Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1836332

Summary: OLM Subscription created in openshift-logging NS fails with forbidden error creating OperatorGroup in default NS
Product: OpenShift Container Platform Reporter: Rogerio Bastos <rbastos>
Component: Management ConsoleAssignee: Robb Hamilton <rhamilto>
Status: CLOSED DUPLICATE QA Contact: Yadan Pei <yapei>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.3.zCC: aos-bugs, bpeterse, cblecker, jokerman
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-21 12:01:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Create Operator Subscription
none
openshift-logging OperatorGroup none

Description Rogerio Bastos 2020-05-15 16:06:42 UTC 
Created attachment 1689000 [details]
Create Operator Subscription

Description of problem:
As a dedicated-admin, when you try deploying an operator (Logging Operator) by doing a Create Operator Subscription into the openshift-logging NS via console, a forbidden message coming from the "default" namespace is returned 


Version-Release number of selected component (if applicable):
4.3.18

How reproducible:
Every time you use the Create Operator Subscription screen

Steps to Reproduce:
1. use the Create Operator Subscription from OperatorHub to install Loggin Operator
2. Pick the openshift-loggin NS [screenshot attached]


Actual results:
operatorgroups.operators.coreos.com is forbidden: User "nmalik" cannot create resource "operatorgroups" in API group "operators.coreos.com" in the namespace "default"

Expected results:
A subscription would be created in the openshift-logging NS

Additional info:
OperatorGroup from openshift-logging NS - attached
Screen shoot of Create Operator Subscription UI - attached
Comment 1 Rogerio Bastos 2020-05-15 16:08:07 UTC 
Created attachment 1689001 [details]
openshift-logging OperatorGroup
Comment 2 Evan Cordell 2020-05-15 16:41:22 UTC 
This appears to be an issue with the actions that the console performs on behalf of a user. It seems to be trying to create an operatorgroup in `default`, even though openshift-logging is selected.
Comment 3 Robb Hamilton 2020-05-19 21:09:34 UTC 
I think there are multiple issues here:

1.  It appears dedicated-admins [1] cannot create operatorgroups regardless of namespace, which is not a console bug.
2.  Another bug is resulting in the namespace changing when the update channel is changed.  See https://bugzilla.redhat.com/show_bug.cgi?id=1798851 and fix in https://github.com/openshift/console/pull/4374.

Given that issue 2 is fixed in 4.4.0+, I'm inclined to call this a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1798851 and close.  Any objections?

[1] https://gist.github.com/benjaminapetersen/84e2b4ccfae9bc5160f6c0edf00668bb
Comment 5 Robb Hamilton 2020-05-21 12:01:37 UTC 
Closing as duplicate.  Please reopen if fix is required for 4.3.z.

*** This bug has been marked as a duplicate of bug 1798851 ***