-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Actions that cannot be performed by a Cluster member are available on an RKE1 cluster in a rancher setup when RKE2 flag is disabled #35828
Comments
Pushing out a version based on time. @sowmyav27 was it all actions or any specific ones? |
Another link to hide, should be simple. |
@davidnuzik What actions are you expecting to see with each user type? For:
If the visibility of these 2 is the issue, then we will need to transfer this to the backend team to ensure the action metadata is correctly provided for the given user/cluster. |
@sowmyav27 Is there someone who can answer the question on this issue? |
@nwmac Here is a comparison if this helps. We should see this (RKE2 feature flag enabled (default) or not actually based on my tests -- I don't think the feature flag matters) But instead, we see this on RKE1 clusters, however members do not have permission to take snapshots (and restore snapshots) and rotate certs. Snapshot commands and rotating certs should not be shown on RKE1 clusters in the Vue UI when the user is a cluster member. |
@davidnuzik I've checked the UI code - for snapshots, we check for the action I will transfer to rancher/rancher for the backend team to have a look to ensure that the actions are returned correctly based on the user's permissions. |
It's possible that controller(s) that should be tied to V2 provisioning flag are controlled by RKE2 flag instead. We may need to switch which flag enables these controllers. |
I reproduced this on a local single node DO RKE1 cluster, with the RKE2 flag both enabled and disabled. Both times I saw the PR in with fix #35963. |
Testing templateRoot causeA standard cluster member on an RKE1 cluster was seeing options reserved for a cluster admin because the logic in the Norman API on what actions to make permissible to a user was incorrect. What was fixed, or what changes have occurred
Areas or cases that should be tested
What areas could experience regressions ?Rancher UI actions list for an RKE1 cluster if logic is overwritten. Are the repro steps accurate/minimal ?Yes. |
Reproduction Setup
Reproduction Steps
Result The actions available in the dropdown are not the permissible actions of a standard user. **Setup For Validation **
Results The correct actions are available. Screenshot Reproduction Screenshot: |
On 2.6-head commit id:
b43e4d9
Actions that cannot be performed by a Cluster member are available on an RKE1 cluster in a rancher setup when RKE2 flag is disabled
![Screen Shot 2021-08-24 at 11 04 08 PM](https://user-images.githubusercontent.com/26032343/130735223-25c71212-db96-459a-ad96-26cf74862442.png)
The text was updated successfully, but these errors were encountered: