.4-2.el7rhgs.noarch
tendrl-grafana-selinux-1.5.3-2.el7rhgs.noarch
tendrl-ansible-1.5.4-1.el7rhgs.noarch
tendrl-node-agent-1.5.4-3.el7rhgs.noarch
tendrl-ui-1.5.4-3.el7rhgs.noarch
tendrl-grafana-plugins-1.5.4-4.el7rhgs.noarch
tendrl-notifier-1.5.4-2.el7rhgs.noarch
tendrl-api-1.5.4-2.el7rhgs.noarch
tendrl-monitoring-integration-1.5.4-4.el7rhgs.noarch

How reproducible:
100%