kafbat / kafka-ui

Open-Source Web UI for managing Apache Kafka clusters
http://ui.docs.kafbat.io
Apache License 2.0
603 stars 80 forks source link

GitLab's OAuth2.0 white screen after sign in #408

Closed IIPOCTAK closed 5 months ago

IIPOCTAK commented 5 months ago

Issue submitter TODO list

Describe the bug (actual behavior)

When GitLab's sign in is complete entire screen is white

Expected behavior

I should see UI tab

Your installation details

We are using GitLab as OAuth provider for some applications, kafka-ui in the list. Our configuration is:

---
kafka:
  clusters:
    - name: <cluster>
      bootstrapServers: <redacter>

spring:
  security:
    oauth2:

auth:
  type: OAUTH2
  oauth2:
    client:
      gitlab:
        clientId: <redacted>
        clientSecret: <redacted>
        scope: 'openid'
        client-name: gitlab
        provider: gitlab
        redirect-uri: https://<redacted>/login/oauth2/code/gitlab
        issuer-uri: https:// <redacted>
        authorization-grant-type: authorization_code
        user-name-attribute: nickname
        custom-params:
          type: oauth
          roles-field: nickname

management:
  health:
    ldap:
      enabled: false

rbac:
  roles:
    - name: "admins"
      cluster:
        - <cluster>
      subjects:
        - provider: oauth
          type: role
          value: "<nickname>"
      permissions:
        - resource: applicationconfig
          actions: all

        - resource: clusterconfig
          actions: all

        - resource: topic
          value: ".*"
          actions: all

        - resource: consumer
          value: ".*"
          actions: all

        - resource: schema
          value: ".*"
          actions: all

        - resource: connect
          value: ".*"
          actions: all

        - resource: ksql
          actions: all

        - resource: acl
          value: ".*"
          actions: [ view ]

Steps to reproduce

Deploy application using helm chart and setup GitLab OAuth2

Screenshots

Screenshot 2024-05-22 at 16 03 42

Logs

In the log I see successful login:

With debug: on:

Additional context

Helm values:

replicaCount: 1

image:
  registry: ghcr.io
  repository: kafbat/kafka-ui
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""

imagePullSecrets: []
nameOverride: ""
fullnameOverride: "kafbat-ui"

...

yamlApplicationConfigConfigMap:
  keyName: config.yaml
  name: kafbat-ui-config
yamlApplicationConfigSecret:
  {}
  # keyName: config.yml
  # name: secretName

existingSecret: "kafbat-ui-env"
envs:
  secret: {}
  config:
    SERVER_SERVLET_CONTEXT_PATH: '/kafka-ui'
    LOGGING_LEVEL_ROOT: 'debug'

...

# Ingress configuration
ingress:
  # Enable ingress resource
  enabled: true

  # Annotations for the Ingress
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: <IPs>

  # ingressClassName for the Ingress
  ingressClassName: "public"

  # The path for the Ingress
  path: "/kafka-ui"

  # The path type for the Ingress
  pathType: "Prefix"

  # The hostname for the Ingress
  host: "kafbat-ui.example.com"

  # configs for Ingress TLS
  tls:
    # Enable TLS termination for the Ingress
    enabled: false
    # the name of a pre-created Secret containing a TLS private key and certificate
    secretName: ""

  # HTTP paths to add to the Ingress before the default path
  precedingPaths: []

  # Http paths to add to the Ingress after the default path
  succeedingPaths: []

resources:
  limits:
    cpu: 200m
    memory: 512Mi
  requests:
    cpu: 200m
    memory: 256Mi

...

Note: Without rbac section (only when auth is present) I can login without any problem and see all pages.

github-actions[bot] commented 5 months ago

Hi IIPOCTAK! 👋

Welcome, and thank you for opening your first issue in the repo!

Please wait for triaging by our maintainers.

As development is carried out in our spare time, you can support us by sponsoring our activities or even funding the development of specific issues. Sponsorship link

If you plan to raise a PR for this issue, please take a look at our contributing guide.

Haarolean commented 5 months ago

Hi, can you check browser's dev console for errors and/or failed network requests?

kapybro[bot] commented 5 months ago

Further user feedback is requested. Please reply within 7 days or we might close the issue.

IIPOCTAK commented 5 months ago

@Haarolean Sure. There are only success codes (here I refreshed the page with white screen): Screenshot 2024-05-22 at 16 46 59

kapybro[bot] commented 5 months ago

Thanks for the additional feedback! We'll get back to your issue soon.

Haarolean commented 5 months ago

And the other one please, JS errors in the console.

IIPOCTAK commented 5 months ago

@Haarolean here it is: Screenshot 2024-05-22 at 17 47 54

Haarolean commented 5 months ago

There's a typo in your config, it's clusters, not cluster:

image
IIPOCTAK commented 5 months ago

Yeah, right now everything is working properly. Thank you!