Bug 1846256
Summary: | SSO allows all engine users to login to grafana | ||
---|---|---|---|
Product: | [oVirt] ovirt-engine-dwh | Reporter: | Yedidyah Bar David <didi> |
Component: | Setup | Assignee: | Shirly Radco <sradco> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Novotny <pnovotny> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.4.0 | CC: | bugs, emarcus, lleistne, sradco |
Target Milestone: | ovirt-4.4.4 | Flags: | pm-rhel:
ovirt-4.4+
|
Target Release: | 4.4.1.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ovirt-engine-dwh-4.4.1.2 | Doc Type: | Known Issue |
Doc Text: |
Grafana now allows Single-Sign-On (SSO) using oVirt engine users, but does not allow automatic creation of them. A future version (see bugs 1835163 and 1807323) will allow automatic creation of admin users. For now, users must be created manually, but following that, they can login using SSO.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-08-05 06:25:20 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Metrics | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yedidyah Bar David
2020-06-11 08:38:40 UTC
Verified in ovirt-engine-4.4.1.8-0.7.el8ev.noarch ovirt-engine-dwh-4.4.1.2-1.el8ev.noarch Verified with reproducer from comment 0: 1. Install and setup engine+dwh+grafana 2. Create on the engine a non-admin user, login with this user to the VM portal 3. Try to login to grafana with 'Sign in with oVirt Engine Auth' Result: HTTP 500 error page (see separate bug 1856097). Login with an admin user works well. I move this bug to VERIFIED as the functionality no longer allow a non-admin or uninvited user to access Grafana. The error page is tracked separately in bug 1856097. Eli - I rewrote the doc text to clarify the current status (with current bug fixed). Feel free to amend as needed, and in particular to include more detailed steps for how to create/invite users (you can based on comment 0), or open a doc bug to add this to the main docs. When I initially wrote comment 0, it described a bug - a current bad behavior (allow all users to login). Now, this behavior is fixed, but on the expense of degraded functionality (impossible to auto-create users). I am writing this to clarify that in your text, "allows" actually refers to the situation before the fix (which, for RHV, does not exist, because we never released RHV with current bug unfixed), and "Workaround" is not a workaround but simply the behavior. So if you want to keep your own text with as few changes as possible, it can be e.g.: The Grafana dashboard allowed any authenticated oVirt engine user to log in using Single Sign-On (SSO). With this version, automatic creation of Grafana SSO users has been disabled. A Grafana Admin user must create or invite a new user manually. But as I said, this does not apply to RHV, because it was never released with current bug unfixed. Didi, please add to the doc text that when DWH is installed on separate machine, smtp server must be installed/configured to sent the emails. (In reply to Lucie Leistnerova from comment #4) > Didi, please add to the doc text that when DWH is installed on separate > machine, smtp server must be installed/configured to sent the emails. Why is it specific to separate machine? I think you refer to the emails with invitation links, right? I think this applies always, currently. I personally didn't let it send emails but copy/pasted, see step 6 of the "Additional info" in comment 0. Eli - can you please add this "Additional info" text to the main docs, or perhaps just to doc text here? Thanks. Then, also add there something like: For using "Send invite mail", you first have to configure postfix to allow sending outgoing email. This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |