Allow guest access to dashboard

[julian7]

There was a way in Uchiwa to make the dashboard publicly available. Sensu-go dashboard, however, requires authentication for dashboard access. I'd like to provide a limited, anonymously available dashboard.

Expected Behavior

• A limited dashboard should be available with no sign in
• Dashboard should allow signing in later on

Current Behavior

• Dashboard requires manual sign in before first use.

Possible Solution

By heart, I'd like to make some API endpoints publicly available.

Context

Currently I have an "Is the app I'm using up?" dashboard, which queries sensu-api every minute from the user's browser, showing red/green pills for each app. This is an easy and nice way to communicate current status.

Then, users can click on those pills to get to a specific page in uchiwa (pointing to the clients page, filtered by subscription) to allow them getting into details. API endpoints available to this dashboard is currently proxied to sensu-api with adding a basic auth header.

Your Environment

• Sensu version used (sensuctl, sensu-backend, and/or sensu-agent): 5.1.0
• Installation method (packages, binaries, docker etc.): packages
• Operating System and version (e.g. Ubuntu 14.04): CentOS 7.6

[julian7]

@annaplotkin please specify whom should discuss this, I'm available for a chat.

[geez]

How can we disable auth on the new sensu UI fellas and get no sign in please? We're already fronting it with a reverse proxy and ldap auth.

[calebhailey]

@julian7 @geez hi there :wave: my apologies for the long radio silence here.

Historically, this has always been an idea we've put on the "nice to have" list, but we've never been able to prioritize it because we didn't have a clear enough set of user stories to justify the investment. Having said that, we'd love to dig in and learn more about how we might be able to help!

Most of the user stories we have collected generally align more closely with tools like https://www.statuspage.io or https://cachethq.io – end-user status pages. From my perspective, the original ask in this issue rhymes with that use case:

Currently I have an "Is the app I'm using up?" dashboard, which queries sensu-api every minute from the user's browser, showing red/green pills for each app. This is an easy and nice way to communicate current status.

Then, users can click on those pills to get to a specific page in uchiwa (pointing to the clients page, filtered by subscription) to allow them getting into details. API endpoints available to this dashboard is currently proxied to sensu-api with adding a basic auth header.

My thoughts around these use cases have generally fallen into three categories:

1. "Something something SSO something?" Who are the users who need access to a public Sensu dashboard? Are they members of your organization, or external customers? In either case, Sensu can be configured with multiple SSO providers, and that tends to reduce quite a bit of the underlying friction that might prompt a request for guest access to the dashboard.

   NOTE: if I'm being blunt, this is basically the "won't fix" response since we already offer fairly robust SSO integrations. When we've proposed this solution in the past it's really because we're trying to understand the underlying use case... have you already tried SSO and that doesn't work? If so, then why?

2. "Make it easier to integrate Sensu with first-class status page tools" As noted above, there are already great tools for public status pages... so perhaps we just need a supported integration or new built-in features that make it easy to configure public status pages. This could include publishing the underlying details you'd expect a guest to access in the Sensu dashboard (i.e. instead of "users can click on those pills to get to a specific page in [Sensu's dashboard]", expand the pill to show the details directly in the public status dashboard).

3. "Develop a built-in guest dashboard in Sensu (i.e. native statuspage.io alternative)" If the desired outcome is to offer guest users an "is the app I'm using up?" dashboard, why not build that experience into Sensu? In my mind this would be a completely different UI than logged-in users see.

Options 1 through 3 are increasing levels of investment, ranging from "won't fix" (i.e. could our existing SSO integraitons solve this problem?), to a new plugin for Sensu that integrates with a third-party tool, to a full-blown solution built-in to the product. I don't know if these are the right ideas, or if they satisfy the ask in this issue, but that's where we typically end up with these discussions.

I'd love to collect more info about your use case(s). If we can get a clearer picture of the requirements then we might finally be able to prioritize some development here. Let's start with some further discussion via GitHub (i.e. comments in this issue), and go from there.

Cheers!