Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Required arguments test_username and test_password are not provided using rancher2_auth_config_openldap resource #1376

Open
Dj00ntyBoi opened this issue Jul 25, 2024 · 2 comments
Open

[BUG] Required arguments test_username and test_password are not provided using rancher2_auth_config_openldap resource #1376

Dj00ntyBoi opened this issue Jul 25, 2024 · 2 comments
Labels
kind/bug

Comments

@Dj00ntyBoi
Copy link

Rancher Server Setup

  • Rancher version: 2.8.2
  • Installation option (Docker install/Helm Chart): Helm Chart
    • If Helm Chart, Kubernetes Cluster and version (RKE1, RKE2, k3s, EKS, etc): RKE2 - v1.27.10+rke2r1
  • Proxy/Cert Details: no Proxy

Information about the Cluster

  • Kubernetes version: v1.27.10+rke2r1
  • Cluster Type (Local/Downstream): Local
    • If downstream, what type of cluster? (Custom/Imported or specify provider for Hosted/Infrastructure Provider):

User Information

  • What is the role of the user logged in? (Admin/Cluster Owner/Cluster Member/Project Owner/Project Member/Custom): Admin
    • If custom, define the set of permissions:

Provider Information

  • What is the version of the Rancher v2 Terraform Provider in use? 4.2.0
  • What is the version of Terraform in use? 1.9.3

Describe the bug

When configuring the OpenLDAP Auth Provider using the rancher2_auth_config_openldap resource it seems that the required arguments test_username and test_password are not provided to rancher.
This issue applies to the following configuration:

resource "rancher2_auth_config_openldap" "openldap" {
  ...
  # test authentication
  test_username = "<ldap_test_username>"
  test_password = "<ldap_test_password>"
}

After running terraform apply LDAP users and/or groups can not be searched nor added. Also the according arguments in the UI's text boxes seem to be empty. When configuring the test_username and test_password values afterwards through the UI everything works perfectly fine and the appropiate values are displayed in the text boxes after saving.

To Reproduce

  1. Configure OpenLDAP Auth Provider by using rancher2_auth_config_openldap and arguments test_username and test_password
  2. Check if LDAP connection works
  3. If not configure same values for test_username and test_password through the Rancher UI
  4. Check if values (or *'s in case of password) are displayed after saving
  5. Check if LDAP users and groups can be searched

Actual Result

Users and Groups cant be searched nor added. The text boxes in the Rancher UI for test_username and test_password are empty.

Expected Result

Users and Groups canbe searched and added. The text boxes in the Rancher UI for test_username and test_password are showing the apprpiate values (or *'s).

Screenshots

terraform apply snippet:

terraform apply  -auto-approve  
data.rancher2_user.admin: Reading...
data.rancher2_user.admin: Read complete after 1s [id=user-rpd2w]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # rancher2_auth_config_openldap.openldap will be created
  + resource "rancher2_auth_config_openldap" "openldap" {
      + access_mode                        = "restricted"
      ...
      + test_password                      = (sensitive value)
      + test_username                      = "<ldap_test_username>"
      ...
    }

Plan: 1 to add, 0 to change, 0 to destroy.
rancher2_auth_config_openldap.openldap: Creating...
rancher2_auth_config_openldap.openldap: Creation complete after 0s [id=openldap]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Screenshot of empty text boxes in UI after terraform apply:
grafik

Additional context

I also tried to do some further investigation by tracing the API call issued by terraform in Ranchers audit log (LogLevel =3) but don't seem to find any values for username and password wheter by using terraform nor through UI
@Dj00ntyBoi
Copy link
Author

It seems this issue is related to the following issues #rancher/rancher#45636 and #rancher/rancher#36539
It's also related to the fact that the user used for testing authentication becomes admin after applying aut provider config #rancher/rancher#27620 .
When auth provider is confiured through UI the user is redirected to be logged in as the test authentication user, which is why LDAP queries are successfull according to #rancher/rancher#4563
However while being logged in using local admin, which I was while executing terraform apply, LDAP queries seem to fail.

Please close issue if my investigation results are sufficient and correct.

@S0LERA
Copy link

S0LERA commented Jul 26, 2024

+1 Experiencing this issue on containerized v2.8.4 and v2.7.8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@S0LERA @Dj00ntyBoi