Bug 1760044

Summary: Console workload show restricted acccess if knative serverless TP1 operator is installed and logged in as non admin
Product: OpenShift Container Platform Reporter: Jaivardhan Kumar <jakumar>
Component: Dev ConsoleAssignee: cvogt
Status: CLOSED ERRATA QA Contact: Ruchir Garg <rgarg>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2.0CC: aos-bugs, bparees, jakumar, nmukherj, piqin, rgarg, spathak, wking
Target Milestone: ---   
Target Release: 4.2.z   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1758628 Environment:
Last Closed: 2019-11-13 18:55:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1758628    
Bug Blocks:    

Description Jaivardhan Kumar 2019-10-09 17:08:45 UTC 
+++ This bug was initially created as a clone of Bug #1758628 +++

Description of problem:
Non project admin uer i.e normal httpd user won't be able to view workloads under console when knative serverless tech preview 1 operator is installed. Sidebar resources list resources as per kknative resource. Even though the deployment selected in the workloads view is not a knative workload, the sidebar is showing the resource list for knative resources.

Version-Release number of selected component (if applicable):4.2


How reproducible:
1. Install knative serverless TP1 operator (1.0.0), follow https://docs.openshift.com/container-platform/4.1/serverless/installing-openshift-serverless.html
1. create a non-admin user i.e normal httpd user
2. This can be observed by going to the openshift-console project -> workloads tab


Steps to Reproduce:
1. Create a non admin user i.e normal httpd user
2. This can be observed by going to the openshift-console project -> workloads tab
3. If logged in as "kubeadmin" can see deployments and Then click on the first deployment.

Actual results:
1. Workloads will show restricted access if logged in via non-admin user.
2. Selection of deployments on workloads will show incorrect resources if logged in with kubeadmin 

Expected results:
1. Workloads should list deploymets if logged in via non-admin user.
2. Selection of deployments on workloads will show correct resources if logged in with kubeadmin 


Additional info:

--- Additional comment from W. Trevor King on 2019-10-04 20:33:56 UTC ---

Setting the target release to 4.3.0, since we try to fix things in master first and 4.3 is where master is currently pointing.  Once this gets addressed there it can be cloned back to 4.2.z if that seems appropriate.

--- Additional comment from spathak on 2019-10-09 14:07:51 UTC ---

I've verified the following scenario:
1. I installed knative tp1 and logged in as a non-admin 
2. I went openshift-console project -> workloads tab
3. I was able to see deployments and in the deployments able to see routes also.

--- Additional comment from Ruchir Garg on 2019-10-09 14:40:15 UTC ---

Reassigning to Sanket Pathak for verification.

--- Additional comment from Ruchir Garg on 2019-10-09 14:57:28 UTC ---

Ressigning to Jaivardhan Kumar for access to the docs field.
Comment 8 errata-xmlrpc 2019-11-13 18:55:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3303