Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add troubleshooting note for group visibility issue in Assign Global Role #1591

Merged
merged 1 commit into from
Feb 4, 2025
Merged

Add troubleshooting note for group visibility issue in Assign Global Role #1591

merged 1 commit into from
Feb 4, 2025

Conversation

pratikjagrut
Copy link
Contributor

Fixes rancher/rancher#48146

Reminders

  • See the README for more details on how to work with the Rancher docs.

  • Verify if changes pertain to other versions of Rancher. If they do, finalize the edits on one version of the page, then apply the edits to the other versions.

  • If the pull request is dependent on an upcoming release, remember to add a "MERGE ON RELEASE" label and set the proper milestone.

Description

Comments

@samjustus samjustus requested review from JonCrowther and removed request for JonCrowther December 17, 2024 15:41
btat
btat requested changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@btat btat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we exclude the non-Markdown files from the PR. Also the repo uses Yarn so adding a package-lock.json doesn't make sense.

This also needs to be ported to 2.9 (based on the parent issue) and the zh translation files, which I can help with if needed.

...cation-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md Outdated

### Unable to See Groups When Assigning Global Roles

When setting up an Keycloak OIDC, if the user isn't part of any groups, `groupSearchEnabled` is disabled, preventing group search in Assign Global Roles.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When setting up an Keycloak OIDC, if the user isn't part of any groups, `groupSearchEnabled` is disabled, preventing group search in Assign Global Roles.
If you use a user that is not part of any groups for initial setup, then you cannot search for groups when trying to assign a global role.

Some style-based suggestions and added some omissions:

  • not mentioning keycloak since we're on the keyclocak page
  • groupSearchEnabled since it's an implementation detail and not something they can current edit using normal procedures

...cation-permissions-and-global-configuration/authentication-config/configure-keycloak-oidc.md Outdated
Comment on lines 163 to 171
This can't be updated through the UI. You can do one of the following workaround.

- **Workaround 1:** Edit the `authconfig/keycloakoidc` on Rancher local:
```bash
kubectl edit authconfigs.management.cattle.io keycloakoidc
```
Set `groupSearchEnabled: true`.

- **Workaround 2:** Reconfigure the Keycloak OIDC setup using a user that is assigned to at least one group in Keycloak.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This can't be updated through the UI. You can do one of the following workaround.
- **Workaround 1:** Edit the `authconfig/keycloakoidc` on Rancher local:
```bash
kubectl edit authconfigs.management.cattle.io keycloakoidc
```
Set `groupSearchEnabled: true`.
- **Workaround 2:** Reconfigure the Keycloak OIDC setup using a user that is assigned to at least one group in Keycloak.
To resolve this, you can either:
1. Manually edit the `authconfig/keycloakoidc` object to enable group search.
1. On the Rancher server:
```bash
kubectl edit authconfigs.management.cattle.io keycloakoidc
```
1. Set `groupSearchEnabled: true`.
1. Save your changes.
1. Reconfigure your Keycloak OIDC setup using a user that is assigned to at least one group in Keycloak.

@pratikjagrut
Copy link
Contributor Author

Could we exclude the non-Markdown files from the PR. Also the repo uses Yarn so adding a package-lock.json doesn't make sense.

This also needs to be ported to 2.9 (based on the parent issue) and the zh translation files, which I can help with if needed.

Hi @btat
I removed non-markdown files and updated them according to your suggestion. Let me know how I can add zh translation files.

@btat
Copy link
Contributor

btat commented Feb 4, 2025

Hi @btat I removed non-markdown files and updated them according to your suggestion. Let me know how I can add zh translation files.

Hi @pratikjagrut, let's go ahead and merge this. We can forego my comment on the zh files since that's out of scope for PRs submitted by engineering. My team can handle that part separately.

@btat btat merged commit 5491e66 into rancher:main Feb 4, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@btat btat btat approved these changes

@LucasSaintarbor LucasSaintarbor Awaiting requested review from LucasSaintarbor LucasSaintarbor is a code owner

@sunilarjun sunilarjun Awaiting requested review from sunilarjun sunilarjun is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Keycloak OIDC : Add workaround in the doc to enable group search
2 participants
@pratikjagrut @btat