Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[ISSUE] Tasklist userAccessRestrictions can not be disabled. #2523

Open
ingorichtsmeier opened this issue Oct 30, 2024 · 0 comments · May be fixed by #2522
Open

[ISSUE] Tasklist userAccessRestrictions can not be disabled. #2523

ingorichtsmeier opened this issue Oct 30, 2024 · 0 comments · May be fixed by #2522
Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP platform/local

Comments

@ingorichtsmeier
Copy link

Describe the issue:

Applying the setting tasklist.identity.userAccessRestrictions.enabled: false has no effect.

In the Tasklist, you cannot see tasks with candidate groups where you are not a group member of or not a candidate user.

Actual behavior:
Given values

tasklist:
  enabled: true
  identity:
    userAccessRestrictions:
      enabled: false

the helm chart generate a config map like

    camunda.tasklist:
      identity:
        userAccessRestrictions:
          enabled: "false"

This configuration doesn't match the expected values of Tasklist.

Expected behavior:

The helm chart should generate a config map containing

    camunda: 
      tasklist:
        identity:
          userAccessRestrictionsEnabled: false

This would apply the setting to the IdentityProperties: https://github.com/camunda/tasklist/blob/master/tasklist/common/src/main/java/io/camunda/tasklist/property/IdentityProperties.java#L88-L91

Another available configuration is this environment variable: https://github.com/camunda/tasklist/blob/master/tasklist/webapp/src/main/java/io/camunda/tasklist/webapp/rest/ClientConfig.java#L55-L56

For this, the helm chart should generate

            - name: CAMUNDA_TASKLIST_IDENTITY_USER_ACCESS_RESTRICTIONS_ENABLED
              value: "false"

in the tasklist deployment.

Please align with the Tasklist team, which configuration is their preference.

How to reproduce:

  1. create a Camunda 8 cluster from the default values.
  2. Create a process containing a user task and enter a value to Candidate groups. The tester should not be a member of the group.
  3. Deploy the process model.
  4. Start an instance of the process.
  5. Open Tasklist
  6. You don't see the task.
  7. Change the setting of tasklist.identity.userAccessRestrictions.enabled: to false.
  8. Apply the update to the cluster
  9. You should see your task now.

Logs:

Environment:
Helm chart 10.4.2

Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.

  • Platform: Local minikube
  • Helm CLI version: Version:"v3.14.4", GitCommit:"81c902a123462fd4052bc5e9aa9c513c4c8fc142", GitTreeState:"clean", GoVersion:"go1.22.2"}
  • Chart version: 10.4.2
  • Values file: see above.
@ingorichtsmeier ingorichtsmeier added the kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between label Oct 30, 2024
@github-actions github-actions bot added platform/aws Issues related to AWS platform/gcp Issues related to GCP platform/local labels Oct 30, 2024
@jonathanlukas jonathanlukas linked a pull request Oct 31, 2024 that will close this issue
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/issue Unidentified issue, it could be a bug, misconfig, or anything in between platform/aws Issues related to AWS platform/gcp Issues related to GCP platform/local
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant