perf icon indicating copy to clipboard operation
perf copied to clipboard

Published 20 hours ago verified publisher icon goharbor

createUserForbidden on OIDC enabled instance

Open srinath-chandra opened this issue 2 years ago • 3 comments

Seems this tools doesn't work for OIDC enabled Harbor instances, as the local user creation would be disabled, when on OIDC.

When we run perf prepare on OIDC enabled instance we get below error [Test projects gets created fine]: INFO[0001] GoError: failed to create user user-001, error: [POST /users][403] createUserForbidden source=console

We use admin User, so its not the User permission issue, rather not allowed of local User creation apart from the default admin user, when OIDC is enabled.

Any suggestions or workaround please?

srinath-chandra avatar Jun 09 '23 06:06 srinath-chandra

确实如此~ 有什么办法吗?

jicki avatar Jul 03 '23 03:07 jicki

Yes, harbor admin can not create user manually when switch the auth mode to OIDC because the local user only available when use DB for authorization, so a workaround may delete the script for prepare user.

chlins avatar Jul 26 '23 01:07 chlins

Yup, we just do a simple rm scripts/data/02-user.js scripts/data/03-project-member.js prior to running go run mage.go prepare.

nmcostello avatar Sep 01 '23 19:09 nmcostello