Description
After deploying VECTR 9.10.1 on Kubernetes with PostgreSQL, users cannot see or select existing environments. The "Select Active Environment" page shows "Create your first environment" even though environments exist in the database.
Environment
- VECTR Version: 9.10.1 (
securityriskadvisors/vectr_tomcat:9.10.1)
- Database: PostgreSQL (deployed via Kubernetes)
- Platform: Oracle Kubernetes Engine (OKE)
- Migration Version: 74
Problem
The /databases API endpoint returns 1 (appears to be a count) instead of returning the actual list of environments.
Browser Network Tab shows:
- Request:
GET /sra-purpletools-rest/databases
- Response Status:
200
- Response Body:
1
Expected Behavior
The API should return a JSON array of environments:
[{"id": 1, "name": "FS_THREAT_INDEX"}, {"id": 2, "name": "HEALTH_THREAT_INDEX"}, ...]Actual Behavior
API returns: 1
Additional Observations
1. Environments exist in database
SELECT * FROM environment;
id | name | created_at | updated_at
----+---------------------+-------------------------------+-------------------------------
1 | FS_THREAT_INDEX | 2024-02-22 18:39:22.531872+00 | 2024-02-22 18:39:22.531872+00
2 | HEALTH_THREAT_INDEX | 2024-02-22 18:39:22.531872+00 | 2024-02-22 18:39:22.531872+00
3 | Test_Env | 2026-01-29 00:33:06.563042+00 | 2026-01-29 00:33:06.563042+00
2. JWT DATABASES attribute is always empty
Request: [auth, { name: subject, id: d645a624-b013-475d-a9f3-f50a04aad32d,
attributes: { USERNAME: admin, GROUPS: [Admins, DatabaseManager],
DATABASES: [], SELECTABLE_ENVS: [*] } }...
3. User has correct policies
- AdminFullAccess
- AllDatabaseFullAccess
- ListDatabases
- DatabaseManagementFullAccess (via DatabaseManager group)
4. Attempted fixes (none worked)
- Added entries to
auth.app_user_vault table with database IDs and names
- Assigned multiple database-related policies
- Added user to DatabaseManager group
- Cleared tokens and restarted Tomcat
- Verified user is linked to organization in
app_user_to_organization
Steps to Reproduce
- Deploy VECTR 9.10.1 on Kubernetes with PostgreSQL
- Create admin user and environments
- Login as admin
- Navigate to environment selection page
- Observe "Create your first environment" message despite environments existing
Questions
- How is the
DATABASES JWT attribute supposed to be populated?
- Is there a migration or configuration step we're missing?
- Is
app_user_vault the correct table for storing user-to-database assignments?
Description
After deploying VECTR 9.10.1 on Kubernetes with PostgreSQL, users cannot see or select existing environments. The "Select Active Environment" page shows "Create your first environment" even though environments exist in the database.
Environment
securityriskadvisors/vectr_tomcat:9.10.1)Problem
The
/databasesAPI endpoint returns1(appears to be a count) instead of returning the actual list of environments.Browser Network Tab shows:
GET /sra-purpletools-rest/databases2001Expected Behavior
The API should return a JSON array of environments:
[{"id": 1, "name": "FS_THREAT_INDEX"}, {"id": 2, "name": "HEALTH_THREAT_INDEX"}, ...]Actual Behavior
API returns:
1Additional Observations
1. Environments exist in database
2. JWT DATABASES attribute is always empty
3. User has correct policies
4. Attempted fixes (none worked)
auth.app_user_vaulttable with database IDs and namesapp_user_to_organizationSteps to Reproduce
Questions
DATABASESJWT attribute supposed to be populated?app_user_vaultthe correct table for storing user-to-database assignments?