Created attachment 1689000 [details] Create Operator Subscription Description of problem: As a dedicated-admin, when you try deploying an operator (Logging Operator) by doing a Create Operator Subscription into the openshift-logging NS via console, a forbidden message coming from the "default" namespace is returned Version-Release number of selected component (if applicable): 4.3.18 How reproducible: Every time you use the Create Operator Subscription screen Steps to Reproduce: 1. use the Create Operator Subscription from OperatorHub to install Loggin Operator 2. Pick the openshift-loggin NS [screenshot attached] Actual results: operatorgroups.operators.coreos.com is forbidden: User "nmalik" cannot create resource "operatorgroups" in API group "operators.coreos.com" in the namespace "default" Expected results: A subscription would be created in the openshift-logging NS Additional info: OperatorGroup from openshift-logging NS - attached Screen shoot of Create Operator Subscription UI - attached
Created attachment 1689001 [details] openshift-logging OperatorGroup
This appears to be an issue with the actions that the console performs on behalf of a user. It seems to be trying to create an operatorgroup in `default`, even though openshift-logging is selected.
I think there are multiple issues here: 1. It appears dedicated-admins [1] cannot create operatorgroups regardless of namespace, which is not a console bug. 2. Another bug is resulting in the namespace changing when the update channel is changed. See https://bugzilla.redhat.com/show_bug.cgi?id=1798851 and fix in https://github.com/openshift/console/pull/4374. Given that issue 2 is fixed in 4.4.0+, I'm inclined to call this a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1798851 and close. Any objections? [1] https://gist.github.com/benjaminapetersen/84e2b4ccfae9bc5160f6c0edf00668bb
Closing as duplicate. Please reopen if fix is required for 4.3.z. *** This bug has been marked as a duplicate of bug 1798851 ***