Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Hide login principal from web UI if no node will actually allow you to use it #3311
What happened: A customer set up a Teleport role for authenticating with Gitlab - this role gives the user permission to log in as
Unfortunately, the list of logins in the web UI is sorted alphabetically and the default username they use is lower alphabetically in the list than
What you expected to happen: We should evaluate RBAC permissions and if the node count where a given login/principal is allowed to log in equals zero, we shouldn't show the login at all in the web UI.
Alternatively, we could provide a way to de-prioritise the
How to reproduce it (as minimally and precisely as possible): Create a role adding a principal but denying all labels, then observe that the user still appears in the web UI even though no node can make use of it.