+++ This bug was initially created as a clone of Bug #1775672 +++ Description of problem: When using a non-kubeadmin user, there was a need to have the Pipelines Operator installed. Navigating to the OperatorHub and finding the Operator was not an issue. However, when attempting to subscribe, I hit a 403 Forbidden error but nothing was rendered in the UI. Version-Release number of selected component (if applicable): 4.3.0-0.ci-2019-11-21-103638 How reproducible: 100% Steps to Reproduce: 1. Log in as a user without permissions to create an Operator subscription but has view access (see additional info for the script I used to create the user) 2. Navigate to the OperatorHub 3. Search for OpenShift Pipelines Operator 4. Click on the card and hit the Install button 5. Once the "Create Operator Subscription" page loads click the Subscribe button Actual results: Nothing happens, error in the console (attached) Expected results: Not to be able to get this far into the Operator Hub or to at least see an error in the UI that informs me I don't need to try to click the button again. Additional info: Script used to create the user is found here: https://github.com/redhat-developer/devconsole-operator/blob/master/hack/install_devconsole/create_user.sh --- Additional comment from Andrew Ballantyne on 2019-11-22 14:42:57 UTC --- --- Additional comment from Samuel Padgett on 2019-11-22 17:25:09 UTC --- Making this high severity since we're suppressing any error creating the subscription.
1. Grant user cluster-reader role $ oc adm policy add-cluster-role-to-user cluster-reader yapei1 clusterrole.rbac.authorization.k8s.io/cluster-reader added: "yapei1" 2. Try to subscribe an operator via Operators -> Operator Hub -> Install -> Subscribe, error message will be shown on page An error occurred subscriptions.operators.coreos.com is forbidden: User "yapei1" cannot create resource "subscriptions" in API group "operators.coreos.com" in the namespace "openshift-operators" Verified on 4.3.0-0.nightly-2019-11-26-171052
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062