Bug 2223776
| Summary: | global permission found for cluster-network-addons-operator in cnv csv.spec.install.spec.clusterPermissions | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Container Native Virtualization (CNV) | Reporter: | Debarati Basu-Nag <dbasunag> | ||||
| Component: | Networking | Assignee: | Petr Horáček <phoracek> | ||||
| Status: | VERIFIED --- | QA Contact: | Debarati Basu-Nag <dbasunag> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 4.14.0 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | 4.14.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | v4.14.0.rhel9-1490 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | Type: | Bug | |||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
https://github.com/kubevirt/cluster-network-addons-operator/pull/1587 should allow us to disable these excessive rules. This will require a follow-up downstream HCO patch setting a new flag on the manifest templator of CNAO. Code on CNAO U/S and M/S has been merged. The last step is to update https://gitlab.cee.redhat.com/cpaas-midstream/openshift-virtualization/hco-bundle-registry/-/blob/cnv-4.14-rhel-9/distgit/containers/hco-bundle-registry/cnv-operators-csv-generator.py#L332-389 Verified against CNV-v4.14.0.rhel9-1491. The original issue reported has been fixed. |
Created attachment 1976390 [details] cnao rules Description of problem: With CNV-v4.14.0.rhel9-1274, for cluster-network-addons-operator we are seeing global permission set for one rule. Version-Release number of selected component (if applicable): CNV-v4.14.0.rhel9-1274 How reproducible: 100% Steps to Reproduce: 1. Check csv.spec.install.spec.clusterPermissions for cluster-network-addons-operator 2. 3. Actual results: { "apiGroups": [ "k8s.cni.cncf.io" ], "resources": [ "*" ], "verbs": [ "*" ] }, Expected results: No global permission rule for cluster-network-addons-operator Additional info: