How do i disable the default signup and restrict access to authorized users only

hystax / optscale

FinOps and cloud cost optimization tool. Supports AWS, Azure, GCP, Alibaba Cloud and Kubernetes.

https://hystax.com

Apache License 2.0

1.15k stars 160 forks source link

How do i disable the default signup and restrict access to authorized users only #245

Closed yawboateng closed 4 months ago

yawboateng commented 5 months ago

Hello, I got this running on GKE but by default, it has the demo data and anyone can signup with their work email (just like the demo site). How do i disable the default signup and config this to use the GCP oauth?

Thanks

nk-hystax commented 5 months ago

Hello @yawboateng. Could you please describe your use case in more detail? Do you expect OptScale to disallow email-password and Microsoft signup and only use Google signup, or do you need another authorization scheme?

yawboateng commented 5 months ago

Hello @yawboateng. Could you please describe your use case in more detail? Do you expect OptScale to disallow email-password and Microsoft signup and only use Google signup, or do you need another authorization scheme?

So I've enabled Google OAuth login. However, I noticed that the optscale signup button remains available to external users. currently, using that button creates a separate organization for them. I'd like to disable the signup option and restrict login to authorized users within our org via Google OAuth.

nk-hystax commented 4 months ago

There is no ability to disable signup for all external users, but suppose an option to restrict user's signup for certain email domains may be helpful for you (https://github.com/hystax/optscale/blob/058860a930fb9c407f3466fce7b072329b32f1b8/auth/auth_server/controllers/user.py#L68C1-L76C68).

To enable email domains checks:

update your user_template.yaml with a list of email domains you want to restrict registration for:
```
domains_blacklists:
registration:
- example.com
```
restart your OptScale with runkube.py After that, new signups from the domains_blacklist will be restricted.

We also plan to implement a whitelist domain option to allow signup from a limited number of email domains.

yawboateng commented 4 months ago

yeah, the whitelist will be more useful for my case, since i cant possibly blacklist all domains in the world :) - any idea what the timeline is?

stanfra commented 4 months ago

Hello @yawboateng , whitelist added in https://github.com/hystax/optscale/releases/tag/2024041801-public release.