Skip to content

oauth2 login is not enforced and does not work - potential missing documentation #755

Description

@gboor

Which component(s) is affected?

Kubero UI

Describe the bug

I configured Kubero according to the latest documentation with kubero.auth.oauth2.enabled set to true and all the relevant values filled out;

....
spec:
  kubero:
    readonly: false
    webhook_url: https://....
    auth:
      oauth2:
        enabled: true
....

First thing is that the container refused to run unless I also set OAUTH2_CLIENT_SECRET in the secret. Which is weird, because in the documentation it says to (also?) set this in the oauth2 config. Both are now set.

This does nothing. The UI just shows up without ANY authentication at all. I can open the URL and it just goes into the UI and I can perform all operations.

Next I set KUBERO_USERS to an empty list (W10= which is base64 for []).
Now the UI shows a login form, but only for username and password.

There is no indication in the documentation on how to log in with oauth2 or how to enforce it.

Steps to reproduce

  1. Deploy kubero as per documentation
  2. Edit the deployment config to set up oauth2
  3. Restart the pod or re-do the deployment
  4. Open the UI - no login of any kind is enforced

Expected behavior

I expect the login screen to show up and offer me an option to log in with oauth2.
If local users are enabled (even as empty list), I expect some option to go for oauth2.

Screenshots

Image

Additional information

No response

Debug information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions