Bug 2072014

Summary: non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume"
Product: Container Native Virtualization (CNV) Reporter: Alexander Wels <awels>
Component: StorageAssignee: Alexander Wels <awels>
Status: CLOSED ERRATA QA Contact: Yan Du <yadu>
Severity: urgent Docs Contact:
Priority: high    
Version: 4.9.3CC: alitke, aos-bugs, cnv-qe-bugs, ctomasko, danken, gouyang, mrashish, ngavrilo, opayne, scuppett, sgott, yadu, ymotiyel, yzamir
Target Milestone: ---   
Target Release: 4.9.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: release note
Fixed In Version: CNV v4.9.4-72 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2056421 Environment:
Last Closed: 2022-06-28 16:30:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2056421    
Bug Blocks:    

Description Alexander Wels 2022-04-05 12:20:14 UTC 
+++ This bug was initially created as a clone of Bug #2056421 +++

Description of problem:
Login with a non-privileged user, create a VM, and try to add a disk, an error shows:
user "test" cannot update resource "virtualmachines/addvolume" in API group "subresources.kubevirt.io" in the namespace "test"

Version-Release number of selected component (if applicable):
4.9.x

How reproducible:


Steps to Reproduce:
1. Login with a non-privileged user
2. Create a VM and adding disk to the vm
3.

Actual results:
error shows while adding disk

Expected results:
disk is added properly
Comment 1 Yan Du 2022-04-15 07:52:42 UTC 
Test on OCP-4.9.29 , CNV-v4.9.4-58, issue still can be reproduced.

$ virtctl version
Client Version: version.Info{GitVersion:"v0.44.3-64-gba04a33c3", GitCommit:"ba04a33c3ee7ace1769bbb9abcb43d18e6142347", GitTreeState:"clean", BuildDate:"2022-04-06T21:29:07Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{GitVersion:"v0.44.3-64-gba04a33c3", GitCommit:"ba04a33c3ee7ace1769bbb9abcb43d18e6142347", GitTreeState:"clean", BuildDate:"2022-04-06T22:39:00Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

$ virtctl addvolume fedora-1619697674-6212 --volume-name=blank-dv --persist
error adding volume, virtualmachines.subresources.kubevirt.io "fedora-1619697674-6212" is forbidden: User "test" cannot update resource "virtualmachines/addvolume" in API group "subresources.kubevirt.io" in the namespace "test"
Comment 3 Yan Du 2022-05-06 08:09:33 UTC 
Test on CNV-v4.9.5-4, bug has been fixed.
Comment 9 errata-xmlrpc 2022-06-28 16:30:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.9.5 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:5389