As part of my company’s CI/CD pipeline, we have built a web service that manages the deployments of Rancher stacks across multiple environments. To achieve this we do the following:
- The service is configured to use an account API key and secret. The service uses this to access the Rancher API
- The service makes an API calls to Rancher to get the environments the account has access to via /v1/projects
- The account is explicit given “Member” access to our environments
This pattern works well most of the time. However, we have noticed that there are several situations where the call to the projects endpoint is authenticated, but the payload returned is empty. Based on some preliminary tests, we have seen that if we log back into the Rancher UI with the user account, the API will eventually return the environments we expect.
Below is some information about our Rancher instance:
Version: 1.1.1
Access Control: GitHub (the account we generated the key for is part of our GitHub organization)
Is this a known issue with using Account API keys with GitHub access control? I haven’t noticed the same situation when running tests against a local Rancher instance using the default access control method. I also didn’t find any issue in the Rancher repository.
Thanks