Bug 1843780 - Virtual Machines are not displayed when logged as non admin user [NEEDINFO]
Summary: Virtual Machines are not displayed when logged as non admin user
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Console Kubevirt Plugin
Version: 4.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Yaacov Zamir
QA Contact: Radim Hrazdil
URL:
Whiteboard:
Depends On:
Blocks: 1843808
TreeView+ depends on / blocked
 
Reported: 2020-06-04 06:21 UTC by Radim Hrazdil
Modified: 2020-10-27 16:05 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: none-admin user can't list virtualmachineimports, vm list waits for the virtualmachineimports data to render Consequence: vm list is not rendered Fix: not waiting for virtualmachineimports before listing vms Result: vm list is rendered
Clone Of:
: 1843808 (view as bug list)
Environment:
Last Closed: 2020-10-27 16:04:47 UTC
Target Upstream Version:
pkliczew: needinfo? (pelauter)


Attachments (Terms of Use)
screenshot (638.06 KB, image/png)
2020-06-04 06:21 UTC, Radim Hrazdil
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 5670 0 None closed Bug 1843780: Dont wait for vm imports when listing vms 2020-06-23 04:41:14 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:05:14 UTC

Description Radim Hrazdil 2020-06-04 06:21:20 UTC
Created attachment 1694972 [details]
screenshot

Description of problem:
When logged in as non-admin user in a namespace created by this non-admin user, 
created Virtual Machines are not displayed in the Virtualization.
Browser console reads lots of 403 errors.

After discussion with Yaacov, the issue is probably either:
- if virtualmachineimports are not allowed for non-admin user, UI should ignore the missing data  => UI bug

- if virtualmachineimports should be allowed for non-admin user, UI should display an error instead of failing silently => UI bug + CNV permissions bug

```
oc get virtualmachineimports
No resources found.
Error from server (Forbidden): virtualmachineimports.v2v.kubevirt.io is forbidden: User "test" cannot list resource "virtualmachineimports" in API group "v2v.kubevirt.io" in the namespace "test"
when in none-admin we cant get virtualmachineimports
```

Version-Release number of selected component (if applicable):
4.5.0-0.nightly-2020-06-02-220939

How reproducible:
100%

Steps to Reproduce:
1. log in as non-admin user
2. create a VM
3. navigate to Virtualization -> Virtual Machines

Actual results:


Expected results:


Additional info:

Comment 1 Yaacov Zamir 2020-06-04 06:30:43 UTC
@Filip, hi

In this case vmImports is not null, and also not loaded ( it has an error )
we have a line that should handle cases where user can not get virtualmachineimports [1] should it also handle this case ?

const isVMImportLoaded = !vmImports || vmImports.loaded; // go in when CRD missing

[1] https://github.com/openshift/console/blob/master/frontend/packages/kubevirt-plugin/src/components/vms/vm.tsx#L255

Comment 2 Yaacov Zamir 2020-06-04 08:04:22 UTC
targeting to 4.6 , since this is high profile, we may want to backport to 4.5

@Tomas FYI

Comment 3 Yaacov Zamir 2020-06-04 08:07:59 UTC
after off line discusstion, cloning to 4.5 too

Comment 4 Filip Krepinsky 2020-06-04 16:51:11 UTC
I suspect that this should be fixed by vm-import-operator, unless it already was. Piotr can you take a look?


The only alternative thing we could do in the UI for now, is to disable vm import functionality for non admin users and turn it back on once this is fixed.

Comment 5 Piotr Kliczewski 2020-06-05 07:01:23 UTC
I think that the flow we implemented should be managed only by admins.

@Peter do you think we should enable it for other users as well?

Comment 8 Radim Hrazdil 2020-06-10 11:09:55 UTC
Verified with 4.6.0-0.nightly-2020-06-09-190553

Comment 10 errata-xmlrpc 2020-10-27 16:04:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.