Created attachment 1694972 [details] screenshot Description of problem: When logged in as non-admin user in a namespace created by this non-admin user, created Virtual Machines are not displayed in the Virtualization. Browser console reads lots of 403 errors. After discussion with Yaacov, the issue is probably either: - if virtualmachineimports are not allowed for non-admin user, UI should ignore the missing data => UI bug - if virtualmachineimports should be allowed for non-admin user, UI should display an error instead of failing silently => UI bug + CNV permissions bug ``` oc get virtualmachineimports No resources found. Error from server (Forbidden): virtualmachineimports.v2v.kubevirt.io is forbidden: User "test" cannot list resource "virtualmachineimports" in API group "v2v.kubevirt.io" in the namespace "test" when in none-admin we cant get virtualmachineimports ``` Version-Release number of selected component (if applicable): 4.5.0-0.nightly-2020-06-02-220939 How reproducible: 100% Steps to Reproduce: 1. log in as non-admin user 2. create a VM 3. navigate to Virtualization -> Virtual Machines Actual results: Expected results: Additional info:
@Filip, hi In this case vmImports is not null, and also not loaded ( it has an error ) we have a line that should handle cases where user can not get virtualmachineimports [1] should it also handle this case ? const isVMImportLoaded = !vmImports || vmImports.loaded; // go in when CRD missing [1] https://github.com/openshift/console/blob/master/frontend/packages/kubevirt-plugin/src/components/vms/vm.tsx#L255
targeting to 4.6 , since this is high profile, we may want to backport to 4.5 @Tomas FYI
after off line discusstion, cloning to 4.5 too
I suspect that this should be fixed by vm-import-operator, unless it already was. Piotr can you take a look? The only alternative thing we could do in the UI for now, is to disable vm import functionality for non admin users and turn it back on once this is fixed.
I think that the flow we implemented should be managed only by admins. @Peter do you think we should enable it for other users as well?
Verified with 4.6.0-0.nightly-2020-06-09-190553
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days