Created attachment 1298231 [details] failed-nodejs.png Description of problem: After enable service-catalog and login as normal user, then create language app in catalog console, get some error "error Failed to list instances/servicecatalog.k8s.io/v1alpha1 (403)" cluster-admin user does not have problem. Version-Release number of selected component (if applicable): openshift v3.6.143 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 How reproducible: Always Steps to Reproduce: 1. Login catalog console 2. Click "JAVEScrpit" -> "Node.js" 3. Input the info that need to create app Actual results: 3. "create" button is disabled and there pop an error dialog with "error Failed to list instances/servicecatalog.k8s.io/v1alpha1 (403) " Expected results: 3. Should create app success Additional info:
There are two different problems here, the first is that the roles are not correct for end users for service catalog resources. End users should not get a 403 requesting instances. If this was set up using the ansible installer then the installer is not setting up the roles correctly for project admins/editors/viewers. The second problem is a question of whether we should prevent you from creating your application if we fail to request instances.
If this system was set up with the ansible installer please open a bug against the installer component for the first problem.
(In reply to Jessica Forrester from comment #2) > If this system was set up with the ansible installer please open a bug > against the installer component for the first problem. Yes, I setup the env by openshift-ansible, For the first 403 issue, the bug is https://bugzilla.redhat.com/show_bug.cgi?id=1471013 One thing I don't understand is if I select a language app(not serviceclass), why need access instance.servicecatalog.k8s.io ? Maybe my understand is wrong. thanks
Because the second step in the wizard lets the user bind to existing provisioned services in the project that they just created their application in. So when the project selection is changed, we then fetch the instances for that project to know whether to show the Bindings step in the wizard.
https://github.com/openshift/origin-web-console/pull/1852
(In reply to Samuel Padgett from comment #5) > https://github.com/openshift/origin-web-console/pull/1852 The upstream origin-web-catalog change contained in this console PR is https://github.com/openshift/origin-web-catalog/pull/364
Verify on openshift v3.6.153 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 Now can create app successfully
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716