Description of Problem: The regular user should not see volume snapshot content from UI Version-Release number of selected component (if applicable): 4.6.0-0.nightly-2020-09-20-184226 How Reproducible: Always Steps to Reproduce: 1. Install an OCP4.6 cluster. 2. Log into the web console with regular user not kubeadmin 3. Check Storage/Volume Snapshots Content page Actual Results: The regular user doesn't have access right for volumesnapshotcontent, so the volume snapshot content page should be hidden for the regular user just like the Persistent Volume. $ oc get volumesnapshotcontent Error from server (Forbidden): volumesnapshotcontents.snapshot.storage.k8s.io is forbidden: User "testuser-0" cannot list resource "volumesnapshotcontents" in API group "snapshot.storage.k8s.io" at the cluster scope Expected Results: The regular user should not see volume snapshot content from web console.Volume Snapshot Contents menu should be hidden for the regular user
Moving to the DevConsole team since they have been working on adding the Volume Snapshots Content navbar item in https://github.com/openshift/console/pull/5980
This is not owned by DevConsole and should be moved to Storage team and not sure what's the right component for it.
Moved to Console Storage team
Moving back to ON_QA as I misunderstood the fix. Confirmed with Qin Ping and Bipul, I should not even see the VSContent in UI for the User. Will test it again with latest builds
Created attachment 1716602 [details] Verification screenshot Verified the fix in 2 clusters ( Qin Ping - 4.6.0-0.nightly-2020-09-25-085318) and 4.6.0-0.nightly-2020-09-25-070943 OCS = ocs-operator.v4.6.0-569.ci _________________________________ Attached screencast of the UI flow. The Persistent Volume and Volume Snapshot Content are no longer listed under Storage if we have logged IN with a normal User which doesn't have the admin access. _____________________________ UI ======= 1. Installed an OCP4.6 cluster. 2. Created a user1 using the steps mentioned in [1] [1] https://docs.openshift.com/container-platform/4.5/authentication/identity_providers/configuring-htpasswd-identity-provider.html#configuring-htpasswd-identity-provider 3. Logged into the web console with regular user user1 and not kubeadmin 4. Created a new Project/PVC and snapshot 5. Checked Storage/Volume Snapshots Content page. These were not listed under Storage tab CLI ============ $ oc whoami user1 $ oc get volumesnapshotcontent Error from server (Forbidden): volumesnapshotcontents.snapshot.storage.k8s.io is forbidden: User "user1" cannot list resource "volumesnapshotcontents" in API group "snapshot.storage.k8s.io" at the cluster scope
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196