Created attachment 1733129 [details] Page for the installed MTA Operator Description of problem: When a not cluster wide access user clicks on "Create Instance" in the installed MTA Operator page on OCP->Admin->Operators->Installed Operators , web console crashes and goes completely blank, and several 403 errors appear in the browser dev console. These 403 errors appear with several operators. There's a workaround, that is clicking in the MTA Operator page, in YAML tab, then click on DETAILS tab and then click on "Create Instance" Github repo of the operator : https://github.com/windup/windup-operator/pull/2 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install operator with kubeadmin ( test catalog ) in the ns "user-mta". This is not an already operatorhub published operator. 2. logout 3. Login with non cluster wide access, user "user1" ( created with htpasswd method ) 4. Go to Admin->Installed Operators 5. click on MTA Operator 6. click on "Create Instance" 7. whole page goes blank Actual results: Whole web console goes blank. Expected results: The fields of the CRD appear with their default values in order to create the CR. Additional info: workaround : 1. Install operator with kubeadmin ( test catalog ) in the ns "user-mta". This is not an already operatorhub published operator. 2. logout 3. Login with non cluster wide access, user "user1" ( created with htpasswd method ) 4. Go to Admin->Installed Operators 5. click on MTA Operator 6. click on YAML tab 7. click on DETAILS tab 6. click on "Create Instance" 7. all fields appear with their default values
This appears to be an issue with the console, not OLM itself. Reassigning to console for further triage.
Here you can see a video , using "user1" ( only viewable from inside redhat accounts ) https://drive.google.com/file/d/1DiUXnsgpSM6E2SSsiqdZtStwKyFGNzpt/view This is the yaml for the user1 : kind: User apiVersion: user.openshift.io/v1 metadata: name: user1 selfLink: /apis/user.openshift.io/v1/users/user1 uid: 8b1736b3-7b1b-4477-89a3-e88d68ebaf10 resourceVersion: '1877677' creationTimestamp: '2020-11-23T15:57:20Z' managedFields: - manager: oauth-server operation: Update apiVersion: user.openshift.io/v1 time: '2020-11-23T15:57:20Z' fieldsType: FieldsV1 fieldsV1: 'f:identities': {} identities: - 'htpasswd:user1' groups: null And its RoleBinding : kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: admin namespace: user1-mta selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/user1-mta/rolebindings/admin uid: 28a89260-8e08-475b-a476-610d7617826a resourceVersion: '1877800' creationTimestamp: '2020-11-23T15:57:39Z' managedFields: - manager: openshift-apiserver operation: Update apiVersion: rbac.authorization.k8s.io/v1 time: '2020-11-23T15:57:39Z' fieldsType: FieldsV1 fieldsV1: 'f:roleRef': 'f:apiGroup': {} 'f:kind': {} 'f:name': {} 'f:subjects': {} subjects: - kind: User apiGroup: rbac.authorization.k8s.io name: user1 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin
I tried with following steps on a 4.7.0-0.nightly-2020-11-26-201843 cluster 1. cluster admin user creates the catalog source apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: test-catalog namespace: openshift-marketplace spec: sourceType: grpc image: quay.io/windupeng/mta-operator-test-catalog:0.0.38 2. wait until a customized provide type `test-catalog` is shown on Operators -> OperatorHub page, click on `test-catalog` provider type and search `MTA Operator` and subscribe to `default` namespace, wait until operator is successfully installed $ oc get csv -n default NAME DISPLAY VERSION REPLACES PHASE windup-operator.v0.0.1 MTA Operator 0.0.1 Succeeded 3. grant user `yapei1` the admin permission for default project $ oc adm policy add-role-to-user admin yapei1 -n default clusterrole.rbac.authorization.k8s.io/admin added: "yapei1" 4. cluster-admin user logout and login with user `yapei1` 5. project admin user goes to Operators -> Installed Operators -> click on MTA Operator -> click 'Create Instance' on MTA Operator Details page and hit 'Create' button, the console doesn't go blank @jvilalop Could you attach the browser console error you see when console goes blank? You can get browser console errors: 1. Open Developer Inspector 2. Perform the steps to reproduce your issue 3. Check the errors in `console` tab
Hi @
Created attachment 1734035 [details] Browser console with errors
Hi @yapei Thank you for testing the use case. I would like to mention couple of things 1. I'm using Openshift 4.5 , and we are not able to create a lab using Openshift 4.7 2. Apparently in Openshift 4.6 page doesn't go blank BUT you can not see all the fields and default values in the form view, coming from the example , unless you click on YAML tab and then in the DETAILS page, before clicking on Create Instance Here you have a video of what happens : https://drive.google.com/file/d/1amA2jH-lgojFl1C1kqeyYWJuWhdA1YYl/view?usp=sharing And the file with console errors : https://bugzilla.redhat.com/attachment.cgi?id=1734035
I believe this is a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1901531, but please reopen if I am mistaken. *** This bug has been marked as a duplicate of bug 1901531 ***
This is actually a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1884613 which has been fixed in 4.6 *** This bug has been marked as a duplicate of bug 1884613 ***
Fix was also backported to 4.5 (see https://bugzilla.redhat.com/show_bug.cgi?id=1885228)