Dashboard is not showing cluster, topics and other details after enabling RBAC

[padmaachuth]

Issue submitter TODO list

• I've looked up my issue in FAQ
• I've searched for an already existing issues here
• I've tried running master-labeled docker image and the issue still persists there
• I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Enabled LDAP with RBAC for Kafka-UI 0.7.0 and able to access kafka UI with Ldap credentials but after login its not listing clusters, topics, schemas and connectors details.

Expected behavior

No response

Your installation details

App Version: 0.7.0

Below are the application configuration used to enable RBAC

KAFKA_CLUSTERS_0_NAME kafka
KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: :9092
KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: SASL_PLAINTEXT
KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM: GSSAPI
KAFKA_CLUSTERS_0_SCHEMAREGISTRY:
KAFKA_CLUSTERS_0_KAFKACONNECT_0_NAME: dev
KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG: com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false principal="***@EXAMPLE.COM" useKeyTab=true serviceName="kafka" keyTab="/path/.keytab";
KAFKA_CLUSTERS_0_KAFKACONNECT_0_ADDRESS:
AUTH_TYPE: LDAP
SPRING_LDAP_URLS: ldap://ldap..com:
SPRING_LDAP_BASE: CN=,OU=Users,OU=Accounts,OU=Resources,DC=,DC=com
SPRING_LDAP_ADMIN-USER: CN=,OU=Users,OU=Accounts,OU=Resources,DC=,DC=com
SPRING_LDAP_ADMIN-PASSWORD: ********
SPRING_LDAP_USER-FILTER-SEARCH-FILTER: (&(sAMAccountName={0})(objectClass=person))
SPRING_LDAP_USER-FILTER-SEARCH-BASE: OU=Users,OU=Accounts,OU=Resources,DC=example,DC=com
SPRING_LDAP_GROUP-FILTER-SEARCH-BASE: OU=Users,OU=Accounts,DC=example,DC=com
SPRING_CONFIG_ADDITIONAL-LOCATION: /roles.yml

ROLES Yaml file:

rbac:
roles:
- name: "admin"
clusters:
- kafka-dev
subjects:
- provider: ldap
type: group
value: "OU=Users,OU=Accounts,OU=Resources,DC=,DC=com"
permissions:
- resource: clusterconfig
actions: [ "view", "edit" ]
- resource: topic
value: ""
actions:
- VIEW
- CREATE
- EDIT
- DELETE
- MESSAGES_READ
- MESSAGES_PRODUCE
- MESSAGES_DELETE
- resource: consumer
value: "_confluent-ksql."
actions: [ VIEW, DELETE, RESET_OFFSETS ]
- resource: schema
value: ""
actions: [ VIEW, CREATE, DELETE, EDIT, MODIFY_GLOBAL_COMPATIBILITY ]
- resource: connect
value: ""
actions: [ view, edit, create ]
- resource: ksql
actions: [ execute ]

Steps to reproduce

1. Access kafka-ui login page in browser.
2. provide credentials and click on login

Screenshots

Logs

No response

Additional context

No response

[github-actions[bot]]

Hello there padmaachuth! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

[Haarolean]

Your cluster is not visible because you got no assigned roles, thus no permissions.
This can be confirmed via calling /api/authorization endpoint.
You have to update to 0.7.1 and figure out the proper settings for your LDAP queries.
Enabling logging could help with that:

logging.level.org.springframework.security.ldap.userdetails: TRACE
logging.level.org.springframework.security.ldap.authentication: TRACE
logging.level.com.provectus.kafka.ui.service.rbac.extractor: TRACE