Bug 1877083 - Cluster upgrade notifications have no RBAC checks
Summary: Cluster upgrade notifications have no RBAC checks
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.5.z
Assignee: Robb Hamilton
QA Contact: Yanping Zhang
URL:
Whiteboard:
Depends On: 1857843
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-09-08 19:53 UTC by Robb Hamilton
Modified: 2020-09-21 18:00 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Users who can view ClusterVersion resource may not have the ability to edit it. Consequence: Users without the ability to edit the ClusterVersion resource should not see the cluster upgrade notifications and UI elements since they cannot actually upgrade. Fix: Hide the cluster upgrade notifications and UI elements for users that do not have the ability to edit the ClusterVersion resource. Result: Users without the ability to edit the ClusterVersion resource are not shown cluster upgrade notifications and UI elements.
Clone Of: 1857843
Environment:
Version: 4.6.0-0.ci-2020-07-16-091855 Cluster ID: 818a2c63-5921-4991-96ea-0e983fb26e17 Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0
Last Closed: 2020-09-21 17:42:07 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift console pull 6557 None closed Bug 1877083: add RBAC checks to cluster upgrade UI 2020-09-21 17:56:55 UTC
Red Hat Product Errata RHBA-2020:3719 None None None 2020-09-21 17:42:23 UTC

Comment 3 Yanping Zhang 2020-09-16 03:47:57 UTC
Checked on ocp 4.5 cluster with payload: 4.5.0-0.nightly-2020-09-14-030924
Give user cluster-ready cluster role, and login console, when there is update available, it doesn't show upgrade info in notification, on about page, on overview detail card and status card.
Check on cluster setting page, there is no upgrade edit button, and channel is not editable.
The bug is fixed.

Comment 5 errata-xmlrpc 2020-09-21 17:42:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3719


Note You need to log in before you can comment on or make changes to this bug.