1843780 – Virtual Machines are not displayed when logged as non admin user

Bug 1843780 - Virtual Machines are not displayed when logged as non admin user

Summary: Virtual Machines are not displayed when logged as non admin user

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Console Kubevirt Plugin
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Yaacov Zamir
QA Contact:	Radim Hrazdil
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1843808
TreeView+	depends on / blocked

Reported:	2020-06-04 06:21 UTC by Radim Hrazdil
Modified:	2023-09-14 06:01 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: none-admin user can't list virtualmachineimports, vm list waits for the virtualmachineimports data to render Consequence: vm list is not rendered Fix: not waiting for virtualmachineimports before listing vms Result: vm list is rendered
Clone Of:
Clones:	1843808 (view as bug list)
Environment:
Last Closed:	2020-10-27 16:04:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
screenshot (638.06 KB, image/png) 2020-06-04 06:21 UTC, Radim Hrazdil	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift console pull 5670	0	None	closed	Bug 1843780: Dont wait for vm imports when listing vms	2020-06-23 04:41:14 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 16:05:14 UTC

Description Radim Hrazdil 2020-06-04 06:21:20 UTC

Created attachment 1694972 [details]
screenshot

Description of problem:
When logged in as non-admin user in a namespace created by this non-admin user, 
created Virtual Machines are not displayed in the Virtualization.
Browser console reads lots of 403 errors.

After discussion with Yaacov, the issue is probably either:
- if virtualmachineimports are not allowed for non-admin user, UI should ignore the missing data  => UI bug

- if virtualmachineimports should be allowed for non-admin user, UI should display an error instead of failing silently => UI bug + CNV permissions bug

```
oc get virtualmachineimports
No resources found.
Error from server (Forbidden): virtualmachineimports.v2v.kubevirt.io is forbidden: User "test" cannot list resource "virtualmachineimports" in API group "v2v.kubevirt.io" in the namespace "test"
when in none-admin we cant get virtualmachineimports
```

Version-Release number of selected component (if applicable):
4.5.0-0.nightly-2020-06-02-220939

How reproducible:
100%

Steps to Reproduce:
1. log in as non-admin user
2. create a VM
3. navigate to Virtualization -> Virtual Machines

Actual results:


Expected results:


Additional info:

Comment 1 Yaacov Zamir 2020-06-04 06:30:43 UTC

@Filip, hi

In this case vmImports is not null, and also not loaded ( it has an error )
we have a line that should handle cases where user can not get virtualmachineimports [1] should it also handle this case ?

const isVMImportLoaded = !vmImports || vmImports.loaded; // go in when CRD missing

[1] https://github.com/openshift/console/blob/master/frontend/packages/kubevirt-plugin/src/components/vms/vm.tsx#L255

Comment 2 Yaacov Zamir 2020-06-04 08:04:22 UTC

targeting to 4.6 , since this is high profile, we may want to backport to 4.5

@Tomas FYI

Comment 3 Yaacov Zamir 2020-06-04 08:07:59 UTC

after off line discusstion, cloning to 4.5 too

Comment 4 Filip Krepinsky 2020-06-04 16:51:11 UTC

I suspect that this should be fixed by vm-import-operator, unless it already was. Piotr can you take a look?


The only alternative thing we could do in the UI for now, is to disable vm import functionality for non admin users and turn it back on once this is fixed.

Comment 5 Piotr Kliczewski 2020-06-05 07:01:23 UTC

I think that the flow we implemented should be managed only by admins.

@Peter do you think we should enable it for other users as well?

Comment 8 Radim Hrazdil 2020-06-10 11:09:55 UTC

Verified with 4.6.0-0.nightly-2020-06-09-190553

Comment 10 errata-xmlrpc 2020-10-27 16:04:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Comment 11 Red Hat Bugzilla 2023-09-14 06:01:43 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days

Note You need to log in before you can comment on or make changes to this bug.