Bug 2166508

Summary: Virtualization -> Overview -> Settings page is crashed when the user have no permission to list network-attachment-definitions
Product: Container Native Virtualization (CNV) Reporter: Guohua Ouyang <gouyang>
Component: User ExperienceAssignee: Dana Orr <dorr>
Status: CLOSED ERRATA QA Contact: Guohua Ouyang <gouyang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.12.0CC: fdeutsch, gouyang, ycui
Target Milestone: ---   
Target Release: 4.13.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-18 02:57:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2172044    
Attachments:
Description Flags
setting page crashed none

Description Guohua Ouyang 2023-02-02 03:23:13 UTC 
Created attachment 1941707 [details]
setting page crashed

Description of problem:
Virtualization -> Overview -> Settings page is crashed when the user have no permission to list network-attachment-definitions, the related OCP bug is https://issues.redhat.com/browse/OCPBUGS-6959.

Even with the OCP bug, the page not crash, instead, it shows proper error while editing "Live migration network".

Version-Release number of selected component (if applicable):
v4.12.0

How reproducible:
100%

Steps to Reproduce:
1. create a regular user 'test', reference for creating the 'test' user: https://github.com/openshift/console/blob/master/test-prow-e2e.sh#L52

2. assign cluster-reader role to this user: 
$ oc adm policy add-cluster-role-to-user cluster-reader test 

3. try to list some resources:
$ oc get pod --all-namespaces | head -n 2
NAMESPACE                                          NAME                                                              READY   STATUS                  RESTARTS           AGE
alitke                                             virt-launcher-fedora-blue-shark-45r8s                             0/1     Completed               0                  6d11h
$ oc get vm --all-namespaces | head -n 2                                                                             
NAMESPACE                NAME                                  AGE     STATUS               READY
alitke                   fedora-blue-shark                     97d     Running              True
$ oc get network-attachment-definitions --all-namespaces
Error from server (Forbidden): network-attachment-definitions.k8s.cni.cncf.io is forbidden: User "test" cannot list resource "network-attachment-definitions" in API group "k8s.cni.cncf.io" at the cluster scope 

4. login the web console with this user, navigate to Virtualization -> Overview -> Settings page 

Actual results:
the page is crashed

Expected results:
the page is not crashed, and it shows a proper error while editing the "Live migration network".

Additional info:
Comment 2 errata-xmlrpc 2023-05-18 02:57:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:3205