Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When using token with role with proper permissions, UI buttons are disabled #16361

Closed
Kamilcuk opened this issue Mar 7, 2023 · 6 comments · Fixed by #17770
Closed

When using token with role with proper permissions, UI buttons are disabled #16361

Kamilcuk opened this issue Mar 7, 2023 · 6 comments · Fixed by #17770
Assignees
@philrenaud
Labels
stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/ui type/bug

Comments

@Kamilcuk
Copy link
Contributor

Kamilcuk commented Mar 7, 2023
edited
Loading

Nomad version

Nomad v1.5.0
BuildDate 2023-03-01T10:11:42Z
Revision fc40c49

Operating system and Environment details

Archlinux newest

Issue

When using token with role the UI buttons for running a job, draining node and eligible switch are greyed out, even when the token has correct permissions from the role. This also causes the setup of Vault SSO login from https://developer.hashicorp.com/nomad/tutorials/single-sign-on/sso-oidc-vault#create-a-vault-oidc-provider to have disabled buttons (it is an amazing tutorial).
obraz
obraz

Reproduction steps

nomad agent -dev -acl-enabled

export NOMAD_TOKEN=$(nomad acl bootstrap -json | jq -r .SecretID)
cat >acl_policy_engineering_read.hcl <<EOF
namespace "*" {
  policy = "write"
}
node {
  policy = "write"
}
EOF
nomad acl policy apply engineering-read acl_policy_engineering_read.hcl
nomad acl role create  -name=engineering-read  -policy=engineering-read
nomad acl token create -name=engineering -role-name=engineering-read

Copy the token from acl token create and login to UI. You will notice that the buttons are greyed out.

Expected Result

The token has permissions to drain a node, so the UI button shouldn't be greyed out.

Actual Result

The buttons are greyed out.

And: thanks for Nomad, except for that issue, Nomad SSO Vault OIDC is working quite fine and the integration works. If I copy the token from OIDC from UI to command line and use it, it works properly.
@lgfa29 lgfa29 mentioned this issue Mar 8, 2023
Closed
@lgfa29 lgfa29 added theme/ui stage/accepted Confirmed, and intend to work on. No timeline committment though. labels Mar 8, 2023
@lgfa29
Copy link
Contributor

lgfa29 commented Mar 8, 2023

Hi @Kamilcuk 👋

Thanks for the report. Yes I think the UI may be missing logic to handle ACL token roles. I have placed this issue in our backlog for further roadmapping.

@Kamilcuk
Copy link
Contributor Author

Kamilcuk commented Mar 9, 2023

Hi! Also, node Meta and Attributes do not show up.

@lgfa29
Copy link
Contributor

lgfa29 commented Mar 10, 2023

Hi! Also, node Meta and Attributes do not show up.

Yes, I suspect anything that requires specific capabilities is not going to work.

@chrispruitt chrispruitt mentioned this issue Apr 4, 2023
Closed
@michael-strigo
Copy link

Related: #14450

@lgfa29 lgfa29 mentioned this issue May 29, 2023
Closed
@lgfa29
Copy link
Contributor

lgfa29 commented May 29, 2023

#17312 reported the same problem in the Variables page as well.

@github-project-automation github-project-automation bot moved this to Backlog in Nomad UI May 30, 2023
@philrenaud philrenaud self-assigned this Jun 29, 2023
@philrenaud philrenaud moved this from Backlog to In Progress in Nomad UI Jun 29, 2023
@philrenaud philrenaud linked a pull request Jun 29, 2023 that will close this issue
[ui] ACL Roles in the UI, plus Role, Policy and Token management #17770
Merged
2 tasks
@github-project-automation github-project-automation bot moved this from In Progress to Done in Nomad UI Sep 27, 2023
@philrenaud
Copy link
Contributor

Hi @Kamilcuk , this should be resolved in #17770. Look for it in an upcoming Nomad release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@philrenaud philrenaud

Labels
stage/accepted Confirmed, and intend to work on. No timeline committment though. theme/ui type/bug
Projects
Nomad - Community Issues Triage
Archived in project
Nomad UI
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ui] ACL Roles in the UI, plus Role, Policy and Token management hashicorp/nomad
4 participants
@philrenaud @lgfa29 @Kamilcuk @michael-strigo