Can't Create/Update a Project Using the API with Same ProjectNamespaceRole

[estein9825]

Expected vs actual behavior

When I attempt to run the POST Project API against the latest version of paralus with multiple projectNamespaceRoles assigning the same project/namespace rights to two different groups, I get an error.

{
    "apiVersion": "system.k8smgmt.io/v3",
    "kind": "Project",
    "metadata": {
        "name": "postman",
        "description": "from postman"
    },
    "spec": {
        "projectNamespaceRoles": [
            {
                "role": "PROJECT_READ_ONLY",
                "project": "postman",
                "group": "AccTest"
            },
            {
                "role": "PROJECT_READ_ONLY",
                "project": "postman",
                "group": "AccTest2"
            }
        ]
    }
}

This is the error:

{
    "code": 2,
    "message": "unable to create mapping in authz; rpc error: code = Internal desc = ERROR: duplicate key value violates unique constraint \"idx_casbin_rule\" (SQLSTATE=23505)"
}

You should be able to assign the same type of permission to multiple groups at the same time.

The workaround is to create them with variation and then go and update the groups with the appropriate permissions or create an empty project first and create the groups and assign them to the project at creation time.

Steps to reproduce the bug

1. Create two groups named as above
2. Run the request against paralus
3. The error will occur.

Are you using the latest version of the project?

You can check your version by running helm ls|grep '^<deployment-name>' or using pctl, pctl version, and provide the output.

PCTL version

VERSION: 0.1.0
BUILD: 0.1.0
BUILD-TIME: 1656329967
ARCH: darwin/amd64

What is your environment setup? Please tell us your cloud provider, operating system, and include the output of kubectl version --output=yaml and helm version. Any other information that you have, eg. logs and custom values, is highly appreciated!

Kubectl Version

clientVersion:
  buildDate: "2022-08-23T17:44:59Z"
  compiler: gc
  gitCommit: a866cbe2e5bbaa01cfd5e969aa3e033f3282a8a2
  gitTreeState: clean
  gitVersion: v1.25.0
  goVersion: go1.19
  major: "1"
  minor: "25"
  platform: darwin/amd64
kustomizeVersion: v4.5.7
serverVersion:
  buildDate: "2022-11-29T18:41:42Z"
  compiler: gc
  gitCommit: 52e500d139bdef42fbc4540c357f0565c7867a81
  gitTreeState: clean
  gitVersion: v1.22.16-eks-ffeb93d
  goVersion: go1.16.15
  major: "1"
  minor: 22+
  platform: linux/amd64

Helm Version

version.BuildInfo{Version:"v3.10.3", GitCommit:"835b7334cfe2e5e27870ab3ed4135f136eecc704", GitTreeState:"clean", GoVersion:"go1.19.4"}

(optional) If you have ideas on why the bug happens or how it can be solved, please provide it here

• [ X] I've described the bug, included steps to reproduce it, and included my environment setup with all customizations.
• [ X] I'm using the latest version of the project.

[estein9825]

So when I run the above body locally, I see this attempted insert into the database:

[7.856ms] [rows:0] INSERT INTO "casbin_rule" ("ptype","v0","v1","v2","v3","v4","v5") VALUES ('p','g:','*','postman','DefaultOrg','PROJECT_READ_ONLY',''),('p','g:','*','postman','DefaultOrg','PROJECT_READ_ONLY','') RETURNING "id"

For some reason it looks like the group value isn't even being populated.

[akshay196]

There must be some problem retrieving group from db. Probable bug in this part of code: https://github.com/paralus/paralus/blob/main/pkg/service/project.go#L467-L528