1796414 – cluster-reader is unable to view operatorhubs

Bug 1796414 - cluster-reader is unable to view operatorhubs

Summary: cluster-reader is unable to view operatorhubs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	OLM
Sub Component:
Version:	4.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	4.4.0
Assignee:	Evan Cordell
QA Contact:	Salvatore Colangelo
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-30 11:37 UTC by Stefan Schimanski
Modified:	2020-05-13 21:55 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-05-13 21:55:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	operator-framework operator-marketplace pull 279	None	closed	Bug 1796414: Add cluster role with aggregation for reading operatorhub config	2020-04-28 09:24:47 UTC
Red Hat Bugzilla	1785448	unspecified	CLOSED	cluster-reader is unable to view machine resources	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2020:0581	None	None	None	2020-05-13 21:55:40 UTC

Comment 2 Salvatore Colangelo 2020-02-12 15:02:44 UTC

HI  

  below the step 

1. [scolange@scolange .kube]$ oc adm policy add-cluster-role-to-user cluster-reader testuser-0 --as system:admin
clusterrole.rbac.authorization.k8s.io/cluster-reader added: "testuser-0"

2. [scolange@scolange .kube]$ oc get operatorhubs --all-namespaces
NAME      AGE
cluster   66m

3. [scolange@scolange .kube]$ oc get machineautoscalers --all-namespaces
No resources found

4. [scolange@scolange .kube]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.4.0-0.nightly-2020-02-11-035407   True        False         31m     Cluster version is 4.4.0-0.nightly-2020-02-11-035407

Comment 3 Salvatore Colangelo 2020-02-13 16:38:26 UTC

Hi
 I check in another cluster and i have the error again :

step :

1. log as testuser-1

[scolange@scolange ~]$ oc login 
Authentication required for https://api.rbrattai-ovn44.qe.devcluster.openshift.com:6443 (openshift)
Username: testuser-1
Password: 
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>


2. get info not admin user 

[scolange@scolange ~]$ oc get operatorhubs.config.openshift.io
Error from server (Forbidden): operatorhubs.config.openshift.io is forbidden: User "testuser-1" cannot list resource "operatorhubs" in API group "config.openshift.io" at the cluster scope
[scolange@scolange ~]$ oc get machineautoscalers --all-namespaces
Error from server (Forbidden): machineautoscalers.autoscaling.openshift.io is forbidden: User "testuser-1" cannot list resource "machineautoscalers" in API group "autoscaling.openshift.io" at the cluster scope

3. login as admin

[scolange@scolange ~]$ oc login
Authentication required for https://api.rbrattai-ovn44.qe.devcluster.openshift.com:6443 (openshift)
Username: kubeadmin
Password: 
Login successful.

You have access to 59 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

4. give the admin privilege

[scolange@scolange ~]$ oc adm policy add-cluster-role-to-user cluster-reader testuser-1 --as system:admin
clusterrole.rbac.authorization.k8s.io/cluster-reader added: "testuser-1"

5. login as testuser-1 again

[scolange@scolange ~]$ oc login
Authentication required for https://api.rbrattai-ovn44.qe.devcluster.openshift.com:6443 (openshift)
Username: testuser-1
Password: 
Login successful.

You have access to 59 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".


6. get info 
[scolange@scolange ~]$ oc get operatorhubs.config.openshift.io
NAME      AGE
cluster   100m

[scolange@scolange ~]$ oc get machineautoscalers --all-namespaces
Error from server (Forbidden): machineautoscalers.autoscaling.openshift.io is forbidden: User "testuser-1" cannot list resource "machineautoscalers" in API group "autoscaling.openshift.io" at the cluster scope





[scolange@scolange ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.4.0-0.nightly-2020-02-13-103342   True        False         78m     Cluster version is 4.4.0-0.nightly-2020-02-13-103342

Comment 4 Evan Cordell 2020-02-19 13:08:02 UTC

We fixed the issue for the component that we own (in this case, the operatorhub api), which in your report works fine.

There is another bug tracking the machineautoscalers issue: https://bugzilla.redhat.com/show_bug.cgi?id=1796412 that is correctly not fixed.

Given that this just seems like a small mix up in where we're tracking things, I will go ahead and return this to Verified, and please correct me if that's not the right move to make.

Comment 6 errata-xmlrpc 2020-05-13 21:55:39 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581

Note You need to log in before you can comment on or make changes to this bug.