Bug 1812506 - RBAC check incorrect for Home -> Overview nav item
Summary: RBAC check incorrect for Home -> Overview nav item
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.4.0
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On: 1811757
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-11 13:14 UTC by Samuel Padgett
Modified: 2020-05-04 11:46 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Previously, the Home -> Overview nav item would be hidden from users who could not list namespaces, but otherwise had authority to see metrics. The nav item now appears for all users who have authority to see cluster metrics.
Clone Of: 1811757
Environment:
Version: 4.4.0-0.ci-2020-03-09-103610 Cluster ID: 409bf8c6-8338-44de-92aa-694c2b61aa26 Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0
Last Closed: 2020-05-04 11:45:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 4709 0 None closed [release-4.4] Bug 1812506: Fix access review for Home -> Overview page 2020-04-17 18:03:41 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:46:15 UTC

Comment 3 XiaochuanWang 2020-03-16 02:44:29 UTC 
Now this request is as expect:

POST request "api/kubernetes/apis/authorization.k8s.io/v1/selfsubjectaccessreviews" with payload {"spec":{"resourceAttributes":{"resource":"namespaces","verb":"get"}},"metadata":{}}

Could "get" namespaces from server.

Verified on 4.4.0-0.nightly-2020-03-15-215151
Comment 4 XiaochuanWang 2020-03-16 02:47:31 UTC 
Response:

{
  "kind": "SelfSubjectAccessReview",
  "apiVersion": "authorization.k8s.io/v1",
  "metadata": {
    "creationTimestamp": null
  },
  "spec": {
    "resourceAttributes": {
      "verb": "get",
      "resource": "namespaces"
    }
  },
  "status": {
    "allowed": true,
    "reason": "RBAC: allowed by ClusterRoleBinding \"cluster-admins\" of ClusterRole \"cluster-admin\" to Group \"system:cluster-admins\""
  }
}
Comment 6 errata-xmlrpc 2020-05-04 11:45:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581
Note You need to log in before you can comment on or make changes to this bug.