[Hawkular-dev] OpenShift OAuth authentication and authorization for Hawkular APM
Lars Milland
lmi at mailme.dk
Thu Apr 27 10:45:15 EDT 2017
Hi
It would be really great if a functionality for Hawkular APM could be
found/established, matching the one that exists for Hawkular Metrics wise
for OpenShift, where the metrics are stored per tenant/namespace, and then
Hawkular security wise is integrated to the OAuth based security model of
OpenShift.
Is that a requirement/feature that have been considered? Or would it maybe
already be possible to integrate the Hawkular APM components to OpenShift
OAuth based security. Even if the Hawkular APM storage and security model
would not fit to the fully multitenant way of OpenShift, if just the
security model of a Hawkular APM installation could be connected to the
OpenShift OAuth model, then one Hawkular APM instance could be setup with
"service account tokens" used for sending metrics to the instance, and users
could log into the Hawkular APM UI with again OpenShift OAuth managed
credentials, mapped to roles coming from the OAuth ticket. Much the same way
that the security model of the OpenShift integrated Jenkins works - see:
https://github.com/openshift/jenkins-openshift-login-plugin
The current security model of APM is rather limited as far as I understand -
and based solely on a single manually fixed username/password for both
contributing application performance metrics/log entries, and same for the
Hawkular APM UI.
Best regards
Lars Milland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/hawkular-dev/attachments/20170427/3a084e94/attachment.html
More information about the hawkular-dev
mailing list