Description of problem: No image streams are available from the internal registry for a normal user's namespace even if imagestreams/images already exist in the namespace Version-Release number of selected component (if applicable): How reproducible: Login with a normal user(no cluster-admin) in OCP 4.3 Steps to Reproduce: 1. Go to Dev Console > +Add > Click on "Container Image" 2. Choose Image name from internal registry 3. Choose any namespace which the login user owns and includes existing image/imagestreams Actual results: No Image streams found Expected results: The Image should be displayed Additional info: When I debug it via Chrome dev console, I can see the following error: {kind: "Status", apiVersion: "v1", metadata: {}, status: "Failure",…} kind: "Status" apiVersion: "v1" metadata: {} status: "Failure" message: "imagestreams.image.openshift.io is forbidden: User "user1" cannot list resource "imagestreams" in API group "image.openshift.io" at the cluster scope" reason: "Forbidden" details: {group: "image.openshift.io", kind: "imagestreams"} code: 403 Otherwise, I logged in cluster-admin credentials, the images are displayed.
I have validated this bug on: Build: 4.3.0-0.nightly-2020-03-04-235307 Browser: Google Chrome Version 78.0.3904.108 Marking this as verified.
Created attachment 1667693 [details] Internal registry images
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0676