Description of problem: Customer unable to retrieve an image from another project using serviceaccounts in the Web UI Version-Release number of selected component (if applicable): 4.x How reproducible: All times Steps to Reproduce: 1. Create an user and give him only edit, deployer or image-puller rights 2. Execute the procedures in this document: https://docs.openshift.com/container-platform/4.3/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-across-projects_using-image-pull-secrets 3. Try to create a new deploy getting an image from another project (project-a) Actual results: On Deploy Image->Image stream tag from internal registry, I got the message: "Service account default does not have authority to pull images from project-b. Select another project to continue." Expected results: Be able to run an image from another project, since the necessary permissions were set based in the document referred above Additional info: This same process worked for the customer in the 3.x version. The customer is migrating his projects from the 3.x to 4.x
This appears to be an issue with the internal registry, not cluster auth. Reassigning.
We are also having this issue. Did the following procedure above on a 4.3.8 cluster and assigned a user the "edit" role into another project. When the user enters the web console and tries to use the deploy an image from an internal registry they get the same "Service account default does not have authority to pull images from other_project. Select another project to continue" message. When the role of the user is changed to the admin role, it works fine, but anything below admin (basic-user, deployer, etc) fails.
Created attachment 1714290 [details] Able to import/run an image from other project
Created attachment 1714291 [details] Unable to import/run an image from other project
Verified on Build version: 4.6.0-0.nightly-2020-09-09-062306 Browser version: Chrome 84
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196