Created attachment 1622598 [details] Showing restricted access on console workloads Description of problem: Non project admin uer i.e normal httpd user won't be able to view workloads under console when knative serverless tech preview 1 operator is installed. Sidebar resources list resources as per kknative resource. Even though the deployment selected in the workloads view is not a knative workload, the sidebar is showing the resource list for knative resources. Version-Release number of selected component (if applicable):4.2 How reproducible: 1. Install knative serverless TP1 operator (1.0.0), follow https://docs.openshift.com/container-platform/4.1/serverless/installing-openshift-serverless.html 1. create a non-admin user i.e normal httpd user 2. This can be observed by going to the openshift-console project -> workloads tab Steps to Reproduce: 1. Create a non admin user i.e normal httpd user 2. This can be observed by going to the openshift-console project -> workloads tab 3. If logged in as "kubeadmin" can see deployments and Then click on the first deployment. Actual results: 1. Workloads will show restricted access if logged in via non-admin user. 2. Selection of deployments on workloads will show incorrect resources if logged in with kubeadmin Expected results: 1. Workloads should list deploymets if logged in via non-admin user. 2. Selection of deployments on workloads will show correct resources if logged in with kubeadmin Additional info:
Setting the target release to 4.3.0, since we try to fix things in master first and 4.3 is where master is currently pointing. Once this gets addressed there it can be cloned back to 4.2.z if that seems appropriate.
I've verified the following scenario: 1. I installed knative tp1 and logged in as a non-admin 2. I went openshift-console project -> workloads tab 3. I was able to see deployments and in the deployments able to see routes also.
Reassigning to Sanket Pathak for verification.
Ressigning to Jaivardhan Kumar for access to the docs field.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062