-
Bug
-
Resolution: Unresolved
-
Major
-
1.3
-
None
-
5
-
False
-
-
False
-
-
-
RHDH Plugins 3264, RHDH Plugins 3265, RHDH Plugins 3266
Description of problem:
We are ingesting approx. 14k groups and 24k users using the LDAP plugin. We enabled the RBAC backend and frontend plugin with no user/group policy via CSV. We added ourselves as part of superadmin. We noticed most of the pages on Developer Hub take around 5-7 seconds to load. This is a huge setback to enabling RBAC on our enterprise developer hub.
Prerequisites (if any, like setup, operators/versions):
- Helm installation
- Postgres:
- CPU - 4
- Memory: 9Gi
- Backstage:
- CPU - 4
- Memory: 8Gi
- Postgres:
- LDAP server (Use Red Hat LDAP server ldap.corp.redhat.com)
Steps to Reproduce
- Setup a RHDH using helm charts
- Configure LDAP provider to ingest users/group from LDAP server (ldap.corp.redhat.com, accessible over VPN)
- Configure basic RBAC policy using CSV and add frontend plugin.
- Add yourself as a superadmin in RBAC CSV
- Try to use RHDH as usual and notice degraded environment
- Try to configure RBAC using frontend plugin
Actual results:
There should be no visible difference of enabling RBAC on user experience with using RHDH{}
Expected results:
Significantly downgraded service
Reproducibility (Always/Intermittent/Only Once):
Always
Build Details:
RHDH Version: 1.3.1 Backstage Version: 1.29.2 Upstream: https://github.com/janus-idp/backstage-showcase/tree/release-1.3 @ ee96f8e3 Midstream: https://gitlab.cee.redhat.com/rhidp/rhdh/-/commits/rhdh-1.3-rhel-9 @ e5035447 Build Time: 2024-10-22T18:32:08Z
{}Additional info (Such as Logs, Screenshots, etc):
LDAP configuration (values.yaml)
- package: '@developer-platform/backstage-plugin-catalog-backend-module-ldap-transformers-dynamic@0.2.0'
integrity: 'sha256-KlAhi+8KJ1zeTYhVigWpzHGPLiSrXclCS4xFw0RrcmI='
- package: '@developer-platform/backstage-plugin-catalog-backend-module-ldap-dynamic@0.7.0'
integrity: 'sha256-DtqFh8taadOpJ8TbOaqmLn0gf13gDxMSVbUDR5DL/SM='
pluginConfig:
catalog:
providers:
ldapOrg:
default:
target: ldaps://ldap.corp.redhat.com
schedule:
frequency: { hours: 2 }
timeout: { minutes: 30 }
initialDelay: { seconds: 7 }
users:
dn: ou=Users,dc=redhat,dc=com
options:
timeLimit: 5000
paged: true
filter: (objectClass=rhatPerson)
attributes: ['cn','rhatJobTitle','uid','mail','memberOf']
map:
description: rhatJobTitle
memberOf: memberOf
displayName: cn
email: mail
set:
metadata.namespace: 'default'
groups:
dn: ou=adhoc,ou=managedGroups,dc=redhat,dc=com
options:
timeLimit: 5000
paged: true
filter: (objectClass=rhatRoverGroup)
attributes: ['cn','description','uniqueMember']
map:
name: cn
description: description
members: uniqueMember
set:
metadata.namespace: 'default'
spec.type: 'team'
cc: rh-ee-pknight
