Bug: Permission groups are not saved #6453
Description
📜 Description
I installed v1.3.1 using Helm chart.
Whenever I save permission groups, it says "success" but not save any data.
Here's related logs.
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: {"level":"info","ts":1742262180.5098188,"caller":"user/UserRestHandler.go:692","msg":"request payload, UpdateRoleGroup","err":null,"payload":{"id":5,"name":"test","roleFilters":[{"entity":"cluster","team":"","entityName":"","environment":"","action":"view","accessType":"","cluster":"default_cluster","namespace":"","group":"","kind":"","resource":"","workflow":""}],"superAdmin":false}}
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: policy reloaded successfully
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: {"level":"warn","ts":1742262180.5127764,"caller":"user/UserCommonService.go:416","msg":"no role found for given filter","filter":{"entity":"cluster","team":"","entityName":"","environment":"","action":"view","accessType":"","cluster":"default_cluster","namespace":"","group":"","kind":"","resource":"","workflow":""}}
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: {"level":"error","ts":1742262180.513287,"caller":"repository/RbacDataCacheFactory.go:100","msg":"default role not found","entity":"cluster","accessType":"","roleType":"view","stacktrace":"github.com/devtron-labs/devtron/pkg/auth/user/repository.(*RbacDataCacheFactoryImpl).GetDefaultRoleDataAndPolicyByEntityAccessTypeAndRoleType\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/repository/RbacDataCacheFactory.go:100\ngithub.com/devtron-labs/devtron/pkg/auth/user.UserCommonServiceImpl.getDefaultRbacRoleAndPolicyByRoleFilter\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/UserCommonService.go:152\ngithub.com/devtron-labs/devtron/pkg/auth/user.UserCommonServiceImpl.getRenderedRoleAndPolicy\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/UserCommonService.go:138\ngithub.com/devtron-labs/devtron/pkg/auth/user.UserCommonServiceImpl.CreateDefaultPoliciesForAllTypesV2\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/UserCommonService.go:122\ngithub.com/devtron-labs/devtron/pkg/auth/user.UserCommonServiceImpl.CreateDefaultPoliciesForAllTypes\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/UserCommonService.go:112\ngithub.com/devtron-labs/devtron/pkg/auth/user.RoleGroupServiceImpl.CreateOrUpdateRoleGroupForClusterEntity\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/RoleGroupService.go:227\ngithub.com/devtron-labs/devtron/pkg/auth/user.RoleGroupServiceImpl.UpdateRoleGroup\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/RoleGroupService.go:455\ngithub.com/devtron-labs/devtron/api/auth/user.UserRestHandlerImpl.UpdateRoleGroup\n\t/go/src/github.com/devtron-labs/devtron/api/auth/user/UserRestHandler.go:712\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/devtron-labs/common-lib/middlewares.Recovery.func1\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/devtron-labs/common-lib/middlewares/recovery.go:52\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/devtron-labs/devtron/internal/middleware.PrometheusMiddleware.func1\n\t/go/src/github.com/devtron-labs/devtron/internal/middleware/instrument.go:132\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/gorilla/mux/mux.go:210\nmain.(*App).Start.(*App).Start.Authorizer.func1.func2\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go:92\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2943\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:2014"}
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: {"level":"error","ts":1742262180.5133483,"caller":"user/RoleGroupService.go:458","msg":"error in creating updating role group for cluster entity","err":"default policy not found","roleFilter":{"entity":"cluster","team":"","entityName":"","environment":"","action":"view","accessType":"","cluster":"default_cluster","namespace":"","group":"","kind":"","resource":"","workflow":""},"stacktrace":"github.com/devtron-labs/devtron/pkg/auth/user.RoleGroupServiceImpl.UpdateRoleGroup\n\t/go/src/github.com/devtron-labs/devtron/pkg/auth/user/RoleGroupService.go:458\ngithub.com/devtron-labs/devtron/api/auth/user.UserRestHandlerImpl.UpdateRoleGroup\n\t/go/src/github.com/devtron-labs/devtron/api/auth/user/UserRestHandler.go:712\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/devtron-labs/common-lib/middlewares.Recovery.func1\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/devtron-labs/common-lib/middlewares/recovery.go:52\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/devtron-labs/devtron/internal/middleware.PrometheusMiddleware.func1\n\t/go/src/github.com/devtron-labs/devtron/internal/middleware/instrument.go:132\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\ngithub.com/gorilla/mux.(*Router).ServeHTTP\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/gorilla/mux/mux.go:210\nmain.(*App).Start.(*App).Start.Authorizer.func1.func2\n\t/go/src/github.com/devtron-labs/devtron/vendor/github.com/devtron-labs/authenticator/middleware/AuthMiddleware.go:92\nnet/http.HandlerFunc.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2141\nnet/http.serverHandler.ServeHTTP\n\t/usr/local/go/src/net/http/server.go:2943\nnet/http.(*conn).serve\n\t/usr/local/go/src/net/http/server.go:2014"}
[Mar 18 2025 10:43:00 GMT+0900] devtron-7d87c76799-b628s: policy reloaded successfully
I've checked the postgresql data with query select * from rbac_policy_data where entity='cluster' and role='view' and it returned 1 row.
id | entity | access_type | role |
policy_data
| created_on | created_by | updated_on | updated_by | is_preset_role | deleted
----+---------+-------------+------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--+-------------------------------+------------+-------------------------------+------------+----------------+---------
13 | cluster | | view | {"sub": {"value": "role:clusterView_%_%_%_%_%", "indexKeyMap": {"17": "Cluster", "19": "Namespace", "21": "Group", "23": "Kind", "25": "Resource"}}, "type": {"value": "p", "indexKeyMap": {}}, "resAc
tObjSet": [{"act": {"value": "get", "indexKeyMap": {}}, "obj": {"value": "%/%/%", "indexKeyMap": {"0": "GroupObj", "2": "KindObj", "4": "ResourceObj"}}, "res": {"value": "%/%", "indexKeyMap": {"0": "ClusterObj", "2": "NamespaceObj"}}}]
} | 2025-03-11 02:16:47.592904+00 | 1 | 2025-03-11 02:16:47.592904+00 | 1 | t | f
(1 row)
👟 Reproduction steps
- Go to Global Configurations -> Authorization -> Permission Groups
- Create/Edit group
- Set any k8s permissions
- Click "Save" ( no error )
- Click and view permissions for just created/edited group
👍 Expected behavior
I can see the permissions I set.
👎 Actual Behavior
No permissions
☸ Kubernetes version
EKS 1.31
Cloud provider
Details
AWS EKS🌍 Browser
Chrome
🧱 Your Environment
- Chrome 133.0.6943.142
✅ Proposed Solution
No response
👀 Have you spent some time to check if this issue has been raised before?
- I checked and didn't find any similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct