Created attachment 1694972 [details]
Description of problem:
When logged in as non-admin user in a namespace created by this non-admin user,
created Virtual Machines are not displayed in the Virtualization.
Browser console reads lots of 403 errors.
After discussion with Yaacov, the issue is probably either:
- if virtualmachineimports are not allowed for non-admin user, UI should ignore the missing data => UI bug
- if virtualmachineimports should be allowed for non-admin user, UI should display an error instead of failing silently => UI bug + CNV permissions bug
oc get virtualmachineimports
No resources found.
Error from server (Forbidden): virtualmachineimports.v2v.kubevirt.io is forbidden: User "test" cannot list resource "virtualmachineimports" in API group "v2v.kubevirt.io" in the namespace "test"
when in none-admin we cant get virtualmachineimports
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. log in as non-admin user
2. create a VM
3. navigate to Virtualization -> Virtual Machines
In this case vmImports is not null, and also not loaded ( it has an error )
we have a line that should handle cases where user can not get virtualmachineimports  should it also handle this case ?
const isVMImportLoaded = !vmImports || vmImports.loaded; // go in when CRD missing
targeting to 4.6 , since this is high profile, we may want to backport to 4.5
after off line discusstion, cloning to 4.5 too
I suspect that this should be fixed by vm-import-operator, unless it already was. Piotr can you take a look?
The only alternative thing we could do in the UI for now, is to disable vm import functionality for non admin users and turn it back on once this is fixed.
I think that the flow we implemented should be managed only by admins.
@Peter do you think we should enable it for other users as well?
Verified with 4.6.0-0.nightly-2020-06-09-190553
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.