Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-1381

Validate RBAC bucket roles

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 2.0.0
    • 2.0.0
    • operator

    Description

      There appears to be a race condition leading to bucket name being malformed within an RBAC role resulting in an error on group creation

       request failed PUT https://instance-jmr6vmd6-0002.instance-jmr6vmd6.default.svc:18091/settings/rbac/groups/binding-a1491705-692e-11ea-9674-0242ac110004 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [bucket_admin[binding-a1491705-692e-11ea-9674-0242ac110004]]\"}}

       

      We should be able to avoid this by validating bucket actually exists before attempting the group creation.

       

      full trace

      Error formatting macro: code: java.lang.StackOverflowError

      /instance-jmr6vmd6"}{"level":"error","ts":1584545959.8941765,"logger":"cluster","msg":"Reconciliation failed","cluster":"default/instance-jmr6vmd6","error":"[request failed PUT https://instance-jmr6vmd6-0001.instance-jmr6vmd6.default.svc:18091/settings/rbac/groups/binding-a1491705-692e-11ea-9674-0242ac110004 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [bucket_admin[binding-a1491705-692e-11ea-9674-0242ac110004]]\"}}], [request failed PUT https://instance-jmr6vmd6-0002.instance-jmr6vmd6.default.svc:18091/settings/rbac/groups/binding-a1491705-692e-11ea-9674-0242ac110004 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [bucket_admin[binding-a1491705-692e-11ea-9674-0242ac110004]]\"}}], [request failed PUT https://instance-jmr6vmd6-0000.instance-jmr6vmd6.default.svc:18091/settings/rbac/groups/binding-a1491705-692e-11ea-9674-0242ac110004 400 Bad Request: {\"errors\":{\"roles\":\"Cannot assign roles to user because the following roles are unknown, malformed or role parameters are undefined: [bucket_admin[binding-a1491705-692e-11ea-9674-0242ac110004]]\"}}]","stacktrace":"github.com/couchbase/couchbase-operator/vendor/github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/couchbase/couchbase-operator/pkg/cluster.(*Cluster).runReconcile\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/pkg/cluster/cluster.go:370\ngithub.com/couchbase/couchbase-operator/pkg/cluster.(*Cluster).Update\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/pkg/cluster/cluster.go:387\ngithub.com/couchbase/couchbase-operator/pkg/controller.(*CouchbaseClusterReconciler).Reconcile\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/pkg/controller/controller.go:86\ngithub.com/couchbase/couchbase-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:215\ngithub.com/couchbase/couchbase-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158\ngithub.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\ngithub.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134\ngithub.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait.Until\n\t/home/couchbase/jenkins/workspace/couchbase-operator-build/goproj/src/github.com/couchbase/couchbase-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"}

      Attachments

        Issue Links

          causes

          Bug - A problem which impairs or prevents the functions of the product. K8S-1427 RBAC bucket validation failing for '*' selector

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              tommie Tommie McAfee (Inactive)
              tommie Tommie McAfee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty