Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/8.0] Default to browser token auth in dashboard standalone #3469

Merged
merged 2 commits into from
Apr 8, 2024
Merged

[release/8.0] Default to browser token auth in dashboard standalone #3469

merged 2 commits into from
Apr 8, 2024

Conversation

JamesNK
Copy link
Member

@JamesNK JamesNK commented Apr 8, 2024
edited
Loading

Backports #3427

Customer Impact

This PR changes the dashboard to default frontend auth to browser token. Previously, the dashboard would throw an error if no auth was configured unless suppressed. Providing a good default instead of an error makes using the standalone dashboard a nicer experience when getting started and it offers a secure default rather than forcing users to explicitly opt-out of auth altogether.

While making these changes, I tested the standalone dashboard much more heavily than before and found some related bugs. They're also fixed in this PR.

This PR:

  • Changes dashboard to default to browser token auth in the frontend, and unsecured in OTLP endpoint
  • Displays a warning about the unsecured OTLP endpoint in the console and in the UI with a message bar
  • Fixes the browser token being generated multiple times
  • Fixes the addresses written to the console to be the first address (matches host) instead of the last address
  • Fixes the addresses written to the console to be localhost if localhost is specified.

Demo:

standalone-browser-token

Testing

Manual and unit tests.

Risk

Low-Medium. Changing the default auth mode is a simple change. There is some new UI (message bar) for warning about unsecured OTLP endpoint.

Regression?

No

Microsoft Reviewers: Open in CodeFlow

@JamesNK JamesNK added area-dashboard security 🔐 Servicing-consider Issue for next servicing release review labels Apr 8, 2024
@danmoseley danmoseley added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Apr 8, 2024
@davidfowl davidfowl merged commit a7c3ac3 into release/8.0 Apr 8, 2024
8 checks passed
@davidfowl davidfowl deleted the jamesnk/standalone-browsertoken-8.0 branch April 8, 2024 18:08
@danmoseley danmoseley mentioned this pull request Apr 12, 2024
Closed
@github-actions github-actions bot locked and limited conversation to collaborators May 9, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@davidfowl davidfowl davidfowl approved these changes

@tlmii tlmii tlmii approved these changes

@drewnoakes drewnoakes Awaiting requested review from drewnoakes

@adamint adamint Awaiting requested review from adamint

@kvenkatrajan kvenkatrajan Awaiting requested review from kvenkatrajan

Assignees
No one assigned
Labels
area-dashboard security 🔐 Servicing-approved Approved for servicing release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@JamesNK @davidfowl @tlmii @danmoseley