Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] rancher/rancher-webhook:v0.4.6 broken #45808

Closed
daleckystepan opened this issue Jun 13, 2024 · 8 comments
Closed

[BUG] rancher/rancher-webhook:v0.4.6 broken #45808

daleckystepan opened this issue Jun 13, 2024 · 8 comments
Labels
area/webhook kind/bug Issues that are defects reported by users or that we know have reached a real release

Comments

@daleckystepan
Copy link

daleckystepan commented Jun 13, 2024
edited
Loading

Rancher Server Setup

  • Rancher version: 2.8.4
  • Installation option (Docker install/Helm Chart): Docker, RKE2
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc):
  • Proxy/Cert Details: self-signed

Information about the Cluster

  • Kubernetes version: 1.28.10
  • Cluster Type (Local/Downstream): 1 Local, 1 Downstream based on vSphere
    • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom)
    • If custom, define the set of permissions: Owner

Describe the bug

rancher/rancher-webhook:v0.4.6 logs

time="2024-06-13T12:49:45Z" level=error msg="failed to get rules from referenced roleTemplate 'project-member': failed to check externalRules feature flag: features.management.cattle.io \"external-rules\" not found"
2024-06-13T12:49:45.048013157Z time="2024-06-13T12:49:45Z" level=error msg="failed to resolve rules from roletemplate 'rt-gfk28': failed to check externalRules feature flag: features.management.cattle.io \"external-rules\" not found"

Adding/removing AD groups, assigning permission don't work. Multiple clusters are affected.

To Reproduce

Update to rancher/rancher-webhook:v0.4.6 in your local cluster

Result

Expected Result

No issues in logs, ActiveDirectory integration works

Screenshots

Additional context

Reverting manually to rancher/rancher-webhook:v0.4.5 fixes the issue

root cause MR: rancher/charts#4074

That would probably also help: https://github.com/rancher/webhook/releases/tag/v0.4.7
@daleckystepan daleckystepan added the kind/bug Issues that are defects reported by users or that we know have reached a real release label Jun 13, 2024
@sbjzn
Copy link

sbjzn commented Jun 13, 2024
edited
Loading

Also facing this issue, using Azure AD auth.

It also affects local internal auth.

@sbjzn
Copy link

sbjzn commented Jun 13, 2024

I was also put in a glitch state where my restricted user had all privileges, this needs to be fixed ASAP.

@daleckystepan
Copy link
Author

rancher/charts#4085

@macedogm
Copy link
Member

@daleckystepan and @sbjzn please have a look at this comment #46254 for the fix.

@daleckystepan
Copy link
Author

@macedogm Fixed for me. Thank you for quick response.

@sbjzn
Copy link

sbjzn commented Jun 14, 2024

Same here

@macedogm
Copy link
Member

To be fixed in release v2.8.5. Closing, as this is fixed per this comment #46254. Feel free to reopen in case something else happens.

@macedogm
Copy link
Member

CC @samjustus

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/webhook kind/bug Issues that are defects reported by users or that we know have reached a real release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@macedogm @daleckystepan @sbjzn