Closed IamMisterCoffee closed 2 months ago
ramondeklein
commented
2 months ago What was the previous MinIO release that you were using? Release 2024-03-30T09-41-56Z brought group policy change that required addition steps before and after the upgrade. See https://github.com/minio/minio/releases/tag/RELEASE.2024-04-18T19-09-19Z.
IamMisterCoffee
commented
2 months ago Thank you for the reply @ramondeklein
I upgraded from, minio: RELEASE.2024-06-13T22-53-53Z mc: RELEASE.2024-06-12T14-34-03Z and the IAM policies disappeared from the console in two environments.
I remember reading about the breaking changes for LDAP integration, but I am using OIDC so I followed the standard routine for upgrading past the release you linked to.
cesnietor
commented
2 months ago @IamMisterCoffee could you please confirm this user is the same one you are using for mc? we think it might be that it's having different permissions so you can't see them. Or post your permissions here please so that we can try to reproduce.
IamMisterCoffee
commented
2 months ago Hello, @cesnietor, thanks for your reply!
I may have created some confusion while using the words ‘detach’ and ‘attach’ while writing this issue.
What I meant is that the IAM policies do not exist in the console; it’s as if they have been removed. However, they are still present while using the command mc policy list.
I am logging in with a user who has the ConsoleAdmin policy, so we should have access to see all the policies, but it says "There are no policies yet".
ramondeklein
commented
2 months ago Can you try to log on with the MinIO root user and check again? You should be able to run mc alias ls minio to obtain the access-key and secret-key. The api/v1/policies call that is being invoked by the console will result in the same MinIO API call as when calling mc admin policy list minio. It looks like MinIO console is able to verify the user, but it doesn't assign the proper policy to the user.
IamMisterCoffee
commented
2 months ago Hello @ramondeklein, we think it is an release after 2024-06-13T22-53-53Z which caused issues on our IAM-policies.
Possibly the KMS-part in RLEASE.2024-07-16T23-46-41Z.
We did some small changes on the IAM-policies and re-ran it with terraform and everything works as expected now.
Hello!
I updated MinIO to RELEASE.2024-08-17T01-24-54Z and the MinIO Client to RELEASE.2024-08-26T10-49-58Z on Wedensday (26.08.24).
After the update I was not able to log in with my user through OIDC connect, I then logged in with the admin user and saw that the IAM Policies was gone as shown on the image below.
I then used the command "mc admin policy list minio" from the MinIO Client, and all the policies got listed. So, the policies are still attached, but they are not active in the console, only on the client. Seems like we have a bug where the client is not synced with the console.
I have tried to upgrade MinIO to RELEASE.2024-08-26T15-33-07Z and RELEASE.2024-08-29T01-40-52Z , but I am still facing the same issue.
Expected Behavior
The policies under IAM Policies in the GUI should be synced with the policies listed while using mc command "mc admin policy list MinIO".
Current Behavior
The policies are detached in the console and attached on the client.
Possible Solution
Need to activate a IAM policy sync between miniIO and mc.
Steps to Reproduce (for bugs)
Upgrade to RELEASE.2024-08-17T01-24-54Z or above.
Your Environment
uname -a): Linux 4.18.0-553.16.1.el8_10.x86_64 Red Hat Enterprise Linux release 8.10 (Ootpa)