You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've read some great concepts for security when it comes to Atlantis's UI. Using OAuth2-Proxy in the front for SSO such as GitHub for authentication, or mapping the prefix through a reverse proxy where only the /events is only visible and not the / root. However, I do have a question in regards to the Atlantis UI for developer use.
My first question deals with Atlantis's UI main page: I do not see a point in allowing developers to see the main page where the Apply commands are enabled can be messed with by developers. I'm unsure on why it is visible on the main page but would like an explanation if possible. Is it a fail-safe for terraform apply deployments for rogue actors?
My second question deals with Atlantis's UI for improving security, mostly on my side: I have been able to use Istio (reverse-proxy) to have /events be only used to disable / root but I would like to have Istio's prefix of /jobs/* be viewable for developers so they can see real-time logging of the Terraform when they click on Details in the GitHub PR. Is it possible for me to disable the / root and have only /jobs/* show? Just a curious question on my side.
All in all. Thank you all for the support and I am eager to see Atlantis come to CNCF!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I've read some great concepts for security when it comes to Atlantis's UI. Using OAuth2-Proxy in the front for SSO such as GitHub for authentication, or mapping the prefix through a reverse proxy where only the
/eventsis only visible and not the/root. However, I do have a question in regards to the Atlantis UI for developer use.My first question deals with Atlantis's UI main page: I do not see a point in allowing developers to see the main page where the
Apply commands are enabledcan be messed with by developers. I'm unsure on why it is visible on the main page but would like an explanation if possible. Is it a fail-safe forterraform applydeployments for rogue actors?My second question deals with Atlantis's UI for improving security, mostly on my side: I have been able to use Istio (reverse-proxy) to have
/eventsbe only used to disable/root but I would like to have Istio's prefix of/jobs/*be viewable for developers so they can seereal-time loggingof the Terraform when they click onDetailsin the GitHub PR. Is it possible for me to disable the/root and have only/jobs/*show? Just a curious question on my side.All in all. Thank you all for the support and I am eager to see Atlantis come to CNCF!
Beta Was this translation helpful? Give feedback.
All reactions