Request Access fails #83
Comments
|
Is it possible that you selected more than 10 roles at once? The "At least one role is required" error can either mean that you didn't select any roles, or that you exceeded the limit of 10 roles. I'll fix this check so that it returns different error messages in the two cases. |
|
Ahh yes I was trying to go more than 10 roles. Is that limit configurable? |
|
It's a hard-coded limit currently, but we could make it configurable. The only concern is that it activating 10+ roles might take several seconds. |
|
I think thats ok as long as it lets the user know its working on it |
|
I've changed this hardcoded limit from 10 to 30 and activated 20 roles in a bulk. Activation process was a little bit longer, but still faster than for example activation Contributor role via PAM in Azure. So imho this limit could be changed from 10 to 30 for example + proper notification should be visible ( maybe with some time counter ? ). If somebody needs to grant more than 30 predefined roles, it might be good idea to create custom role and use custom roles with proper permissions. |
|
FYI @jpassing This is the support case I raised for the weird https_proxy traffic hitting the vpc policy |
|
I added an option/environment variable The change is available in |
After selecting a bunch of roles when I go to request the access i get the following:
When I then go look into the logs i see:
{ "insertId": "648274a7000f094387c4016b", "httpRequest": { "requestMethod": "POST", "requestUrl": "https://XXXX/api/projects/github-actions-cicd-06eb/roles/self-activate", "requestSize": "3934", "status": 400, "responseSize": "713", "protocol": "HTTP/1.1" }, "resource": { "type": "cloud_run_revision", "labels": { "service_name": "jitaccess", "revision_name": "jitaccess-00008-jb2", "location": "australia-southeast1", "configuration_name": "jitaccess", "project_id": "XXXX" } }, "timestamp": "2023-06-09T00:39:03.622399Z", "severity": "WARNING", "labels": { "instanceId": "004d9db0be8960e38fd6f75a63e68b680f9091a069f736ef1a5f8b38c25e410d703863391f896ba75c0eb837ae6345548ebb5b2b54036d9ed4142dd7e725bec9af17" }, "logName": "projects/XXXX/logs/run.googleapis.com%2Frequests", "trace": "projects/XXXX/traces/84b07b4ac0f650770f4b429d57e38ba0", "receiveTimestamp": "2023-06-09T00:39:03.988956308Z", "spanId": "4884238612352887394", "traceSampled": true }So I think the self activate endpoint is not succeeding so it thinks I have no role selected? Not really sure hoping @jpassing can point me in the right direction.
The only other warning I can see in the logs is:
{ "insertId": "6482745d00009c10d12199c2", "jsonPayload": { "logging.googleapis.com/trace": null, "message": "The SMTP configuration is incomplete" }, "resource": { "type": "cloud_run_revision", "labels": { "service_name": "jitaccess", "revision_name": "jitaccess-00008-jb2", "location": "australia-southeast1", "project_id": "XXXX", "configuration_name": "jitaccess" } }, "timestamp": "2023-06-09T00:37:49.039952Z", "severity": "WARNING", "labels": { "instanceId": "004d9db0be8960e38fd6f75a63e68b680f9091a069f736ef1a5f8b38c25e410d703863391f896ba75c0eb837ae6345548ebb5b2b54036d9ed4142dd7e725bec9af17", "event": "runtime.startup" }, "logName": "projects/XXXX/logs/run.googleapis.com%2Fstdout", "receiveTimestamp": "2023-06-09T00:37:49.179583536Z" }But since i'm not using the multiparty approval just yet I think this is to be expected since i haven't set it up.
The text was updated successfully, but these errors were encountered: