Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[backport v2.10.1] Rancher UI New component health checks "Cattle" and "Fleet" fail for standard users with only project membership #12685

Closed
github-actions bot opened this issue Nov 26, 2024 · 1 comment
Closed

[backport v2.10.1] Rancher UI New component health checks "Cattle" and "Fleet" fail for standard users with only project membership #12685

github-actions bot opened this issue Nov 26, 2024 · 1 comment
Assignees
@aalves08
Labels
area/dashboard JIRA kind/bug QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this QA/None size/1 Size Estimate 1 status/backport-candidate
Milestone
v2.10.1

Comments

@github-actions
Copy link
Contributor

This is a backport issue for #12680, automatically created via GitHub Actions workflow initiated by @gaktive

Original issue body:

Jira issue: SURE-9187, reopened
Related issue #12259

Describe the bug

The users still have the bug reported in #12259

Additional logs from customers:

The API response (no permissions)

Example 1:
{

    "type": "error",

    "links": {},

    "code": "Forbidden",

    "message": "apps.catalog.cattle.io \"rancher-monitoring\" is forbidden: User \"user\" cannot get resource \"apps\" in API group \"catalog.cattle.io\" in the namespace \"cattle-monitoring-system\"",

    "status": 403
}

Example 2:
{

    "type": "error",

    "links": {},

    "code": "Forbidden",

    "message": "statefulsets.apps \"fleet-agent\" is forbidden: User \"user\" cannot get resource \"statefulsets\" in API group \"apps\" in the namespace \"cattle-fleet-system\"",

    "status": 403
}

Proposed Solution

The health boxes should be hidden if the user has no access to the cattle-cluster-agent and fleet-agent objects.
@github-actions github-actions bot added area/dashboard JIRA kind/bug QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this QA/None status/backport-candidate labels Nov 26, 2024
@github-actions github-actions bot added this to the v2.10.1 milestone Nov 26, 2024
@gaktive gaktive added the size/1 Size Estimate 1 label Nov 27, 2024
This was referenced Nov 28, 2024
Merged
Merged
@yonasberhe23
Copy link
Contributor

Issue fixed. Tested in local/downstream cluster following these repro steps:

  • Create a standard user
  • Assign them to System project with the custom role View Monitoring

Tested in:

  • Rancher v2.10-d268d218b4bc29b029ae9b3433d1a9ac49a6f370-head
  • Dashboard release-2.10 be1fdec

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aalves08 aalves08

Labels
area/dashboard JIRA kind/bug QA/dev-automation Issues that engineers have written automation around so QA doesn't have look at this QA/None size/1 Size Estimate 1 status/backport-candidate
Projects
None yet
Milestone
v2.10.1
Development

No branches or pull requests
4 participants
@gaktive @mantis-toboggan-md @aalves08 @yonasberhe23