Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating roles fails with error message: Could not create role #1059

Closed
mreiche opened this issue Oct 14, 2024 · 4 comments · Fixed by #1066
Closed

Updating roles fails with error message: Could not create role #1059

mreiche opened this issue Oct 14, 2024 · 4 comments · Fixed by #1066

Comments

@mreiche
Copy link

mreiche commented Oct 14, 2024

Roles are not updated in ConfigJob.

Steps to reproduce:

  1. Create a new repository
  2. Create roles with repository privileges
  3. Create users

First run

config:
  enabled: true
  repos:
    - name: osm-maps
      format: raw
      type: hosted
      online: true
      storage:
        blobStoreName: default
        strictContentTypeValidation: false
        writePolicy: allow

  roles:
    - id: osm-writer
      name: osm-writer
      privileges:
        - nx-repository-view-raw-osm-maps-*
    - id: osm-reader
      name: osm-reader
      privileges:
        - nx-repository-view-raw-osm-maps-read
  users:
    - userId: osm-writer
      firstName: OSM
      lastName: Writer
      emailAddress: "osm-writer@{{ fqdn }}"
      status: active
      roles:
        - osm-writer
    - userId: osm-reader
      firstName: OSM
      lastName: Reader
      emailAddress: "osm-reader@{{ fqdn }}"
      status: active
      roles:
        - osm-reader

Config Job

Configuring Nexus3...
Waiting for Nexus...
Waiting for Nexus...
Waiting for Nexus...
Waiting for Nexus...
Configuring anonymous access...
Anonymous access configured.
Configuring roles...
Role 'nx-metrics' configured.
ERROR: Could not create role 'osm-reader'.

Probaby role created before repository.

Second run

  roles:
    - id: osm-writer
      name: osm-writer
#      privileges:
#        - nx-repository-view-raw-osm-maps-*
    - id: osm-reader
      name: osm-reader
#      privileges:
#        - nx-repository-view-raw-osm-maps-read

Config Job

Configuring Nexus3...
Configuring anonymous access...
Anonymous access configured.
Configuring roles...
Role 'nx-metrics' configured.
Role 'osm-reader' configured.
Role 'osm-writer' configured.
Configuring users...
User 'osm-reader' configured.
User 'osm-writer' configured.
Configuring blob stores...
Configuring scripts...
Script 'cleanup' updated.
Script 'task' updated.
Configuring cleanup policies...
Configuring repositories...
Repository 'osm-maps' configured.
Configuring tasks...
Nexus3 configured successfully!

Third run

  roles:
    - id: osm-writer
      name: osm-writer
      privileges:
        - nx-repository-view-raw-osm-maps-*
    - id: osm-reader
      name: osm-reader
      privileges:
        - nx-repository-view-raw-osm-maps-read

Config Job

Configuring Nexus3...
Configuring anonymous access...
Anonymous access configured.
Configuring roles...
Role 'nx-metrics' configured.
ERROR: Could not create role 'osm-reader'.
mreiche added a commit to mreiche/helm-charts that referenced this issue Oct 18, 2024
@mreiche
Change order of initialization, fixes stevehipwell#1059
9f00245
@stevehipwell stevehipwell mentioned this issue Oct 24, 2024
Merged
@mreiche
Copy link
Author

mreiche commented Jan 8, 2025
edited
Loading

This bug is back:

roles:
    - id: oci-reader
      name: oci-reader
      privileges:
        - nx-repository-view-docker-oci-read
        - nx-repository-view-docker-oci-browse
Configuring Nexus3...
Configuring anonymous access...
Anonymous access configured.
Configuring blob stores...
Configuring scripts...
Script 'cleanup' updated.
Script 'task' updated.
Configuring cleanup policies...
Configuring repositories...
Repository 'oci' configured.
Configuring roles...
Role 'nx-metrics' configured.
ERROR: Could not create role 'oci-reader'.
Stream closed EOF for nexus/nexus-nexus3-config-26-dwfsf (config)

Edit: It was missing the source: default property both for roles and users.

@stevehipwell
Copy link
Owner

Edit: It was missing the source: default property both for roles and users.

@mreiche could you expand on this?

@mreiche
Copy link
Author

mreiche commented Jan 8, 2025

Edit: It was missing the source: default property both for roles and users.

@mreiche could you expand on this?

Creating a role is fine, but updating will lead to the error above:

roles:
    - id: oci-reader
      name: oci-reader

To fix it, pass source:

roles:
    - id: oci-reader
      name: oci-reader
      source: default

This could probably also fixed by setting a default value before https://github.com/stevehipwell/helm-charts/blob/main/charts/nexus3/scripts/configure.sh#L165C185-L165C201

if [ -z "${source}" ]; then
  source="default"
fi

@stevehipwell
Copy link
Owner

@mreiche I'll happily take a PR to default the source value.

@mreiche mreiche mentioned this issue Jan 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(nexus3): Fixed volume claim template labels stevehipwell/helm-charts
2 participants
@mreiche @stevehipwell