Bug 1871109

Summary: [v2v] Error messages when trying to do import while not having permissions for it are wrong
Product: OpenShift Container Platform Reporter: Tomas Jelinek <tjelinek>
Component: Console Kubevirt PluginAssignee: Ido Rosenzwig <irosenzw>
Status: CLOSED DUPLICATE QA Contact: Ilanit Stein <istein>
Severity: high Docs Contact: Avital Pinnick <apinnick>
Priority: high    
Version: 4.5CC: aos-bugs, apinnick, gouyang, irosenzw, pkliczew
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: v2v, ux_issue
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-04 11:58:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
v2v non-admin user permissions error none

Description Tomas Jelinek 2020-08-21 11:03:48 UTC 
Description of problem:

Go to the import VM wizard while being a non admin user. The VMware provider will complain that:

"
Could not load ConfigMap vmware-to-kubevirt-os in kube-public namespace
Restricted Access: configmaps "vmware-to-kubevirt-os" is forbidden: User "tjelinek" cannot get resource "configmaps" in API group "" in the namespace "kube-public"
"

which is not a nice way to communicate it and the RHV provider will say nothing, only will hang forever in the "Starting Red Hat Virtualization (RHV) controller"

The errors should actually tell the user what is wrong.
Comment 1 Tomas Jelinek 2020-08-21 11:30:16 UTC 
The UI should check if the user is allowed to read the v2v-vmware configmap in openshift-cnv or kubevirt-hyperconverged namespace before trying to deploy the controller. If it is not able to read that, it should show a warning, that this namespaces are not available and you should contact the administrator to give you access to them.
Comment 2 Ido Rosenzwig 2020-08-25 12:55:11 UTC 
the ability to read the v2v-vmware configmap from one of these two namespaces is a result of lack of the user's permissions.
beside the access permissions to these namespaces the user should have other permissions in a cluster level to be able to import a VM from a provider.
Thus, the error message should be: 'You don't have permissions to import a VM, please contact your administrator'.

In addition, the set of permissions that are missing appear in the bottom, do we want to show it as it is now or do we want to parse it and presented elegantly?
The error is attached.
Comment 3 Ido Rosenzwig 2020-08-25 12:55:58 UTC 
Created attachment 1712534 [details]
v2v non-admin user permissions error
Comment 6 Ilanit Stein 2020-10-04 11:58:11 UTC 
According to documentation bug 1872318 the import will work only for an admin user. 
The option to import will be hidden for non admin user: https://bugzilla.redhat.com/show_bug.cgi?id=1881386 (change OCP-4.6).

Based on the above this bug cannot be verified, therefore, closing the bug.

*** This bug has been marked as a duplicate of bug 1881386 ***