Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snapshots tab is missing for cluster owner that is a standard user #37630

Closed
timhaneunsoo opened this issue May 6, 2022 · 10 comments
Closed

Snapshots tab is missing for cluster owner that is a standard user #37630

timhaneunsoo opened this issue May 6, 2022 · 10 comments
Assignees
@KevinJoiner @mantis-toboggan-md @Jono-SUSE-Rancher @thaneunsoo
Labels
release-note Note this issue in the milestone's release notes team/area1
Milestone
v2.6.7

Comments

@timhaneunsoo
Copy link

timhaneunsoo commented May 6, 2022
edited by cbron

Setup

  • Rancher version: v2.6.5-rc8
  • Browser type & version: Chrome Build 101.0.4951.54

Describe the bug

After creating a cluster with Standard user, the snapshots tab is missing and doesn't appear until I an admin takes a snapshot from the Cluster Management page.

To Reproduce

  1. Create RKE2 node driver cluster
  2. Click on cluster from Cluster management page
  3. Look for Snapshots on navigation tab

Result
Snapshots tab is missing
image

Expected Result

Snapshots tab should be there.
image
@timhaneunsoo timhaneunsoo self-assigned this May 6, 2022
@mantis-toboggan-md
Copy link
Member

The snapshot tab is only shown if the current user has access to the relevant schema, and that schema has a 'collection' link: this was implemented pretty recently here. All that makes sense, but I think there is a backend bug here. Standard users can't load the rke.cattle.io.etcdsnapshot schema unless they've already created a snapshot (or someone else has made one in their cluster).

@mantis-toboggan-md mantis-toboggan-md transferred this issue from rancher/dashboard May 6, 2022
@gaktive gaktive added this to the v2.6.5 milestone May 6, 2022
@Jono-SUSE-Rancher
Copy link
Contributor

@samjustus based on the feedback from Nancy, this is almost certainly going to be a Neo issue. Can you prioritize for 2.6.6? We should release note for 2.6.5.

@sowmyav27
Copy link
Contributor

sowmyav27 commented May 9, 2022
edited

On 2.6head commit id: 628b1b9

  • Deployed an RKE2 cluster
  • Add user1 as cluster owner
  • Login as user1
  • snapshots tab is missing
  • As user1 take a manual snapshot
  • Snapshot tab and snapshots are available
  • Restore option is also available on the snapshot

@KevinJoiner KevinJoiner mentioned this issue May 9, 2022
Closed
@cbron
Copy link
Contributor

cbron commented May 9, 2022
edited

@sowmyav27 @timhaneunsoo aren't your scenario's different ? Original case is for cluster owner / creator, and not a cluster member. Fixed above

@sowmyav27 sowmyav27 modified the milestones: v2.6.5, v2.6.6 May 9, 2022
@KevinJoiner
Copy link
Contributor

I've spent some time looking into this and the cause of the issue stems from how we are storing and granting snapshot permissions. Each snapshot is stored in the fleet-default namespace. Then a rolebinding is created for the given snapshot to allow the appropriate users/groups access. Since the access to rke.cattle.io.etcdsnapshot is on a per snapshot bases when there are no snapshots create users have no access to rke.cattle.io.etcdsnapshot.

@KevinJoiner KevinJoiner mentioned this issue May 17, 2022
Open
@KevinJoiner KevinJoiner mentioned this issue May 18, 2022
Merged
@cbron cbron mentioned this issue Jun 15, 2022
Closed
This was referenced Jun 15, 2022
Merged
Merged
@zube zube bot removed the [zube]: Next Up label Jun 21, 2022
@zube zube bot removed the [zube]: Review label Jun 24, 2022
@timhaneunsoo
Copy link
Author

Test Environment:

Rancher version: v2.6-head f40e542
Rancher cluster type: HA
Docker version: 20.10

Downstream cluster type: RKE2 node driver

Testing:

Tested this issue with the following steps:

  1. Create RKE2 node driver cluster
  2. Click on cluster from Cluster management page
  3. Look for Snapshots on navigation tab

Result - Pass
After creating a cluster with Standard user, the snapshots tab is no longer missing.
image.png

@zube zube bot closed this as completed Jul 6, 2022
@zube zube bot assigned thaneunsoo and unassigned timhaneunsoo Jul 25, 2022
@samjustus samjustus added the release-note Note this issue in the milestone's release notes label Aug 4, 2022
@samjustus
Copy link
Collaborator

@KevinJoiner will need release note for this issue

@KevinJoiner
Copy link
Contributor

Release Note

Synopsis of issue: Users with the role 'Cluster Owners' who were not also 'Admins' were not able to manage snapshots on rke2 clusters.
Status: Resolved

@zube zube bot removed the [zube]: Done label Oct 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KevinJoiner KevinJoiner

@mantis-toboggan-md mantis-toboggan-md

@Jono-SUSE-Rancher Jono-SUSE-Rancher

@thaneunsoo thaneunsoo

Labels
release-note Note this issue in the milestone's release notes team/area1
Projects
None yet
Milestone
v2.6.7
Development

No branches or pull requests