You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've searched the issue queue to verify this is not a duplicate bug report.
I've included steps to reproduce the bug.
I've pasted the output of kargo version.
I've pasted logs, if applicable.
Description
After update to 0.9.0, auth with bearer token results in permission denied from api server for all kargo projects, warehouses, stages, etc. Same authentication in 0.8.8 works without issue. I am using oidc with dex for standard user auth, for which I've made the necessary claim changes and all of that works fine. It doesn't seem like any of those changes should have an impact on token auth.
Steps to Reproduce
Authenticate to kargo 0.8.8 with token - in my case this is via a Go app, but I imagine it would be the same via CLI with --kubeconfig authentication (Though I am unable to verify, as trying with CLI led me to this issue)
Get project
Again in my test case using GetProjectRequest, but imagine same for kargo get projects
Successfully lists projects
Update to kargo 0.9.0
Get project results in: projects.kargo.akuity.io "<project>" is forbidden: get is not permitted
Version
Client Version: v0.9.0
Server Version: v0.9.0
Logs
time="2024-10-10T19:04:40Z" level=error msg="finished unary call" connect.code=permission_denied connect.duration="811.993µs" connect.method=GetProject connect.service=akuity.io.kargo.service.v1alpha1.KargoService connect.start_time="2024-10-10T19:04:40Z" error="permission_denied: projects.kargo.akuity.io \"<project>\" is forbidden: get is not permitted"
The text was updated successfully, but these errors were encountered:
Checklist
kargo version
.Description
After update to 0.9.0, auth with bearer token results in permission denied from api server for all kargo projects, warehouses, stages, etc. Same authentication in 0.8.8 works without issue. I am using oidc with dex for standard user auth, for which I've made the necessary claim changes and all of that works fine. It doesn't seem like any of those changes should have an impact on token auth.
Steps to Reproduce
GetProjectRequest
, but imagine same forkargo get projects
projects.kargo.akuity.io "<project>" is forbidden: get is not permitted
Version
Logs
The text was updated successfully, but these errors were encountered: