Description of problem:
Customer unable to retrieve an image from another project using serviceaccounts in the Web UI
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create an user and give him only edit, deployer or image-puller rights
2. Execute the procedures in this document:
3. Try to create a new deploy getting an image from another project (project-a)
On Deploy Image->Image stream tag from internal registry, I got the message:
"Service account default does not have authority to pull images from project-b. Select another project to continue."
Be able to run an image from another project, since the necessary permissions were set based in the document referred above
This same process worked for the customer in the 3.x version. The customer is migrating his projects from the 3.x to 4.x
This appears to be an issue with the internal registry, not cluster auth. Reassigning.
We are also having this issue. Did the following procedure above on a 4.3.8 cluster and assigned a user the "edit" role into another project. When the user enters the web console and tries to use the deploy an image from an internal registry they get the same "Service account default does not have authority to pull images from other_project. Select another project to continue" message. When the role of the user is changed to the admin role, it works fine, but anything below admin (basic-user, deployer, etc) fails.
Created attachment 1714290 [details]
Able to import/run an image from other project
Created attachment 1714291 [details]
Unable to import/run an image from other project
Verified on Build version: 4.6.0-0.nightly-2020-09-09-062306
Browser version: Chrome 84