Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

forbidden: User "system:anonymous" #9536

Closed
ElhamAhmadlou opened this issue Sep 7, 2022 · 2 comments
Closed

forbidden: User "system:anonymous" #9536

ElhamAhmadlou opened this issue Sep 7, 2022 · 2 comments
Labels
problem/stale This has not had a response in some time type/support User support issue - likely not a bug

Comments

@ElhamAhmadlou
Copy link

hello @alexec

About my SSO serviceaccount issue , i mentioned that in UI user info i see the correct SA (which in my case is argo-admin-user) so i got the correct SA , so i don't login anonymously. If i login with argo-admin-user bearer token , i have correct access without mentioned error.

My SSO and SAs configuration is like this but i get this error in UI when i login with SSO:

forbidden: [workflows.argoproj.io](http:https://workflows.argoproj.io/) is forbidden: User "system:anonymous" cannot list resource "workflows" in API group "[argoproj.io](http:https://argoproj.io/)" in the namespace ""

This is part of the role which binded to my SA:

- verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - deletecollection
      - delete
    apiGroups:
      - [argoproj.io](http:https://argoproj.io/)
    resources:
      - workflows
      - workflows/finalizers
      - cronworkflows
      - cronworkflows/finalizers
      - workfloweventbindings
      - workfloweventbindings/finalizers
      - workflowtaskresults
      - workflowtaskresults/finalizers
      - workflowtasksets
      - workflowtasksets/finalizers
      - workflowtasksets/status
      - workflowtemplates
      - workflowtemplates/finalizers
      - eventsources
      - sensors
  - verbs:
      - get
      - list
      - watch
    apiGroups:
      - [argoproj.io](http:https://argoproj.io/)
    resources:
      - clusterworkflowtemplates
      - clusterworkflowtemplates/finalizers

I also defined read-only default SA like bellow (i think @terrytangyuan meant this by anonymous SA ) and related RB, but was not helpful:

  name: user-default-login
  annotations:
    workflows.argoproj.io/rbac-rule: "true"
    workflows.argoproj.io/rbac-rule-precedence: "0"

Do you have any idea to fix it?

Originally posted by @ElhamAhmadlou in #9526 (comment)
@stale
Copy link

stale bot commented Oct 1, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is a mentoring request, please provide an update here. Thank you for your contributions.

@stale stale bot added the problem/stale This has not had a response in some time label Oct 1, 2022
@stale
Copy link

stale bot commented Oct 16, 2022

This issue has been closed due to inactivity. Feel free to re-open if you still encounter this issue.

@stale stale bot closed this as completed Oct 16, 2022
@agilgur5 agilgur5 added the type/support User support issue - likely not a bug label Sep 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
problem/stale This has not had a response in some time type/support User support issue - likely not a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agilgur5 @ElhamAhmadlou