Bug 1926371

Summary: Pod Scale-up requires extra privileges in OpenShift web-console
Product: OpenShift Container Platform Reporter: Robb Hamilton <rhamilto>
Component: Management ConsoleAssignee: Robb Hamilton <rhamilto>
Status: CLOSED ERRATA QA Contact: Siva Reddy <schituku>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.5CC: aos-bugs, jokerman, rabdulra, yanpzhan
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Scale pods is not using the 'scale' subresource. Consequence: Custom role without patch verb for deploymentconfigs/deployments can't scale the pods in the webconsole. Fix: Scale pods using the 'scale' subresource. Result: Scaling happens without adding any extra privileges through webconsole.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-03-09 20:16:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1911307    
Bug Blocks:    

Description Robb Hamilton 2021-02-08 18:01:57 UTC 
This bug was initially created as a copy of Bug #1911307

I am copying this bug because: 



Description of problem:
Without the `patch` verb for the `deployments`/`deploymentconfigs` resource, we cannot scale the deployments/deploymentconfigs through the web console. We need to provide an extra `patch` verb in order to scale up pods through the web-console. However, through CLI the pods' replica scale-up works without the `patch` verb.


Version-Release number of selected component (if applicable):
4.5


How reproducible:
100%

Steps to Reproduce:
1. Create a custom role without patch verb for deploymentconfigs/deployments (Attachment #1 [details])
2. Then assign the role to the user. 
3. Now try to scale the pods through webconsole and CLI.

Actual results:
Through CLI it is working as expected:

[quicklab@upi-0 ~]$ oc scale dc httpd --replicas=2
deploymentconfig.apps.openshift.io/httpd scaled

However, through webconsole, we need to provide the patch verb or else it won't show the arrows for calling the pods. 

Expected results:

Scaling should happen without adding any extra privileges through webconsole as done via CLI.

Additional info:
Attaching a sample custom role YAML file and screenshots of the webconsole.
Comment 1 Robb Hamilton 2021-02-23 19:10:03 UTC 
PR awaiting cherry-pick approval.
Comment 3 Siva Reddy 2021-02-28 22:14:56 UTC 
Version:
 4.6.0-0.nightly-2021-02-26-224651

1. Create a custom role
2. Then assign the role to the user.
3. Now try to scale the pods through webconsole, on DC Details page, we can see scale up/down arrow in pod donut, `Edit Pod count` kebab is also available 
4. try to scale the pods through CLI, it works well
Comment 6 errata-xmlrpc 2021-03-09 20:16:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.20 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0674