Bug 1932444

Summary: [RFE] Required to create a cluster-admins group
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: Jon <jharding>
Component: Multi-Cloud Object GatewayAssignee: Nimrod Becker <nbecker>
Status: CLOSED WONTFIX QA Contact: Raz Tamir <ratamir>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.6CC: ebrizuel, etamir, hnallurv, jefbrown, madam, muagarwa, ocs-bugs
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1938356 (view as bug list) Environment:
Last Closed: 2021-04-05 12:19:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1938356    

Description Jon 2021-02-24 15:55:19 UTC 
Allowing user access to the Multicloud Object Gateway Console
requires a group  "cluster-admins" be created and have cluster-admin role bound it it.

Version of all relevant components 
4.6.z


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)? No


Is there any workaround available to the best of your knowledge?
Yes create the group and come up with a method to sycn the group with LDAP required admins

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?


Can this issue reproducible? Yes


Can this issue reproduce from the UI?
yes 

If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1.Install OCS
2.Access Multicloud Object Gateway Console ( with a user which has cluster-admin role)
3. 

Actual results:
access denied


Expected results:
Access granted

Additional info:
To create a separate group that will contain the same users and the LDAP group of an internal IT Admins group and keeping both synced is redundant work and can be problematic for some security groups wanting to know why you have to have 2 groups with the cluster-admin role when the IT Admins group has "cluster-admin" role bound to it, that is all that should need to be done to interact with that console.
Comment 3 Nimrod Becker 2021-03-14 13:11:59 UTC 
*** Bug 1938356 has been marked as a duplicate of this bug. ***
Comment 5 Nimrod Becker 2021-03-15 17:30:02 UTC 
*** Bug 1938356 has been marked as a duplicate of this bug. ***