Known issues¶
This section describes the MSR known issues with available workarounds, along with a list of current product limitations.
Note
When malware is present in customer images, malware scanners operating on MSR Nodes at runtime can wrongly report MSR as a bad actor. If your malware scanner detects any issue in a running instance of MSR, refer to Vulnerability scanning.
Known issues with workaround solutions¶
MSR 3.0.1 issues for which there are available workaround solutions include:
[ENGDTR-3008] Vulnerability scan miscalculation in MSR web UI
[ENGDTR-2623] eNZi configuration changes require manual intervention
[ENGDTR-3008] Vulnerability scan miscalculation in MSR web UI¶
The summary counts that MSR displays for Critical, High, Medium, and Low in both the Vulnerabilities column and in the View Details view are unreliable and may be incorrect when displaying non-zero values. The Components tab displays correct values for each component.
Workaround:
Navigate to the Components tab, review the individual non-green components, and separately calculate the total of the numbers that present as Critical, High, Medium, and Low.
[ENGDTR-2906] Initialization failure¶
Initialization fails when the RethinkDB cluster has an even number of servers.
The workaround is to set the Helm chart value
rethinkdb.cluster.replicaCount
to an odd number.
[ENGDTR-2790] Permissions tab lists only 10 repositories¶
Important
Erroneously reported as a known issue, the Permissions tab bug was resolved prior to the initial MSR 3.0 release.
The Permissions tab for team pages in the MSR web UI does not list more than 10 repositories.
Workaround:
Access the full list of repositories for the team through the API:
GET /api/v0/accounts/{orgname}/teams/{teamname}/repositoryAccess
Using this command, you can rotate the certificates that provide intra-cluster communication between the MSR system containers and RethinkDB.
[ENGDTR-2310] Teams page lists only 10 repositories¶
Important
Erroneously reported as a known issue, the team page bug was resolved prior to the initial MSR 3.0 release.
When you want to add repository permission to a team by clicking the
Add Repository Permissions on the team page, for example,
https://<msr-host>/orgs/<orgname>/teams/<teamname>/permissions/new
,
the Organization Repository dropdown does not list more than 10
repositories.
Workaround:
Use the API to add team permissions to the repository:
PUT /api/v0/repositories/{namespace}/{reponame}/teamAccess/{teamname})
[ENGDTR-2623] eNZi configuration changes require manual intervention¶
Changes to eNZi configuration are not live-reloaded.
Workaround:
Restart the *-api
, *-enzi-api
, *-garant
, and *-registry
Pods
every time you change your eNZi registration using the administrative commands.
Product limitations¶
Integration with MKE authentication is not yet supported.
Existing MSR 2.x installations cannot currently be upgraded to MSR 3.0.x.
Client-certificate authentication for MSR users is not currently available.
MSR operators cannot currently specify passwords for the MSR administrators, and the Helm chart configures MSR with a static default password at install.
[ENGDTR-3005] A logged-in MSR admin who closes a browser instance does not need to log in again if they open a new browser instance.
[ENGDTR-3003] Enabling Require users to Log In per Tab Session in ENZI for MSR does not result in users being required to reenter their credentials when they open the MSR web UI in a new tab.