-
Notifications
You must be signed in to change notification settings - Fork 810
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dashboard support authority management #1092
Comments
Is there already a rough date for the feature? I would like to use Chaos Mesh in the company I work for, but access control is a critical feature for cross-team use and distribution of authorizations, e.g. for defining experiments on certain namespaces for specific users. The granularity of the authorizations could optimally be mapped to the various activities that can be used with Chaos Mesh, especially in connection with Kubernetes (see also k8s Best Practices for RBAC with admin / edit / view). |
You can look the proposal for details https://github.com/chaos-mesh/rfcs/blob/main/text/2020-10-22-authn-and-authz-on-chaos-dashboard. We plan to implement this feature next month. |
You can comment in this issue if have any question @torblerone |
Many Thanks @WangXiangUSTC ! It is nice to see that you are thinking and developing in this direction too. As I said before, it would be great if you could distribute role permissions in a very fine-grained manner. I'm thinking of permissions for certain types of chaos, namespaces, maybe even services. But that shouldn't downplay your state of affairs, you have orientated yourself very well to CN when it comes to a role concept! Thanks for that! |
The permissions depend on what can do with the service account, the dashboard will not manage the authority. |
solve this issue via #1188 |
Feature Request
Is your feature request related to a problem? Please describe:
Chaos can be created and deleted by anyone who has access to the dashboard, and the authority of dashboard is very high, it means the Dashboard is a big security hazard.
Describe the feature you'd like:
The dashboard should support authority management, login by service account and token created by k8s. And the user can only do the chaos limited by the role bind with the service account.
The text was updated successfully, but these errors were encountered: