Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add proper account management for backend components #47

Open
phwissmann opened this issue May 2, 2024 · 2 comments · May be fixed by #159
Open

[Feature] Add proper account management for backend components #47

phwissmann opened this issue May 2, 2024 · 2 comments · May be fixed by #159
Assignees
@pulsargranular
Labels
enhancement New feature or request

Comments

@phwissmann
Copy link
Collaborator

phwissmann commented May 2, 2024
edited by pulsargranular
Loading

Description
The backend components are using default credentials or are publicly available. They should use a secure authentication method or credentials and be protected.

Exposed endpoints

  • Prefect Ui
  • minio
  • Traefik Dashboard
  • archiver backend

Internal services:

  • Postgres

Solution proposals

  • Limit public access through Traefik:
    • Prefect UI
    • Traefik Dashboard
  • publicly accessible (or ip whitelisted?):
    • archiver backend (authentication through jwt token)
    • minio (authentication through internal usermanagment or ldap)

Definition of Done
Only designated admins can log in and use the web interfaces. Services communicate via secure credentials.
@phwissmann phwissmann added the enhancement New feature or request label May 2, 2024
@phwissmann phwissmann self-assigned this May 2, 2024
@phwissmann phwissmann added this to the v1.0-beta milestone May 2, 2024
@phwissmann phwissmann removed this from the Milestone II milestone Jan 8, 2025
@phwissmann
Copy link
Collaborator Author

Traefik CE does not support LDAP integration, only the enterprise edition. However, there is a plugin https://github.com/wiltonsr/ldapAuth

@phwissmann phwissmann removed their assignment Feb 19, 2025
@pulsargranular
Copy link
Collaborator

pulsargranular commented Mar 5, 2025
edited
Loading

I will use our Authentik instance instead of direct LDAP integration, I guess this makes more sense.

@pulsargranular pulsargranular linked a pull request Mar 7, 2025 that will close this issue
47 feature add proper account management for backend components #159
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pulsargranular pulsargranular

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

47 feature add proper account management for backend components SwissOpenEM/ScopeMArchiver
2 participants
@pulsargranular @phwissmann