Bug 1760044 - Console workload show restricted acccess if knative serverless TP1 operator is installed and logged in as non admin
Summary: Console workload show restricted acccess if knative serverless TP1 operator i...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.2.0
Hardware: All
OS: All
unspecified
high
Target Milestone: ---
: 4.2.z
Assignee: cvogt
QA Contact: Ruchir Garg
URL:
Whiteboard:
Depends On: 1758628
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-09 17:08 UTC by Jaivardhan Kumar
Modified: 2019-11-13 18:56 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1758628
Environment:
Last Closed: 2019-11-13 18:55:51 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift console pull 2960 'None' closed [release-4.2] Bug 1760044: Console workload show restricted acccess if knative serverless TP1 operator is installed and ... 2020-02-12 21:39:44 UTC
Red Hat Bugzilla 1758628 'unspecified' 'VERIFIED' 'Console workload show restricted acccess if knative serverless TP1 operator is installed and logged in as non admin' 2019-11-19 15:43:36 UTC
Red Hat Product Errata RHBA-2019:3303 None None None 2019-11-13 18:56:02 UTC

Description Jaivardhan Kumar 2019-10-09 17:08:45 UTC
+++ This bug was initially created as a clone of Bug #1758628 +++

Description of problem:
Non project admin uer i.e normal httpd user won't be able to view workloads under console when knative serverless tech preview 1 operator is installed. Sidebar resources list resources as per kknative resource. Even though the deployment selected in the workloads view is not a knative workload, the sidebar is showing the resource list for knative resources.

Version-Release number of selected component (if applicable):4.2


How reproducible:
1. Install knative serverless TP1 operator (1.0.0), follow https://docs.openshift.com/container-platform/4.1/serverless/installing-openshift-serverless.html
1. create a non-admin user i.e normal httpd user
2. This can be observed by going to the openshift-console project -> workloads tab


Steps to Reproduce:
1. Create a non admin user i.e normal httpd user
2. This can be observed by going to the openshift-console project -> workloads tab
3. If logged in as "kubeadmin" can see deployments and Then click on the first deployment.

Actual results:
1. Workloads will show restricted access if logged in via non-admin user.
2. Selection of deployments on workloads will show incorrect resources if logged in with kubeadmin 

Expected results:
1. Workloads should list deploymets if logged in via non-admin user.
2. Selection of deployments on workloads will show correct resources if logged in with kubeadmin 


Additional info:

--- Additional comment from W. Trevor King on 2019-10-04 20:33:56 UTC ---

Setting the target release to 4.3.0, since we try to fix things in master first and 4.3 is where master is currently pointing.  Once this gets addressed there it can be cloned back to 4.2.z if that seems appropriate.

--- Additional comment from spathak@redhat.com on 2019-10-09 14:07:51 UTC ---

I've verified the following scenario:
1. I installed knative tp1 and logged in as a non-admin 
2. I went openshift-console project -> workloads tab
3. I was able to see deployments and in the deployments able to see routes also.

--- Additional comment from Ruchir Garg on 2019-10-09 14:40:15 UTC ---

Reassigning to Sanket Pathak for verification.

--- Additional comment from Ruchir Garg on 2019-10-09 14:57:28 UTC ---

Ressigning to Jaivardhan Kumar for access to the docs field.

Comment 8 errata-xmlrpc 2019-11-13 18:55:51 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3303


Note You need to log in before you can comment on or make changes to this bug.