From e66665be9fd74f5a7fbc9cf7a9463b19be81a799 Mon Sep 17 00:00:00 2001 From: Tim Ross Date: Wed, 28 May 2025 09:01:47 -0400 Subject: [PATCH] Allow unknown ListUnifiedResourceRequest.Kinds Unknown kinds resulted in the request erroring out and returning an error about unknown kinds. This causes compatibility issues when new kinds are added, i.e. git_server in v17 with a v16 leaf cluster will prevent the leaf cluster resources page from loading in the root web ui. The errors are now treated as if access for unknown kinds are denied which will filter them out and allow any known resources to still be processed and returned. --- lib/auth/auth_with_roles.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go index 0a381044ce5b8..594affbc8bb79 100644 --- a/lib/auth/auth_with_roles.go +++ b/lib/auth/auth_with_roles.go @@ -1400,7 +1400,8 @@ func (a *ServerWithRoles) ListUnifiedResources(ctx context.Context, req *proto.L for _, kind := range requested { if _, ok := supportedUnifiedResourceKinds[kind]; !ok { - return nil, trace.BadParameter("Unsupported kind %q requested", kind) + resourceAccess.kindAccessMap[kind] = trace.AccessDenied("Unsupported kind %q requested", kind) + continue } actionVerbs := []string{types.VerbList, types.VerbRead}