Bug 1886888
| Summary: | user with clusterrole full rights on deployments/scale cannot scale pod using the console | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | German Parente <gparente> |
| Component: | Dev Console | Assignee: | cvogt |
| Status: | CLOSED DUPLICATE | QA Contact: | |
| Severity: | medium | Docs Contact: | Rishu Mehra <rmehra> |
| Priority: | medium | ||
| Version: | 4.5 | CC: | aballant, aos-bugs, cjerolim, msaud, nmukherj, rmehra, sbudhwar, scuppett |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
In {product-title} 4.9, a user with scale permissions cannot scale a deployment or deployment config using the console if they do not have edit rights to the deployment or deployment config. This will be resolved in a future release. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1886888[BZ#1886888])
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-04 16:30:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Setting target release to the active development branch (4.7.0). For any fixes, where required and requested, cloned BZs will be created for those release maintenance streams where appropriate once they are identified. Jira ticket for planning purposes: https://issues.redhat.com/browse/ODC-5042 Pushing to 4.8 as we lack the bandwidth to address this in 4.7. Updated the doc text filed. |
Description of problem: - create a user. - create a cluster role like this: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: "2020-10-09T15:13:20Z" managedFields: - apiVersion: rbac.authorization.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:rules: {} manager: oc operation: Update time: "2020-10-09T15:37:44Z" name: scale resourceVersion: "60514" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterroles/scale uid: 36bc20fe-c654-4431-8a9b-9b7db96a473a rules: - apiGroups: - apps - apps.openshift.io resources: - configmaps - deploymentconfigs/scale - deployments/scale - replicationcontrollers/scale verbs: - get - list - watch - create - update - patch - delete - create a rolebinding like this: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: creationTimestamp: "2020-10-09T15:20:36Z" managedFields: - apiVersion: rbac.authorization.k8s.io/v1 fieldsType: FieldsV1 fieldsV1: f:roleRef: f:apiGroup: {} f:kind: {} f:name: {} f:subjects: {} manager: Mozilla operation: Update time: "2020-10-09T15:20:36Z" name: scalebinding resourceVersion: "55475" selfLink: /apis/rbac.authorization.k8s.io/v1/clusterrolebindings/scalebinding uid: 44e210a1-1b14-4f0c-961f-9414736d0eaf roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: scale subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: gparente - login as user - scale deployment: oc -n test scale deployment.apps/ruby-ex --replicas=3 deployment.apps/ruby-ex scaled - try to scale using the console does not work - we have to add to the clusterrole the deployments resource but that gives full access on the resource. So. the workaroud is to edit the cluster role and add: resources: ... - deployments ... Version-Release number of selected component (if applicable): 4.5 How reproducible: always