Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Cluster member role user should not be able to delete node on Harvester Hosts page on Rancher managed Harvester #7255

Open
TachunLin opened this issue Dec 25, 2024 · 2 comments
Open

[BUG] Cluster member role user should not be able to delete node on Harvester Hosts page on Rancher managed Harvester #7255

TachunLin opened this issue Dec 25, 2024 · 2 comments
Assignees
@Yu-Jack @houhoucoop
Labels
area/rancher Rancher related including internal and external area/ui Harvester UI area/ui-extension Harvester UI extension for managed and standalone Harvester kind/bug Issues that are defects reported by users or that we know have reached a real release reproduce/always Reproducible 100% of the time severity/2 Function working but has a major issue w/o workaround (a major incident with significant impact)
Milestone
v1.5.0

Comments

@TachunLin
Copy link

TachunLin commented Dec 25, 2024
edited
Loading

Describe the bug

When access Harvester v1.3.2 from Rancher virtualization management. (UI extension v1.0.2)

  • And create a Rancher standard user project-member

  • Set the Cluster Member role

  • And set the Project Member role to the default project

  • When we login Rancher with project-member user to access Harvester

  • On the Hosts page, the Cluster Member role user still can delete the node

    image

  • Video clip reference

    vokoscreenNG-2024-12-25_18-37-22.mp4

To Reproduce
Steps to reproduce the behavior:

  1. Prepare 3 nodes Harvester v1.3.2 cluster
  2. Helm install Rancher v2.10.1-alpha1
  3. Import Harvester from Rancher virtualization management
  4. Create a standard user project-member in Rancher user management page
  5. Access Harvester from Rancher virtualization management
  6. Open RBAC -> Cluster Members
  7. Set the Cluster Member role to project-member
  8. Open Project/Namespaces page
  9. Edit config of the default project
  10. Set the Project Member role to the project-member
  11. Logout admin from Rancher
  12. Login with project-member user
  13. Access Harvester from Rancher
  14. Open Hosts page
  15. Check the delete button on the node

Expected behavior

From the Cluster Member role description indicate

Members can manage the resources inside the Cluster but not change the Cluster itself

image

For security concern, cluster member role user should not be able to delete node on Harvester Hosts page.

Support bundle

supportbundle_50777f72-4a54-4f12-bd0f-aee3c949498a_2024-12-25T10-46-44Z.zip

Environment

  • Harvester ISO version: v1.3.2
  • Underlying Infrastructure: 3 nodes kvm machines
  • Rancher version: v2.10.1-alpha1
  • Harvester ui extension: v1.0.2
@TachunLin TachunLin added kind/bug Issues that are defects reported by users or that we know have reached a real release area/ui Harvester UI severity/2 Function working but has a major issue w/o workaround (a major incident with significant impact) area/rancher Rancher related including internal and external reproduce/always Reproducible 100% of the time area/ui-extension Harvester UI extension for managed and standalone Harvester labels Dec 25, 2024
@TachunLin TachunLin mentioned this issue Dec 25, 2024
Closed
@houhoucoop houhoucoop self-assigned this Dec 27, 2024
@TachunLin TachunLin mentioned this issue Jan 7, 2025
Open
@houhoucoop houhoucoop mentioned this issue Jan 13, 2025
Merged
2 tasks
@harvesterhci-io-github-bot
Copy link
Collaborator

harvesterhci-io-github-bot commented Jan 13, 2025
edited by houhoucoop
Loading

Pre Ready-For-Testing Checklist

  • Where is the reproduce steps/test steps documented?
    The reproduce steps/test steps are at:

Multi-node

  • Log in as admin:
    Integration - Admin (Multi-Node)

  • Log in as project-member:
    Integration - Member (Multi-Node)

  • Standalone mode (only admin login available):
    Standalone Mode

Single-node

  • Integration mode:
    Integration - Single Node

  • Standalone mode:
    single-standalone

  • If NOT labeled: not-require/test-plan Has the e2e test plan been merged? Have QAs agreed on the automation test case? If only test case skeleton w/o implementation, have you created an implementation issue?
    • The automation skeleton PR is at:
    • The automation test case PR is at:

@harvesterhci-io-github-bot
Copy link
Collaborator

Automation e2e test issue: harvester/tests#1779

Open
1 task
@a110605 a110605 added this to the v1.5.0 milestone Jan 13, 2025
@mergify mergify bot mentioned this issue Jan 21, 2025
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Yu-Jack Yu-Jack

@houhoucoop houhoucoop

Labels
area/rancher Rancher related including internal and external area/ui Harvester UI area/ui-extension Harvester UI extension for managed and standalone Harvester kind/bug Issues that are defects reported by users or that we know have reached a real release reproduce/always Reproducible 100% of the time severity/2 Function working but has a major issue w/o workaround (a major incident with significant impact)
Projects
None yet
Milestone
v1.5.0
Development

No branches or pull requests
5 participants
@a110605 @Yu-Jack @TachunLin @houhoucoop @harvesterhci-io-github-bot