Bug 1564269
Summary: | add list istags at cluster scope to dedicated-admin role in openshift dedicated. | ||
---|---|---|---|
Product: | OpenShift Online | Reporter: | Brian Cook <bcook> |
Component: | RFE | Assignee: | Abhishek Gupta <abhgupta> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | yasun |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.x | CC: | aos-bugs, jokerman, mmccomas, peasters, wgordon |
Target Milestone: | --- | Keywords: | OnlineDedicated, TestCaseNeeded |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-29 14:12:51 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Brian Cook
2018-04-05 20:58:58 UTC
Per request of Will, I'm also noting here that we'd like the ability to view these resources at a cluster level as well: builds buildconfigs We've sufficiently worked around the need for is/istags, but cluster-wide GET access for builds would be great. Verified this bug on OCP 3.9: user will be able to check the images/imagestreamtags/builds/buildconfigs at cluster scope after granted the "dedicated-cluster-admin" clusterrole: Before granted "dedicated-cluster-admin": $ oc get imagestreamtags --all-namespaces Error from server (Forbidden): imagestreamtags.image.openshift.io is forbidden: User "bingli" cannot list imagestreamtags.image.openshift.io at the cluster scope: User "bingli" cannot list all imagestreamtags.image.openshift.io in the cluster $ oc get image --all-namespaces Error from server (Forbidden): images.image.openshift.io is forbidden: User "bingli" cannot list images.image.openshift.io at the cluster scope: User "bingli" cannot list all images.image.openshift.io in the cluster $ oc get build --all-namespaces Error from server (Forbidden): builds.build.openshift.io is forbidden: User "bingli" cannot list builds.build.openshift.io at the cluster scope: User "bingli" cannot list all builds.build.openshift.io in the cluster $ oc get bc --all-namespaces Error from server (Forbidden): buildconfigs.build.openshift.io is forbidden: User "bingli" cannot list buildconfigs.build.openshift.io at the cluster scope: User "bingli" cannot list all buildconfigs.build.openshift.io in the cluster After granted "dedicated-cluster-admin": # oc adm policy add-cluster-role-to-user dedicated-cluster-admin bingli cluster role "dedicated-cluster-admin" added: "bingli" $ oc get imagestreamtags --all-namespaces | wc -l 138 $ oc get image --all-namespaces | wc -l 122 $ oc get build --all-namespaces | wc -l 2 $ oc get bc --all-namespaces | wc -l 2 Hello Bing Li, Would you please verify this against a 3.7 cluster as well? Thank you! Verified on OCP 3.7: User can be able to get images/imagestreamtags/builds/buildconfigs at cluster scope after granted the "dedicated-cluster-admin" clusterrole: $ oc get imagestreamtags --all-namespaces | wc -l 130 $ oc get image --all-namespaces | wc -l $ oc get build --all-namespaces | wc -l 5 $ oc get bc --all-namespaces | wc -l 5 |