Bug 1990055

Summary: NooBaa UI access requires membership in cluster-admins group
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: swilson
Component: Multi-Cloud Object GatewayAssignee: Nimrod Becker <nbecker>
Status: CLOSED WONTFIX QA Contact: Raz Tamir <ratamir>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.7CC: etamir, ocs-bugs, odf-bz-bot
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-31 09:05:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description swilson 2021-08-04 16:17:42 UTC 
Description of problem (please be detailed as possible and provide log
snippests): Noobaa UI access requires membership in the cluster-admins group or system:cluster-admins gorup.


Version of all relevant components (if applicable): All


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)? No

Is there any workaround available to the best of your knowledge? Yes. Generate cluster-admins group and add the applicable users to that group. The user can also use the credentials from the NooBaa admin secret in the Openshift-Storage namespace. Use can also use credentials for `noobaa status` on cli.


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)? 1


Can this issue reproducible? Yes


Can this issue reproduce from the UI? Yes


If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1. Install Openshift
2. Install ODF/OCS
3. Access NooBaa UI via dashboard or route
4. Enter credentials for Oauth
5. Accept Oauth permissions request
6. Access denied shown with login box


Actual results: Access denied shown with login box


Expected results: Access granted and NooBaa UI shown


Additional info:
Comment 2 swilson 2021-08-04 16:53:01 UTC 
Link to https://github.com/noobaa/noobaa-core/blob/c238f8e4f85060a8a5ae945c9f538ad6bb2d8351/config.js where  required groups are set for NooBaa:


//////////////////////////////
// OAUTH RELATES            //
//////////////////////////////

config.OAUTH_REDIRECT_ENDPOINT = 'fe/oauth/callback';
config.OAUTH_REQUIRED_SCOPE = 'user:info';
config.OAUTH_REQUIRED_GROUPS = [
    'system:cluster-admins',
    'cluster-admins'
];
Comment 4 swilson 2021-08-10 13:00:47 UTC 
This issue is present in all 4.x versions of ODF/OCS.