IAM Policies missing from the console but are present on the client #3430
Comments
|
What was the previous MinIO release that you were using? Release 2024-03-30T09-41-56Z brought group policy change that required addition steps before and after the upgrade. See https://github.com/minio/minio/releases/tag/RELEASE.2024-04-18T19-09-19Z. |
|
Thank you for the reply @ramondeklein I upgraded from, I remember reading about the breaking changes for LDAP integration, but I am using OIDC so I followed the standard routine for upgrading past the release you linked to. |
|
@IamMisterCoffee could you please confirm this user is the same one you are using for mc? we think it might be that it's having different permissions so you can't see them. Or post your permissions here please so that we can try to reproduce. |
|
Hello, @cesnietor, thanks for your reply! I may have created some confusion while using the words ‘detach’ and ‘attach’ while writing this issue. What I meant is that the IAM policies do not exist in the console; it’s as if they have been removed. However, they are still present while using the command mc policy list. I am logging in with a user who has the ConsoleAdmin policy, so we should have access to see all the policies, but it says "There are no policies yet". |
|
Can you try to log on with the MinIO root user and check again? You should be able to run |
|
Hello @ramondeklein, we think it is an release after 2024-06-13T22-53-53Z which caused issues on our IAM-policies. Possibly the KMS-part in RLEASE.2024-07-16T23-46-41Z. We did some small changes on the IAM-policies and re-ran it with terraform and everything works as expected now. |
Hello!
I updated MinIO to RELEASE.2024-08-17T01-24-54Z and the MinIO Client to RELEASE.2024-08-26T10-49-58Z on Wedensday (26.08.24).
After the update I was not able to log in with my user through OIDC connect, I then logged in with the admin user and saw that the IAM Policies was gone as shown on the image below.
I then used the command "mc admin policy list minio" from the MinIO Client, and all the policies got listed. So, the policies are still attached, but they are not active in the console, only on the client. Seems like we have a bug where the client is not synced with the console.
I have tried to upgrade MinIO to RELEASE.2024-08-26T15-33-07Z and RELEASE.2024-08-29T01-40-52Z , but I am still facing the same issue.
Expected Behavior
The policies under IAM Policies in the GUI should be synced with the policies listed while using mc command "mc admin policy list MinIO".
Current Behavior
The policies are detached in the console and attached on the client.
Possible Solution
Need to activate a IAM policy sync between miniIO and mc.
Steps to Reproduce (for bugs)
Upgrade to RELEASE.2024-08-17T01-24-54Z or above.
Your Environment
MiniO: RELEASE.2024-08-17T01-24-54Z and above.
MinIO Client: RELEASE.2024-08-26T10-49-58Z
uname -a):Linux 4.18.0-553.16.1.el8_10.x86_64
Red Hat Enterprise Linux release 8.10 (Ootpa)
The text was updated successfully, but these errors were encountered: