Description of problem: When user view Deployments -> Pods tab, Deployment Config -> Pods tab, Replica Set -> Pods tab, Replication Controllers -> Pods tab, console will report permission error is reported. GET request should have namespace field added Version-Release number of selected component (if applicable): 4.4.0-0.nightly-2020-01-12-221811 How reproducible: Always Steps to Reproduce: 1. normal user create project and create Deployment, Deployment Config 2. When pods are created, user check pods on Deployment -> Pods, Deployment Config -> Pods, Replication Controllers -> Pods, Replica Sets -> Pods Actual results: 2. normal user can't see pods on pods tab of Deployment & Deployment Config & Replica Sets & Replication Controller, it reports permission error Error details pods is forbidden: User "ui1" cannot list resource "pods" in API group "" at the cluster scope. GET request is https://<console_route>/api/kubernetes/api/v1/pods?limit=250&labelSelector=app%3Dperl%2Cdeployment%3Dperl-1%2Cdeploymentconfig%3Dperl Expected results: 2. user has permission to view pods on Pods tab of above resources for owned project, GET request should have namespace added https://<console_route>/api/kubernetes/api/v1/namespaces/ui1-project1/pods?limit=250&labelSelector=app%3Dperl%2Cdeployment%3Dperl-1%2Cdeploymentconfig%3Dperl Additional info:
This only happens for normal user, not cluster-admin user
Hi, Using a 4.4 cluster and latest console code. I created a test user: "oc apply -f ./frontend/integration-tests/data/htpasswd-secret.yaml && oc patch oauths cluster --patch "$(cat ./frontend/integration-tests/data/patch-htpasswd.yaml)" --type=merge" I then logged into console UI as test user. I was able to create a project, Deployment and Deployment Config (using default yaml examples). I am able to see Pods in all the locations mentioned in this bug: http://0.0.0.0:9000/k8s/ns/myproject/deployments/example/pods http://0.0.0.0:9000/k8s/ns/myproject/replicasets/example-75778c488/pods http://0.0.0.0:9000/k8s/ns/myproject/deploymentconfigs/example/pods http://0.0.0.0:9000/k8s/ns/myproject/replicationcontrollers/example-1/pods Am I recreating this scenario correctly?
Hi David, Your steps are correct, I also tried today on 4.4.0-0.nightly-2020-02-02-201619 but seems the issue have been fixed. I'm going to verify the bug
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581