You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please fill out the issue checklist below and provide ALL the requested information.
I reviewed open and closed Github issues that may be related to my problem.
I am reporting a bug that others will be able to reproduce.
Describe the bug
While testing Apps plugin behavior with users having different RBAC permissions, I found out that when a user who does not have permission to create a workload tries to run tanzu apps workload create command, apps plugin responds with an incorrect message.
Running $ tanzu apps workload create petc --local-path . on a Kind cluster with no Cartographer/TAP/AppToolkit installed.
API Error name:tanzu apps error:no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: workload "default/petc" already exists
Error: exit status 1
✖ exit status 1
Expected behavior
Error: You don't have Cartographer/TAP/AppToolkit installed on your cluster. Please proceed to install it before using this plugin.
Error: exit status 1
✖ exit status 1
Running $ tanzu apps workload create petc-adhol --local-path . on a TAP installed cluster with Pinniped installed where user does not have the permission to create workloads.
API Error name:tanzu apps error:workloads.carto.run "petc-adhol" is forbidden: User "rlee+app-viewer@pivotal.io" cannot get resource "workloads" in API group "carto.run" in the namespace "default": decision made by impersonation-proxy.concierge.pinniped.dev
Error: workload "default/petc-adhol" already exists
Error: exit status 1
✖ exit status 1
Expected behavior
Error: workloads.carto.run "petc-adhol" is forbidden: User "rlee+app-viewer@pivotal.io" cannot get resource "workloads" in API group "carto.run" in the namespace "default": decision made by impersonation-proxy.concierge.pinniped.dev
Error: exit status 1
✖ exit status 1
Version (Apps plugin version, Version of K8s running on cluster)
Apps Plugin version 0.5.1
The text was updated successfully, but these errors were encountered:
atmandhol
changed the title
Apps plugin output is incorrect when a user does not have permission to create workloads
Apps plugin output is incorrect when a user does not have permission to create workloads / Cartographer is not installed
Mar 31, 2022
tanzu apps workload apply and tanzu apps workload update both return the following output
API Error name:tanzu apps error:no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: no matches for kind "Workload" in version "carto.run/v1alpha1"
Error: exit status 1
✖ exit status 1
Paired with Atman yesterday for a bit and we are unsure if we can differentiate between cartographer not present and cartographer not responding because of permissions limitations. If we can, we would like to use different messages for each case.
As a first step we should remove the catch-all condition that incorrectly reports workload <name> already exists which is showing up under both no-permission and no-cartographer-present states.
Please fill out the issue checklist below and provide ALL the requested information.
Describe the bug
While testing Apps plugin behavior with users having different RBAC permissions, I found out that when a user who does not have permission to create a workload tries to run
tanzu apps workload create
command, apps plugin responds with an incorrect message.Running
$ tanzu apps workload create petc --local-path .
on a Kind cluster with no Cartographer/TAP/AppToolkit installed.Expected behavior
Running
$ tanzu apps workload create petc-adhol --local-path .
on a TAP installed cluster with Pinniped installed where user does not have the permission to create workloads.Expected behavior
Version (Apps plugin version, Version of K8s running on cluster)
Apps Plugin version 0.5.1
The text was updated successfully, but these errors were encountered: