docs(audit): apply per-cluster judgment fixes across living docs
Resolve audit findings: correct WorkerEnvelope proto/route/metric/session facts; rewrite auth (ZB.MOM.WW.Auth migration), dashboard (ZB.MOM.WW.Theme), and StyleGuide (foreign-project copy-paste); document alarm subsystem, Ldap options, and gateway alarm broker; fix client CLI flags and package paths.
This commit is contained in:
Joseph Doherty
+10
-4
@@ -357,10 +357,16 @@ Allowed UI stack:
|
||||
|
||||
Do not use MudBlazor or other Blazor UI component libraries for v1.
|
||||
|
||||
Dashboard access should require API-key-backed dashboard authentication with
|
||||
`admin` scope when enabled. For local development, anonymous localhost access
|
||||
is enabled by default through `Dashboard:AllowAnonymousLocalhost`; the bypass is
|
||||
limited to loopback requests.
|
||||
Dashboard authentication is LDAP-backed, deliberately separate from the gRPC
|
||||
API-key model: dashboard users are people who already have directory accounts,
|
||||
so reusing LDAP avoids minting and distributing API keys for human operators.
|
||||
`DashboardAuthenticator` binds the supplied credentials against `MxGateway:Ldap`
|
||||
through the shared `ILdapAuthService`, then maps the user's LDAP groups to the
|
||||
`Administrator` or `Viewer` dashboard role via `MxGateway:Dashboard:GroupToRole`.
|
||||
A login whose groups match no role is denied. For local development, anonymous
|
||||
localhost access is enabled by default through
|
||||
`MxGateway:Dashboard:AllowAnonymousLocalhost`; the bypass is limited to loopback
|
||||
requests.
|
||||
|
||||
## Lazy Browse Is Wire-Only
|
||||
|
||||
|
||||
Reference in New Issue
Block a user