Bug 1417981 - user can lose access to project but project still in users quota
Summary: user can lose access to project but project still in users quota
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: RFE
Version: 3.x
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Abhishek Gupta
QA Contact:
URL:
Whiteboard: online_3.4.1
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-31 14:28 UTC by Aleksandar Kostadinov
Modified: 2018-03-22 23:25 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-03-22 23:25:46 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Aleksandar Kostadinov 2017-01-31 14:28:50 UTC
Description of problem:
User can remove himself as project admin and lose ability to access or delete the project. In online environment this would prevent creating a new project as well.

Version-Release number of selected component (if applicable):
3.4.1.2

How reproducible:
always

Steps to Reproduce:
1. create project
2. in console open project, Resources->Membership->Users
3. remove admin role from self

Actual results:
role removed
browser shows just white screen

Expected results:
User is prevented from deleting his role unless there is already another admin for the project.

Alternatively there should be a mechanism for user to reclaim project admin provided project counts toward user's quota.

Or some other user-friendly solution.

Comment 3 Xiaoli Tian 2017-06-15 07:09:45 UTC
OpenShift Online Preview has been decommissioned, go to https://manage.openshift.com/ for using OpenShift Online starter cluster

Comment 4 Aleksandar Kostadinov 2017-06-15 08:10:45 UTC
This issue is not cluster installation specific. Just on online. I can't test the Online Starter cluster right now. When I have access I will. I'd reopen this issue until then.

Comment 6 Abhishek Gupta 2017-12-05 21:18:23 UTC
This is perhaps more of an RFE.

Comment 7 Simo Sorce 2017-12-15 14:41:13 UTC
I do not see how this is an auth bug in any way. The system works as designed, I moved the component to RFE where it can be evaluated and eventually assigned or closed. It sounds more of an operational problem to me, than somethign we can implement/resolve via a generic mechanism though.

Comment 8 Aleksandar Kostadinov 2017-12-15 17:29:14 UTC
Given user is on the hook for the bills, then being unable to restore your access to the resources would definitely be a bug, at least UX problem.

Can we somehow disallow removing the owner from the admin list? Or at the very least we need to document how access can be restored (e.g. contact support@...).

Comment 9 Xingxing Xia 2018-01-10 10:16:39 UTC
(In reply to Simo Sorce from comment #7)
> me, than somethign we can implement/resolve via a generic mechanism though.
(In reply to Aleksandar Kostadinov from comment #8)
> Given user is on the hook for the bills, then being unable to restore your
> access to the resources would definitely be a bug, at least UX problem.
Hope at least Online Starter can have mechanism like https://bugzilla.redhat.com/show_bug.cgi?id=1424598#c2 . Thank you!
Currently Online Starter e.g. free-int, does not have that mechanism, as QE met in https://github.com/openshift/cucushift/pull/5824#issue-287360347

Comment 10 Abhishek Gupta 2018-03-22 23:25:46 UTC
Created a card to address this: https://trello.com/c/QbxeBtzk


Note You need to log in before you can comment on or make changes to this bug.