Bug 1721025
| Summary: | User with edit permission cannot start/stop virtual machine | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Guohua Ouyang <gouyang> |
| Component: | Virtualization | Assignee: | Marc Sluiter <msluiter> |
| Status: | CLOSED DUPLICATE | QA Contact: | Israel Pinto <ipinto> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.0 | CC: | cnv-qe-bugs, gouyang |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-17 08:00:30 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 1720433 *** |
Description of problem: User with edit permission cannot start/stop virtual machine, an interesting thing is 'oc auth can-i restart vm" is 'no', but virtctl restart vm is okay. login a user just with edit permission. [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc auth can-i create vm yes [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc auth can-i start vm no [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc auth can-i restart vm no [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc auth can-i stop vm no [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc auth can-i delete vm yes [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc create -f example.yaml virtualmachine.kubevirt.io/example created [cnv-qe-jenkins@cnv-executor-ghua ~]$ virtctl start example Error starting VirtualMachine virtualmachines.subresources.kubevirt.io "example" is forbidden: User "ghua" cannot update resource "virtualmachines/start" in API group "subresources.kubevirt.io" in the namespace "default" [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc patch vm example -p '{"spec":{"running":true}}' --type=merge virtualmachine.kubevirt.io/example patched [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc get vm NAME AGE RUNNING VOLUME example 3m19s true [cnv-qe-jenkins@cnv-executor-ghua ~]$ virtctl stop example Error stopping VirtualMachine virtualmachines.subresources.kubevirt.io "example" is forbidden: User "ghua" cannot update resource "virtualmachines/stop" in API group "subresources.kubevirt.io" in the namespace "default" [cnv-qe-jenkins@cnv-executor-ghua ~]$ virtctl restart example VM example was scheduled to restart [cnv-qe-jenkins@cnv-executor-ghua ~]$ oc delete vm example virtualmachine.kubevirt.io "example" deleted Version-Release number of selected component (if applicable): hco-26 How reproducible: 100% Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: This issue is for virt component, the issue for UI is: https://bugzilla.redhat.com/show_bug.cgi?id=1720603