+++ This bug was initially created as a clone of Bug #1837859 +++ Description of problem: When creating manila snapshot, we got following message for permission lack: I0520 00:27:19.431196 1 snapshot_controller.go:200] updating VolumeSnapshotContent[snapcontent-a93535d3-000c-45c2-b1da-a19bb7b3f12d] error status failed volumesnapshotcontents.snapshot.storage.k8s.io "snapcontent-a93535d3-000c-45c2-b1da-a19bb7b3f12d" is forbidden: User "system:serviceaccount:manila-csi:openstack-manila-csi-controllerplugin" cannot update resource "volumesnapshotcontents/status" in API group "snapshot.storage.k8s.io" at the cluster scope It is not defined in clusterrole openstack-manila-csi-controllerplugin as below: [wduan@MINT snapshot]$ oc get clusterrole openstack-manila-csi-controllerplugin -o yaml | grep "volumesnapshot" - volumesnapshotclasses - volumesnapshotcontents - volumesnapshots - volumesnapshots/status Version-Release number of selected component (if applicable): 4.5.0-0.nightly-2020-05-17-235851 How reproducible: Always Steps to Reproduce: 1. Install manila csi driver 2. Create volumesnapshotclass 2. Create volumesnapshot Actual results: volumesnapshot is not "ReadyToUse" with message in Description Expected results: Serviceaccount openstack-manila-csi-controllerplugin have the permission for creating snapshot. Master Log: Node Log (of failed PODs): PV Dump: PVC Dump: StorageClass Dump (if StorageClass used by PV/PVC): Additional info:
Verified pass with images in https://errata.devel.redhat.com/advisory/54130. [wduan@MINT verification-tests]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.0-0.nightly-2020-06-10-201008 True False 23h Cluster version is 4.5.0-0.nightly-2020-06-10-201008 [wduan@MINT manila]$ oc get clusterrole openstack-manila-csi-controllerplugin -o yaml | grep "volumesnapshot" - volumesnapshotclasses - volumesnapshotcontents - volumesnapshotcontents/status - volumesnapshots - volumesnapshots/status
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409