Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Can't update any rancher2_role_template #1381

Closed
mouellet opened this issue Aug 2, 2024 · 1 comment
Closed

[BUG] Can't update any rancher2_role_template #1381

mouellet opened this issue Aug 2, 2024 · 1 comment
Assignees
@joesims22
Labels
kind/bug team/collie version/rancher-v2.8 version/v4
Milestone
November Release ...

Comments

@mouellet
Copy link
Contributor

mouellet commented Aug 2, 2024

Rancher Server Setup

  • Rancher version: v2.8.5
  • Installation option (Docker install/Helm Chart):
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): RKE1

Information about the Cluster

  • Kubernetes version: v1.28.7
  • Cluster Type (Local/Downstream): Local

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom): Admin

Provider Information

  • What is the version of the Rancher v2 Terraform Provider in use? v4.2.0
  • What is the version of Terraform in use? v1.5.7

Describe the bug

We have custom roles without external_rules defined. When terraform-provider-rancher2 to v4.2.0 any update to the a rancher2_role_template resource is blocked by the Rancher Webhook with the following error message:

error: roletemplates.management.cattle.io "rt-p***" could not be patched: admission webhook "rancher.cattle.io.roletemplates.management.cattle.io" denied the request: ExternalRules can't be set in RoleTemplates with external=false

The provider might be sending and empty array value for the externalRules attribute to the rancher API but the Rancher Webhook checks for a nil value. See: https://github.com/rancher/webhook/blob/main/pkg/resources/management.cattle.io/v3/roletemplate/validator.go#L130

To Reproduce

With kubectl, edit a roletemplates by adding externalRules: [] to the manifest.

Actual Result

See error above

Expected Result

Role template should be updated

Screenshots

Additional context
@matttrach matttrach self-assigned this Aug 7, 2024
@matttrach matttrach removed their assignment Aug 27, 2024
@pratikjagrut pratikjagrut mentioned this issue Aug 29, 2024
Merged
@matttrach matttrach self-assigned this Sep 5, 2024
This was referenced Sep 5, 2024
Merged
Merged
@matttrach matttrach reopened this Sep 5, 2024
@matttrach matttrach added this to the September Release 2024 milestone Sep 5, 2024
@matttrach matttrach changed the title [BUG] can't update any rancher2_role_template due to new external_rules attribute [BUG] Can't update any rancher2_role_template due to new external_rules attribute Sep 6, 2024
This was referenced Sep 6, 2024
Closed
Closed
@matttrach matttrach removed their assignment Sep 6, 2024
@matttrach matttrach changed the title [BUG] Can't update any rancher2_role_template due to new external_rules attribute [BUG] Can't update any rancher2_role_template Sep 9, 2024
@matttrach matttrach mentioned this issue Sep 16, 2024
Closed
@matttrach matttrach reopened this Sep 30, 2024
@joesims22
Copy link

Validated on v2.10-head id 8b50f83

# Priority Description & Link PASS/FAIL
1 P0 Verify updating RT via TFP is successful ✅ PASS
2 P0 Verify TFP sets external attribute to false by default ✅ PASS
3 P0 Verify external rules value is set to nil if external attribute is not set ✅ PASS
4 P0 Verify external rules cannot be set when updating RT via TFP while external is set to false ✅ PASS
5 P0 Verify external rules can be set when updating RT via TFP after setting external to true ✅ PASS
6 P1 Verify external rules cannot be set via kubectl when external is set to false ✅ PASS
7 P1 Verify external rules can be set when updating RT via kubectl after setting external to true ✅ PASS
8 P0 Verify external rules are removed when external set to false via TFP ✅ PASS
9 P0 Upgrade: Verify updating RT via TFP is successful upon upgrading Rancher ✅ PASS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joesims22 joesims22

Labels
kind/bug team/collie version/rancher-v2.8 version/v4
Projects
None yet
Milestone
November Release 2024
Development

No branches or pull requests
4 participants
@mouellet @matttrach @daviswill2 @joesims22