search

ministryofjustice / analytics-platform

Parent repository for the MOJ Analytics Platform
MIT License
14 stars 1 forks source link

Permission error when viewing control panel #65

Closed davidread closed 6 years ago

davidread commented 6 years ago

What happened?

These errors are shown on the control panel for a particular user:

GET /k8s/apis/apps/v1beta2/namespaces/user-mikehmoj/deployments was not permitted GET /k8s/api/v1/namespaces/user-mikehmoj/pods was not permitted

which is to do with his user's permissions.

He also had:

Error: socket hang up

but I think that is a separate issue.

Original report

From @MikeHmoj

I am and have been since my first login attempt 10am ish today unable to get beyond the Analytical Platform login screen with the following errors, which Robin believes are related to this issue.

The error I get most persistently is this:

Analytical Platform Control Panel • Signed in as mike.hallard@justice.gov.uk • Sign out

Internal Error

GET /k8s/apis/apps/v1beta2/namespaces/user-mikehmoj/deployments was not permitted From https://cpanel-master.services.alpha.mojanalytics.xyz/

Two other errors I have got are:

Analytical Platform Control Panel • Signed in as mike.hallard@justice.gov.uk • Sign out

Internal Error

Error: socket hang up

From https://cpanel-master.services.alpha.mojanalytics.xyz/verify-email

Analytical Platform Control Panel • Signed in as mike.hallard@justice.gov.uk • Sign out ? Updated email address

Internal Error

GET /k8s/api/v1/namespaces/user-mikehmoj/pods was not permitted

From https://cpanel-master.services.alpha.mojanalytics.xyz/

MikeHmoj commented 6 years ago

@RobinL davidread believes this issue is due to permissions, not k8s. It has been an issue since the first time I got beyond the login page and means I still can't get onto the control panel or R (increasingly urgent). Please can you point me in the right direction to get it resolved?

davidread commented 6 years ago

Your account was missing k8s init-user and config-user charts and AWS role was missing s3-access policy. I suspect there was a temporary network error when this ran on first log-on.

I've provided these permission manually now, so let me know how you get on.

MikeHmoj commented 6 years ago

Issue is now resolved, thanks for that David, please feel free to close it ( cc @RobinL )

calumabarnett commented 5 years ago

@rowanyjb has reported this issue today when trying to log in to the control panel:

Internal Error GET /k8s/api/v1/namespaces/user-rowanyjb/pods was not permitted