Bug 1417981

Summary: user can lose access to project but project still in users quota
Product: OpenShift Online Reporter: Aleksandar Kostadinov <akostadi>
Component: RFEAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: aos-bugs, bingli, dmace, jialiu, mifiedle, mmccomas, ssorce, xtian, xxia, yufchang
Target Milestone: ---Keywords: NeedsTestCase, OnlinePro, OnlineStarter, Reopened, RFE
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: online_3.4.1
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-22 23:25:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Aleksandar Kostadinov 2017-01-31 14:28:50 UTC 
Description of problem:
User can remove himself as project admin and lose ability to access or delete the project. In online environment this would prevent creating a new project as well.

Version-Release number of selected component (if applicable):
3.4.1.2

How reproducible:
always

Steps to Reproduce:
1. create project
2. in console open project, Resources->Membership->Users
3. remove admin role from self

Actual results:
role removed
browser shows just white screen

Expected results:
User is prevented from deleting his role unless there is already another admin for the project.

Alternatively there should be a mechanism for user to reclaim project admin provided project counts toward user's quota.

Or some other user-friendly solution.
Comment 3 Xiaoli Tian 2017-06-15 07:09:45 UTC 
OpenShift Online Preview has been decommissioned, go to https://manage.openshift.com/ for using OpenShift Online starter cluster
Comment 4 Aleksandar Kostadinov 2017-06-15 08:10:45 UTC 
This issue is not cluster installation specific. Just on online. I can't test the Online Starter cluster right now. When I have access I will. I'd reopen this issue until then.
Comment 6 Abhishek Gupta 2017-12-05 21:18:23 UTC 
This is perhaps more of an RFE.
Comment 7 Simo Sorce 2017-12-15 14:41:13 UTC 
I do not see how this is an auth bug in any way. The system works as designed, I moved the component to RFE where it can be evaluated and eventually assigned or closed. It sounds more of an operational problem to me, than somethign we can implement/resolve via a generic mechanism though.
Comment 8 Aleksandar Kostadinov 2017-12-15 17:29:14 UTC 
Given user is on the hook for the bills, then being unable to restore your access to the resources would definitely be a bug, at least UX problem.

Can we somehow disallow removing the owner from the admin list? Or at the very least we need to document how access can be restored (e.g. contact support@...).
Comment 9 Xingxing Xia 2018-01-10 10:16:39 UTC 
(In reply to Simo Sorce from comment #7)
> me, than somethign we can implement/resolve via a generic mechanism though.
(In reply to Aleksandar Kostadinov from comment #8)
> Given user is on the hook for the bills, then being unable to restore your
> access to the resources would definitely be a bug, at least UX problem.
Hope at least Online Starter can have mechanism like https://bugzilla.redhat.com/show_bug.cgi?id=1424598#c2 . Thank you!
Currently Online Starter e.g. free-int, does not have that mechanism, as QE met in https://github.com/openshift/cucushift/pull/5824#issue-287360347
Comment 10 Abhishek Gupta 2018-03-22 23:25:46 UTC 
Created a card to address this: https://trello.com/c/QbxeBtzk