Is there any way to have access control on the Cadence/Temporal dashboard?

Akshay_Goyal · September 3, 2020, 6:22am

Is there any way to have access control on the Cadence/Temporal dashboard?
Also would br great if we can have access control over domain/namespaces.

ryland · September 3, 2020, 4:58pm

As of today neither Temporal or Cadence support any form of access control. I can’t speak for Cadence but Temporal will support this in the future at some level. It will definitely be supported in our hosted offering but may find its way into open source in some form.

I believe some users have added their own wrappers around Web to support this.

Akshay_Goyal · September 3, 2020, 7:04pm

Can you point me to some of those wrappers?

m-tanner · February 23, 2021, 10:06pm

@ryland I’d like to bump @Akshay_Goyal’s question - could you please point me to any of the wrappers that you mention?

ProximaB · February 27, 2021, 7:56am

First thing that came in to my head is simple a reverse proxy. Isolate the temporal client and expose it by another service that handle authentication.

Top results about authentication with reverse proxy:

Some random picture:

m-tanner · February 27, 2021, 3:18pm

@ProximaB I feel bad for your coworkers; you must be miserable to work with. Every time you know more than someone else you question whether or not they deserve to be programmers?

Your suggestion is more-or-less exactly what I deployed into k8s yesterday and it, indeed, works great! Thanks for putting it here on this thread for other members of the community to see!

In case anyone else needs to interact with an active directory through k8s, I would suggest dex. It works great as the identity provider and I communicated with it via an additional openresty container in my deployment.

Cheers!

ryland · February 27, 2021, 8:22pm

I appreciate the helpful input everyone provided but feel that we could all be treating each other a bit more respectfully. I’m of the opinion that helpful information is rarely worth giving if it’s not delivered in a helpful way.

I think from the Temporal point of view, this question is essentially solved. In the last few releases authentication and authorization have been supported out of the box: https://docs.temporal.io/docs/server-security

As for Cadence, we have no control or influence on how the project is developed or what features are added. The reverse proxy sounds like a reasonable if you are set on staying with Cadence. There are no open source wrappers that I know if so unfortunately nothing I can point you towards.

I’m choosing to lock this thread as I’m not sure if there’s much more constructive discussion left to have.

Topic		Replies	Views
Authorization, Untrusted workflow creation and namespace authentication Community Support auth	20	3532	September 12, 2023
Access Control on Cadence Web Community Support cadence , security , web-ui	3	690	July 25, 2020
Temporal WEB UI Community Support web-ui	2	901	September 8, 2022
Rbac support in Temporal Community Support general-impl	2	213	November 28, 2023
Namespace based authentication/filtering Community Support web-ui	5	850	May 6, 2021

Is there any way to have access control on the Cadence/Temporal dashboard?

Related Topics