search

rabbitmq / messaging-topology-operator

RabbitMQ messaging topology operator
Mozilla Public License 2.0
125 stars 66 forks source link

Resources created by the messaging-topology-operator exists and can be used but the listing details in the management UI returns not found on the resource #849

Open msschl opened 2 months ago

msschl commented 2 months ago

Describe the bug

Resources created by the messaging-topology-operator exists and can be used by producers and consumers. When trying to access the resource in the management UI it returns "not found" for the resource

Not found

The object you clicked on was not found; it may have been deleted on the server.

To Reproduce

Steps to reproduce the behavior:

apiVersion: rabbitmq.com/v1beta1
kind: RabbitmqCluster
metadata:
  name: rabbitmq-ha
  namespace: rabbitmq
spec:
  replicas: 3
  resources:
    requests:
      cpu: 500m
      memory: 1Gi
    limits:
      cpu: 1
      memory: 1Gi
  rabbitmq:
    additionalConfig: |
      cluster_partition_handling = pause_minority
      vm_memory_high_watermark_paging_ratio = 0.99
      disk_free_limit.relative = 1.0
      collect_statistics_interval = 10000
      loopback_users = none
  secretBackend:
    vault:
      role: rabbitmq-rabbitmq-ha
      defaultUserPath: configuration/data/rabbitmq/rabbitmq-ha/credentials
  persistence:
    storageClassName: vsphere-block
    storage: "10Gi"
  tolerations:
    - key: "node-role.kubernetes.io/control-plane"
      operator: "Exists"
      effect: "NoSchedule"
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
            - key: app.kubernetes.io/name
              operator: In
              values:
              - rabbitmq-ha
        topologyKey: kubernetes.io/hostname
# Start region '/dev' development
---
apiVersion: rabbitmq.com/v1beta1
kind: Vhost
metadata:
  name: dev-vhost
  namespace: rabbitmq
spec:
  name: /dev
  rabbitmqClusterReference:
    name: rabbitmq-ha
---
# Start region '/' production
---
apiVersion: rabbitmq.com/v1beta1
kind: Vhost
metadata:
  name: prod-vhost
  namespace: rabbitmq
spec:
  name: /
  defaultQueueType: quorum
  rabbitmqClusterReference:
    name: rabbitmq-ha

Expected behavior Created resources by the messaging-topology-operator are shown in the management UI

Screenshots

As you can see the virtual hosts are created by the messaging-topology-operator image

Clicking on the resource results in: image

Version and environment information

Additional context

Using all created resources from code, i.e., our running services, also works: image

msschl commented 2 months ago

@Zerpet Have you ever seen anything like this?

Zerpet commented 2 months ago

Without server logs, my best guess is a permission issue. Your user admin can login, but it may not have any permissions to list/read other resources.

msschl commented 2 months ago

@Zerpet The user has the tag administrator set. So in theory it should be able to see everything

λ kubectl -n rabbitmq exec rabbitmq-ha-server-0 -it -- rabbitmqctl list_permissions -p /dev
Defaulted container "rabbitmq" out of: rabbitmq, default-user-credential-updater, vault-agent, vault-agent-init (init), setup-container (init)
Listing permissions for vhost "/dev" ...
user    configure       write   read
admin   .*      .*      .*

λ kubectl -n rabbitmq exec rabbitmq-ha-server-0 -it -- rabbitmqctl list_permissions -p /
Defaulted container "rabbitmq" out of: rabbitmq, default-user-credential-updater, vault-agent, vault-agent-init (init), setup-container (init)
Listing permissions for vhost "/" ...
user    configure       write   read
admin   .*      .*      .*

λ kubectl -n rabbitmq exec rabbitmq-ha-server-0 -it -- rabbitmqctl list_user_permissions admin
Defaulted container "rabbitmq" out of: rabbitmq, default-user-credential-updater, vault-agent, vault-agent-init (init), setup-container (init)
Listing permissions for user "admin" ...
vhost   configure       write   read
/       .*      .*      .*
/dev    .*      .*      .*
msschl commented 2 months ago

How can I see the logs?

msschl commented 5 days ago

@Zerpet what do you need to further asses this issue? The user has the right permission. Created resources through the UI can be viewed and modified. Resources created by the operator can not be viewed by the UI…