Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1949651

Summary: [RFE] Implement user authentication in all STF dashboards
Product: Service Telemetry Framework Reporter: Alexon Oliveira <alolivei>
Component: distributionAssignee: Chris Sibbitt <csibbitt>
Status: CLOSED CURRENTRELEASE QA Contact: Leonid Natapov <lnatapov>
Severity: low Docs Contact:
Priority: high    
Version: 1.2CC: csibbitt, dsilvaju, jjoyce, joflynn, jschluet, kmehta, lhh, lmadsen, mburns, mgarciac, mrunge, shrjoshi
Target Milestone: GAKeywords: FutureFeature, Triaged
Target Release: 1.4 (STF)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: service-telemetry-operator-container-1.4.0-1 Doc Type: Enhancement
Doc Text:
To improve security compliance, you must now authenticate on all user interfaces. As a result, HTTPS routes to Prometheus, Alertmanager, and Grafana are now provided by default when those components deploy. Use OpenShift Container Platform creditials to authenticate to the newly exposed services. Grafana maintains the existing basic-auth login option for backwards-compatiblity purposes.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-02-03 14:27:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Alexon Oliveira 2021-04-14 17:53:22 UTC 
Description of problem:

To have user authentication in all STF related dashboards (Grafana, Prometheus, Alertmanager and Kibana) for security compliance reasons. This is a characteristic of some relevance for most ICT/Telco customers, because they have strict security policies explicitly forbidding "open" Web UIs. Anyone could silence alarms, for instance.

The problem is neither Prometheus nor Alertmanager are multi-tenant. Also, normally there is an oauth sidecar involved to allow OCP auth integration and this needs tests.

Version-Release number of selected component (if applicable):

STF (all versions)

Actual results:

Is possible to lock and integrate the Grafana dashboard with LDAP. The other services are not authenticated at all. 

Expected results:

To have user authentication in all STF related dashboards (Grafana, Prometheus, Alertmanager and Kibana) for security compliance reasons.
Comment 1 Chris Sibbitt 2021-11-16 20:04:54 UTC 
Upstream PR has merged for all of this work. 

Details here: https://github.com/infrawatch/service-telemetry-operator/pull/281

Documentation work here: https://github.com/infrawatch/documentation/pull/339