You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the app launcher dropdown should only display usable (i.e. allowed by RBAC) aws roles for an app.
Current behavior:
the app launcher shows all the available aws roles that a user has across their roleset, regardless of whether those roles are actually allowed by Teleport's RBAC.
For example, here I have an aws console app with this spec:
NOTE: the aws-dynamodb-access role's app_labels do not match the labels for my example app, therefore RBAC will not allow me to actually use the ProdAdmin aws IAM role.
So the only thing I should see in the launcher are the two allowed roles from my user traits.
However, I see all of them:
If I click on the ProdAdmin role in the launcher, access is denied and I get an unhelpful "Not found" page (we intentionally obscure access errors with "not found"):
This is poor UX and has tripped up at least one customer in a support ticket.
Bug details:
Teleport version: master / v16.0.0-dev
Recreation steps: see above example.
The text was updated successfully, but these errors were encountered:
Expected behavior:
Current behavior:
For example, here I have an aws console app with this spec:
My user has the preset access role, and these user traits:
and my user also has the following role:
NOTE: the
aws-dynamodb-access
role'sapp_labels
do not match the labels for my example app, therefore RBAC will not allow me to actually use theProdAdmin
aws IAM role.So the only thing I should see in the launcher are the two allowed roles from my user traits.
However, I see all of them:
If I click on the
ProdAdmin
role in the launcher, access is denied and I get an unhelpful "Not found" page (we intentionally obscure access errors with "not found"):This is poor UX and has tripped up at least one customer in a support ticket.
Bug details:
The text was updated successfully, but these errors were encountered: