Bug 2217956
| Summary: | volumeclonesources.cdi.kubevirt.io, volumeimportsources.cdi.kubevirt.io and volumeuploadsources.cdi.kubevirt.io are not part of system:cluster-readers | ||
|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Debarati Basu-Nag <dbasunag> |
| Component: | Storage | Assignee: | Álvaro Romero <alromero> |
| Status: | VERIFIED --- | QA Contact: | Debarati Basu-Nag <dbasunag> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.14.0 | CC: | alitke, awels, jpeimer, yadu |
| Target Milestone: | --- | ||
| Target Release: | 4.14.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Debarati, is it affecting the functionality ? Alvaro, could you please take a look? (In reply to Yan Du from comment #1) > Debarati, is it affecting the functionality ? > > Alvaro, could you please take a look? Sure! Merged starting from CNV v4.14.0.rhel9-1245 Verified with CNV-v4.14.0.rhel9-1491 |
Description of problem: The following crds are missing system:cluster-readers role: volumeclonesources.cdi.kubevirt.io volumeimportsources.cdi.kubevirt.io volumeuploadsources.cdi.kubevirt.io Version-Release number of selected component (if applicable): 4.14.0 How reproducible: 100% Steps to Reproduce: 1. oc adm policy who-can get <crd_name> 2. 3. Actual results: [cloud-user@ocp-ipi-executor-xl ~]$ oc adm policy who-can get volumeuploadsources.cdi.kubevirt.io resourceaccessreviewresponse.authorization.openshift.io/<unknown> Namespace: default Verb: get Resource: volumeuploadsources.cdi.kubevirt.io Users: system:admin system:serviceaccount:kube-system:generic-garbage-collector system:serviceaccount:kube-system:namespace-controller system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator system:serviceaccount:openshift-apiserver:openshift-apiserver-sa system:serviceaccount:openshift-authentication-operator:authentication-operator system:serviceaccount:openshift-authentication:oauth-openshift system:serviceaccount:openshift-cluster-storage-operator:cluster-storage-operator system:serviceaccount:openshift-cluster-version:default system:serviceaccount:openshift-cnv:cdi-operator system:serviceaccount:openshift-cnv:cdi-sa system:serviceaccount:openshift-cnv:kubevirt-controller system:serviceaccount:openshift-cnv:kubevirt-operator system:serviceaccount:openshift-config-operator:openshift-config-operator system:serviceaccount:openshift-controller-manager-operator:openshift-controller-manager-operator system:serviceaccount:openshift-controller-manager:openshift-controller-manager-sa system:serviceaccount:openshift-etcd-operator:etcd-operator system:serviceaccount:openshift-etcd:installer-sa system:serviceaccount:openshift-kube-apiserver-operator:kube-apiserver-operator system:serviceaccount:openshift-kube-apiserver:installer-sa system:serviceaccount:openshift-kube-apiserver:localhost-recovery-client system:serviceaccount:openshift-kube-controller-manager-operator:kube-controller-manager-operator system:serviceaccount:openshift-kube-controller-manager:installer-sa system:serviceaccount:openshift-kube-controller-manager:localhost-recovery-client system:serviceaccount:openshift-kube-scheduler-operator:openshift-kube-scheduler-operator system:serviceaccount:openshift-kube-scheduler:installer-sa system:serviceaccount:openshift-kube-scheduler:localhost-recovery-client system:serviceaccount:openshift-kube-storage-version-migrator-operator:kube-storage-version-migrator-operator system:serviceaccount:openshift-kube-storage-version-migrator:kube-storage-version-migrator-sa system:serviceaccount:openshift-machine-config-operator:default system:serviceaccount:openshift-network-operator:default system:serviceaccount:openshift-oauth-apiserver:oauth-apiserver-sa system:serviceaccount:openshift-operator-lifecycle-manager:olm-operator-serviceaccount system:serviceaccount:openshift-service-ca-operator:service-ca-operator system:serviceaccount:recycle-pvs:recycle-pvs-sa Groups: system:cluster-admins system:masters [cloud-user@ocp-ipi-executor-xl ~]$ [cloud-user@ocp-ipi-executor-xl ~]$ oc adm policy who-can get volumeimportsources.cdi.kubevirt.io resourceaccessreviewresponse.authorization.openshift.io/<unknown> Namespace: default Verb: get Resource: volumeimportsources.cdi.kubevirt.io Users: system:admin system:serviceaccount:kube-system:generic-garbage-collector system:serviceaccount:kube-system:namespace-controller system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator system:serviceaccount:openshift-apiserver:openshift-apiserver-sa system:serviceaccount:openshift-authentication-operator:authentication-operator system:serviceaccount:openshift-authentication:oauth-openshift system:serviceaccount:openshift-cluster-storage-operator:cluster-storage-operator system:serviceaccount:openshift-cluster-version:default