Add read permission jenkins/labelsData to pipeline view role (!1873) · 合并请求 · kubesphere / ks-installer

Calvin Yu请求将github/fork/LinuxSuRen/fix-pip-view-permission合并到master 12月 27, 2021

Created by: LinuxSuRen

We are using the API devops.kubesphere.io/v1alpha2/devops/testsscxjkq/jenkins/labelsdashboard/labelsData to get all the labels from Jenkins.

To those users who want to define a customized role, they will meet the following errors:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "jenkins.devops.kubesphere.io \"labelsdashboard\" is forbidden: User \"rick\" cannot get resource \"jenkins/labelsData\" in API group \"devops.kubesphere.io\" at the cluster scope",
  "reason": "Forbidden",
  "details": {
    "name": "labelsdashboard",
    "group": "devops.kubesphere.io",
    "kind": "jenkins"
  },
  "code": 403
}

Scope

This bug affects v3.0.0 to v3.2.1

How to fix in the previous version

Please consider adding jenkins/labelsData to your roles:

/ # kubectl edit role -n testsscxjkq good
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
....
rules:
- apiGroups:
  - '*'
  resources:
  - pipelines/scan
  - pipelines/sonarstatus
  - jenkins/labelsData

/area devops

Add read permission jenkins/labelsData to pipeline view role

Scope

How to fix in the previous version

合并请求报告