Description of problem (please be detailed as possible and provide log snippests): Noobaa UI access requires membership in the cluster-admins group or system:cluster-admins gorup. Version of all relevant components (if applicable): All Does this issue impact your ability to continue to work with the product (please explain in detail what is the user impact)? No Is there any workaround available to the best of your knowledge? Yes. Generate cluster-admins group and add the applicable users to that group. The user can also use the credentials from the NooBaa admin secret in the Openshift-Storage namespace. Use can also use credentials for `noobaa status` on cli. Rate from 1 - 5 the complexity of the scenario you performed that caused this bug (1 - very simple, 5 - very complex)? 1 Can this issue reproducible? Yes Can this issue reproduce from the UI? Yes If this is a regression, please provide more details to justify this: Steps to Reproduce: 1. Install Openshift 2. Install ODF/OCS 3. Access NooBaa UI via dashboard or route 4. Enter credentials for Oauth 5. Accept Oauth permissions request 6. Access denied shown with login box Actual results: Access denied shown with login box Expected results: Access granted and NooBaa UI shown Additional info:
Link to https://github.com/noobaa/noobaa-core/blob/c238f8e4f85060a8a5ae945c9f538ad6bb2d8351/config.js where required groups are set for NooBaa: ////////////////////////////// // OAUTH RELATES // ////////////////////////////// config.OAUTH_REDIRECT_ENDPOINT = 'fe/oauth/callback'; config.OAUTH_REQUIRED_SCOPE = 'user:info'; config.OAUTH_REQUIRED_GROUPS = [ 'system:cluster-admins', 'cluster-admins' ];
This issue is present in all 4.x versions of ODF/OCS.