system:serviceaccount:openshift-cnv:cdi-operator system:serviceaccount:openshift-cnv:cdi-sa system:serviceaccount:openshift-cnv:kubevirt-controller system:serviceaccount:openshift-cnv:kubevirt-operator system:serviceaccount:openshift-config-operator:openshift-config-operator system:serviceaccount:openshift-controller-manager-operator:openshift-controller-manager-operator system:serviceaccount:openshift-controller-manager:openshift-controller-manager-sa system:serviceaccount:openshift-etcd-operator:etcd-operator system:serviceaccount:openshift-etcd:installer-sa system:serviceaccount:openshift-kube-apiserver-operator:kube-apiserver-operator system:serviceaccount:openshift-kube-apiserver:installer-sa system:serviceaccount:openshift-kube-apiserver:localhost-recovery-client system:serviceaccount:openshift-kube-controller-manager-operator:kube-controller-manager-operator system:serviceaccount:openshift-kube-controller-manager:installer-sa system:serviceaccount:openshift-kube-controller-manager:localhost-recovery-client system:serviceaccount:openshift-kube-scheduler-operator:openshift-kube-scheduler-operator system:serviceaccount:openshift-kube-scheduler:installer-sa system:serviceaccount:openshift-kube-scheduler:localhost-recovery-client system:serviceaccount:openshift-kube-storage-version-migrator-operator:kube-storage-version-migrator-operator system:serviceaccount:openshift-kube-storage-version-migrator:kube-storage-version-migrator-sa system:serviceaccount:openshift-machine-config-operator:default system:serviceaccount:openshift-network-operator:default system:serviceaccount:openshift-oauth-apiserver:oauth-apiserver-sa system:serviceaccount:openshift-operator-lifecycle-manager:olm-operator-serviceaccount system:serviceaccount:openshift-service-ca-operator:service-ca-operator system:serviceaccount:recycle-pvs:recycle-pvs-sa Groups: system:cluster-admins system:masters [cloud-user@ocp-ipi-executor-xl ~]$ [cloud-user@ocp-ipi-executor-xl ~]$ oc adm policy who-can get volumeclonesources.cdi.kubevirt.io resourceaccessreviewresponse.authorization.openshift.io/<unknown> Namespace: default Verb: get Resource: volumeclonesources.cdi.kubevirt.io Users: system:admin system:serviceaccount:kube-system:generic-garbage-collector system:serviceaccount:kube-system:namespace-controller system:serviceaccount:openshift-apiserver-operator:openshift-apiserver-operator system:serviceaccount:openshift-apiserver:openshift-apiserver-sa system:serviceaccount:openshift-authentication-operator:authentication-operator system:serviceaccount:openshift-authentication:oauth-openshift system:serviceaccount:openshift-cluster-storage-operator:cluster-storage-operator system:serviceaccount:openshift-cluster-version:default system:serviceaccount:openshift-cnv:cdi-operator system:serviceaccount:openshift-cnv:cdi-sa system:serviceaccount:openshift-cnv:kubevirt-controller system:serviceaccount:openshift-cnv:kubevirt-operator system:serviceaccount:openshift-config-operator:openshift-config-operator system:serviceaccount:openshift-controller-manager-operator:openshift-controller-manager-operator system:serviceaccount:openshift-controller-manager:openshift-controller-manager-sa system:serviceaccount:openshift-etcd-operator:etcd-operator system:serviceaccount:openshift-etcd:installer-sa system:serviceaccount:openshift-kube-apiserver-operator:kube-apiserver-operator system:serviceaccount:openshift-kube-apiserver:installer-sa system:serviceaccount:openshift-kube-apiserver:localhost-recovery-client system:serviceaccount:openshift-kube-controller-manager-operator:kube-controller-manager-operator system:serviceaccount:openshift-kube-controller-manager:installer-sa system:serviceaccount:openshift-kube-controller-manager:localhost-recovery-client system:serviceaccount:openshift-kube-scheduler-operator:openshift-kube-scheduler-operator system:serviceaccount:openshift-kube-scheduler:installer-sa system:serviceaccount:openshift-kube-scheduler:localhost-recovery-client system:serviceaccount:openshift-kube-storage-version-migrator-operator:kube-storage-version-migrator-operator system:serviceaccount:openshift-kube-storage-version-migrator:kube-storage-version-migrator-sa system:serviceaccount:openshift-machine-config-operator:default system:serviceaccount:openshift-network-operator:default system:serviceaccount:openshift-oauth-apiserver:oauth-apiserver-sa system:serviceaccount:openshift-operator-lifecycle-manager:olm-operator-serviceaccount system:serviceaccount:openshift-service-ca-operator:service-ca-operator system:serviceaccount:recycle-pvs:recycle-pvs-sa Groups: system:cluster-admins system:masters [cloud-user@ocp-ipi-executor-xl ~]$ Expected results: The command output should list system:cluster-readers group Additional info: