Description of problem: The regular user should have access right for volumesnapshots.snapshot.storage.k8s.io and volumesnapshotclasses.snapshot.storage.k8s.io APIs Version-Release number of selected component (if applicable): $ oc get clusterversion --context=admin NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.0-0.nightly-2020-05-27-040756 True False 6h9m Cluster version is 4.5.0-0.nightly-2020-05-27-040756 How reproducible: Always Steps to Reproduce: 1. list volumesnapshotclass and volumesnapshot objects with a regular user. 2. 3. Actual results: $ oc get volumesnapshots Error from server (Forbidden): volumesnapshots.snapshot.storage.k8s.io is forbidden: User "testuser-0" cannot list resource "volumesnapshots" in API group "snapshot.storage.k8s.io" in the namespace "default" $ oc get volumesnapshotclasses Error from server (Forbidden): volumesnapshotclasses.snapshot.storage.k8s.io is forbidden: User "testuser-0" cannot list resource "volumesnapshotclasses" in API group "snapshot.storage.k8s.io" at the cluster scope Expected results: The regular user can list these two types of objects successfully. Master Log: Node Log (of failed PODs): PV Dump: PVC Dump: StorageClass Dump (if StorageClass used by PV/PVC): Additional info:
All PRs have been merged.
Verified pass [wduan@MINT azuredisk]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.6.0-0.nightly-2020-07-16-211200 True False 7h6m Cluster version is 4.6.0-0.nightly-2020-07-16-211200 Execute as testuser-0 testuser-0 could list the volumesnapshotclasses created by cluster admin [wduan@MINT azuredisk]$ oc get volumesnapshotclasses NAME DRIVER DELETIONPOLICY AGE csi-snapclass disk.csi.azure.com Delete 40s testuser-0 could create/list the volumesnapshot [wduan@MINT azuredisk]$ oc create -f VolumeSnapshot_withclass.yaml volumesnapshot.snapshot.storage.k8s.io/mysnapshot01 created [wduan@MINT azuredisk]$ oc get volumesnapshot mysnapshot01 NAME READYTOUSE SOURCEPVC SOURCESNAPSHOTCONTENT RESTORESIZE SNAPSHOTCLASS SNAPSHOTCONTENT CREATIONTIME AGE mysnapshot01 true pvc-ori 2Gi csi-snapclass snapcontent-a9c6fb76-17f8-44e2-85e5-684d952a1962 4m53s 7m5s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196