Chapter 4. Known issues in Red Hat Developer Hub 1.0

To mitigate this vulnerability until you can update to Red Hat Developer Hub 1.1, ensure that the base64-encoded GitLab token does not contain a newline character at the end of the string.

Workaround: Remove the newline from the token to prevent the unintended disclosure of the access token through the frontend.

The policy.csv file is used to load permissions into Developer Hub. There may be instances of overlapping permissions, and the permissions can be reloaded into the database.

Workaround: Remove the permission policies and roles in policy.csv file that might conflict with permissions and roles that are defined using the RBAC REST API. This ensures that permissions and roles are not repopulated to the RBAC plugin when server restarts.

If permission policies are not applied or removed permissions reappear in the RBAC plugin, use REST API to remove the conflicting or duplicate permission policies and roles.

You can also use the REST API endpoints to to list all the existing permission policies and roles and then you can address the issues either by removing or updating the permission policies and roles.

The validation process in the create role API is currently ineffective, allowing the creation of roles that are invalid. This results in input errors when attempting to update or delete these roles.

Workaround: Ensure that the following format is applied when you create or update a role for the RBAC plugin to consume:

<user/group>:<NAMESPACE>/<USERNAME>, role:<NAMESPACE>/<ROLE_NAME>

Manually manipulating the policy.csv file leads to inconsistent behavior, causing the manipulated permission or role to not apply correctly within the RBAC plugin.

Workaround: To avoid unnecessary server restarts, use the RBAC REST API for handling permissions and roles. If you update the policy.csv file, a restart of the Developer Hub is necessary to ensure that RBAC properly includes the permissions and roles defined in the policy.csv file.

Moreover, any modifications or removals of permissions and roles in the policy.csv file necessitate subsequent requests to the REST API to prevent conflicts with database entries.