Bug 1949935

Summary: Fix incorrect access review check on start pipeline kebab action
Product: OpenShift Container Platform Reporter: Karthik Jeeyar <kjeeyar>
Component: Dev ConsoleAssignee: Karthik Jeeyar <kjeeyar>
Status: CLOSED ERRATA QA Contact: spathak <spathak>
Severity: high Docs Contact:
Priority: high    
Version: 4.7CC: aos-bugs, nmukherj, spathak
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 23:00:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1950214    
Attachments:
Description Flags
The incorrect access review check on start pipeline kebab action is fixed-1
none
The incorrect access review check on start pipeline kebab action is fixed-2 none

Description Karthik Jeeyar 2021-04-15 12:31:25 UTC 
Description of problem:

Start pipeline kebab action is disabled even if the developer user has create permissions on PipelineRun resource. Access review check should be on pipelineRun instead of pipeline resource.

Customer wants to prevents non-technical users from modifying or creating pipelines but still allow then to start the existing pipelines. They have created a role that gives "view" access to "Pipeline" resources and "create" access to "PipelineRun" and "TaskRuns". 


Version-Release number of selected component (if applicable):
4.6

How reproducible:
Always

Steps to Reproduce:
1.Create a role with "view" access on "Pipeline" and "create" access on "PipelineRun" and "TaskRun"
2. Login as a user that has the above role
3. Go to a namespace with an exist pipeline and click on the Pipelines in the nav
4. Click on the kebab menu of the existing pipeline

Actual results:
"Start" is disabled while "Start Last Run" is enabled. The rest of actions are disabled.



Expected results:

"Start" and "Start Last Run" are enabled while the rest of actions are disabled.



Additional info:
Comment 2 spathak@redhat.com 2021-04-16 09:16:29 UTC 
Created attachment 1772386 [details]
The incorrect access review check on start pipeline kebab action is fixed-1
Comment 3 spathak@redhat.com 2021-04-16 09:17:12 UTC 
Created attachment 1772387 [details]
The incorrect access review check on start pipeline kebab action is fixed-2
Comment 4 spathak@redhat.com 2021-04-16 09:17:50 UTC 
Verified on build version: 4.8.0-0.nightly-2021-04-16-032542
Browser version: Chrome 89
Comment 7 errata-xmlrpc 2021-07-27 23:00:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438