Bug 1721016

Summary: User with edit permission cannot list resource virtualmachineinstancemigrations
Product: Container Native Virtualization (CNV) Reporter: Guohua Ouyang <gouyang>
Component: VirtualizationAssignee: Marc Sluiter <msluiter>
Status: CLOSED CURRENTRELEASE QA Contact: zhe peng <zpeng>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.0CC: cnv-qe-bugs, fdeutsch, gouyang, ipinto, msluiter, rhallise, sgordon, sgott
Target Milestone: ---   
Target Release: 2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: hco-bundle-registry-container-v2.0.0-32 virt-operator-container-v2.0.0-37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-22 12:33:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Guohua Ouyang 2019-06-17 07:08:11 UTC 
Description of problem:
login with a user withous admin permission.

$ oc get virtualmachineinstancemigrations
No resources found.
Error from server (Forbidden): virtualmachineinstancemigrations.kubevirt.io is forbidden: User "ghua" cannot list resource "virtualmachineinstancemigrations" in API group "kubevirt.io" in the namespace "default"

The error is also visible on UI when browsing project status.

Version-Release number of selected component (if applicable):
hco-26

How reproducible:
100%

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
The issue is very similar with https://bugzilla.redhat.com/show_bug.cgi?id=1720433.
Comment 1 Fabian Deutsch 2019-06-17 09:44:05 UTC 
Marc, could this bug be similar to bug 1720433?
Comment 2 Marc Sluiter 2019-06-17 12:07:02 UTC 
yes it is, incomplete RBAC rules for the new virtualmachineinstancemigration resource on the view/edit/admin cluster roles, will add them to the upstream PR https://github.com/kubevirt/kubevirt/pull/2391
Comment 3 Marc Sluiter 2019-06-19 16:35:35 UTC 
upstream backport PR is merged: https://github.com/kubevirt/kubevirt/pull/2394
Comment 5 zhe peng 2019-07-04 07:20:31 UTC 
verify with build hco-bundle-registry:v2.0.0-36

NAME                 UID                                    FULL NAME   IDENTITIES       
pm1                  0c9dd68e-9e23-11e9-b522-0a580a810033               htpassidp:pm1
pm2                  71c2fcfd-9e22-11e9-b522-0a580a810033               htpassidp:pm2

login as normal user
$oc whoami
pm2

$oc get virtualmachineinstancemigrations
NAME                        AGE
kubevirt-evacuation-fvcnr   12h
kubevirt-evacuation-s7757   13h

login webui with user pm2
no error when access project status

move to verified.