Bug 1891808 - An admin user can create resources (such as a VM) under golden images namespaces
Summary: An admin user can create resources (such as a VM) under golden images namespaces
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: SSP
Version: 2.5.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 2.6.0
Assignee: Shweta
QA Contact: Israel Pinto
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-27 12:19 UTC by Ruth Netser
Modified: 2020-12-09 12:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-12-09 12:57:01 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Ruth Netser 2020-10-27 12:19:18 UTC 
Description of problem:
Admin user can create resources (that are not DV/PVC) under golden images namespace. 
As an admin user I can create a VM under that namespace.

Version-Release number of selected component (if applicable):
kubevirt-ssp-operator-container-v2.5.0-55

How reproducible:
100%

Steps to Reproduce:
As admin user, create a VM under openshift-virtualization-os-images namespace


Actual results:
VM is successfully created.


Expected results:
Admin user should only be allowed to created DV/PVC in golden images namespace (openshift-virtualization-os-images).

Additional info:
$ oc create -f  vm-cirros.yaml  -n openshift-virtualization-os-images
virtualmachine.kubevirt.io/vm-cirros created
$ oc get vm -A
NAMESPACE                            NAME        AGE   VOLUME
openshift-virtualization-os-images   vm-cirros   5s
Comment 1 Ruth Netser 2020-12-09 12:57:01 UTC 
Cluster admin has priviledges to do anything in any namespace.
Note You need to log in before you can comment on or make changes to this bug.