Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn Users when running with --insecure #1959

Open
3 of 15 tasks
bigkevmcd opened this issue Apr 20, 2022 · 1 comment
Open
3 of 15 tasks

Warn Users when running with --insecure #1959

bigkevmcd opened this issue Apr 20, 2022 · 1 comment
Labels
area/ui Issues that require front-end work bug Something isn't working severity/high low < medium < high < critical

Comments

@bigkevmcd
Copy link
Contributor

Describe the bug
When TLS is disabled, authentication tokens are transmitted without encryption.

Is this a UI bug or a server bug?

  • UI
  • Server

What is the severity of the bug
Unencrypted Authentication Tokens could be captured.

  • severity/Critical: Weave GitOps is crashing or experiencing data loss, the UI is inaccessible or a key feature is unusable. There is no known workaround
  • severity/Major: Weave Gitops functionality is broken, there is a workaround, but the workaround requires significant effort
  • severity/Minor: Weave Gitops functionality is broken, but there is a fairly straightforward workaround
  • severity/Low: Doesn’t affect primary flow/functionality but would be good to fix

Environment

  • gitops: [e.g. v0.1.0]
  • How you deployed the Weave GitOps server: [e.g. Tilt, Helm Chart, etc]
  • kubernetes: [e.g. 1.20.4]
    • KinD - version]
    • k3s - version
    • cloud [e.g., EKS, AKS] version
    • other - name version
  • Browser + version: [e.g. chrome 74, safari 12, firefox 87]

To Reproduce
Steps to reproduce the behavior:

Expected behavior
Users should be warned that their credentials are not secure when --insecure is configured.

Config and Logs
If applicable, add logs to help explain your problem. please compress the output before attaching

  • Logs from the wego-app pod
  • Events from flux-system namespace (Or the namespace you deployed flux and/or Weave GitOps)
  • kubectl cluster-info dump
  • Prometheus alerts
  • Flux logs

Screenshots

Additional context
@bigkevmcd bigkevmcd added the bug Something isn't working label Apr 20, 2022
@Callisto13 Callisto13 added the severity/high low < medium < high < critical label Apr 22, 2022
@Callisto13 Callisto13 self-assigned this Apr 26, 2022
@Callisto13 Callisto13 mentioned this issue Apr 26, 2022
Closed
@Callisto13 Callisto13 added the area/ui Issues that require front-end work label Apr 26, 2022
@Callisto13 Callisto13 mentioned this issue Apr 26, 2022
Closed
@lasomethingsomething
Copy link
Contributor

Still an issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ui Issues that require front-end work bug Something isn't working severity/high low < medium < high < critical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bigkevmcd @lasomethingsomething @Callisto13 @sympatheticmoose @joshri