Bug 2159466

Summary: [MDR RDR] Application user unable to invoke Failover and Relocate actions
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: gowtham <gshanmug>
Component: management-consoleAssignee: gowtham <gshanmug>
Status: CLOSED ERRATA QA Contact: Shrivaibavi Raghaventhiran <sraghave>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.12CC: amagrawa, ebenahar, hnallurv, muagarwa, ocs-bugs, odf-bz-bot, scorcora
Target Milestone: ---Flags: scorcora: needinfo+
Target Release: ODF 4.12.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 4.12.0-164 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2166234 (view as bug list) Environment:
Last Closed: 2023-03-08 15:31:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2166234    

Comment 12 Shrivaibavi Raghaventhiran 2023-02-22 11:53:44 UTC 
Tested version:
----------------
OCP - 4.12.0-0.nightly-2023-02-20-203301
ODF - quay.io/rhceph-dev/ocs-registry:4.12.1-16

Test steps:
-----------
# Create openshift user
1. Go to hub cluster --> User management --> User --> Add IDP
2. Create username and htpassword and add in the necessary details
3. verify "oc get user"
$ oc get user

NAME       UID                                    FULL NAME   IDENTITIES
sraghave   bdc40bf8-4d32-4579-acc7-db1c6f606569               htpasswd:sraghave

# Create clusterrolebindings
1. local cluster --> User management --> roles
2. Search for below roles one by one
   * drclusters.ramendr.openshift.io-v1alpha1-view
   * drpolicies.ramendr.openshift.io-v1alpha1-view
   * open-cluster-management:view:<cluster-1-name>
   * open-cluster-management:view:<cluster-2-name>
   * open-cluster-management:subscription-admin
3. Click roles --> search for above --> Add Rolebinding to each role mentioned above 
   * Select Cluster-wide rolebinding (Cluster-wide rolebinding is applied to all the above roles)
   * Name can be anything
   * Subject --> user
   * Subject name --> Username (openshift username that we created in step 1)
4. Create project "oc new-project test"
5. Create placementrule and drpc in the project
6. Create app via UI
7. Failover and Relocate


Validate:
----------
1. Login to hub cluster using htpasswd instead of kube:admin using username and password
2. All clusters --> Data services --> Checked for DRPolicy application page
DRpolicy was shown, but we cannot edit/delete drpolicy
3. Validate failover and relocate apps from app user

With all the above validations, Moving the BZ to verified.
Comment 18 errata-xmlrpc 2023-03-08 15:31:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:1170