Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-3580

Creating RBAC role with name that contains ':' or '/' creates a role that does nothing and cannot be deleted

Prepare for Y ReleasePrepare for Z ReleaseRemove QuarterXMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • 1.3
    • None
    • RBAC Plugin
    • None
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Before this update, creating an RBAC role with name that contains ':' or '/' through the REST API (or RBAC admin panel in the UI) created a role that did nothing and could not be deleted.
      Although the name of the role showed up in full as written in the POST request, when clicked on for more information about the role it showed only the part of the name written before the first ':' or '/'.
      Also while the list of RBAC roles did list how many policies were added to the role, when clicking on the role for more information it displayed no users or policies.


      With this udpate, {product-short} validates more strictly role and namespace names in accordance with backstage validation:

      {product-short} invalidates role names that do not conform with the format:

      - Strings of length at least 1, and at most 63.
      - Must consist of sequences of `[a-z0-9A-Z]` possibly separated by one of `[-_.]`.

      {product-short} invalidates namespaces that do not conform with the format:

      - Strings of length at least 1, and at most 63.
      - Must be sequences of `[a-zA-Z0-9]`, possibly separated by `-`.
      Show
      Before this update, creating an RBAC role with name that contains ':' or '/' through the REST API (or RBAC admin panel in the UI) created a role that did nothing and could not be deleted. Although the name of the role showed up in full as written in the POST request, when clicked on for more information about the role it showed only the part of the name written before the first ':' or '/'. Also while the list of RBAC roles did list how many policies were added to the role, when clicking on the role for more information it displayed no users or policies. With this udpate, {product-short} validates more strictly role and namespace names in accordance with backstage validation: {product-short} invalidates role names that do not conform with the format: - Strings of length at least 1, and at most 63. - Must consist of sequences of `[a-z0-9A-Z]` possibly separated by one of `[-_.]`. {product-short} invalidates namespaces that do not conform with the format: - Strings of length at least 1, and at most 63. - Must be sequences of `[a-zA-Z0-9]`, possibly separated by `-`.
    • Bug Fix
    • Done
    • RHDH Plugins 3261

      Description of problem:

      Creating an RBAC role with name that contains ':' or '/' through the REST API (or RBAC admin panel in the UI) creates a role that does nothing and cannot be deleted. Although the name of the role shows up in full as written in the POST request, when clicked on for more information about the role it shows only the part of the name written before the first ':' or '/'. Also while the list of RBAC roles does tell us how many policies were added to the role, when clicking on the role for more information it displays no users or policies.

      Prerequisites (if any, like setup, operators/versions):

      • RBAC enabled

        Steps to Reproduce

      1. Log in with a user that has policy-entity read and create policies allowed
      2. Navigate to Administration on the sidebar
      3. On the RBAC panel of the administration click 'Create'
      4. let the name of the role be <something>:<something> and fill the rest of the create options with any arbitrary users and policies
      5. Create the role

      Actual results:

      The created role now displays no information and cannot be deleted.

      Expected results:

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Build Details:

      OCP 4.16.4 on ROSA

      Additional info (Such as Logs, Screenshots, etc):

        1. image-2024-08-08-12-02-46-679.png
          253 kB
          Omar Al Jaljuli
        2. image-2024-08-08-12-02-05-962.png
          12 kB
          Omar Al Jaljuli

            rh-ee-dzemanov Dominika Zemanovicova
            rh-ee-oaljalju Omar Al Jaljuli
            RHIDP - Plugins
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: