Bug 1992961 - Regular user cannot create VM because of an unclear error
Summary: Regular user cannot create VM because of an unclear error
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.9.0
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 4.9.2
Assignee: Bartosz Rybacki
QA Contact: Natalie Gavrielov
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-08-12 06:45 UTC by Guohua Ouyang
Modified: 2022-01-19 17:51 UTC (History)
8 users (show)

Fixed In Version: CNV v4.9.2-10
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-01-19 17:49:52 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
'value' of undefined (149.94 KB, image/png)
2021-08-12 06:45 UTC, Guohua Ouyang
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt containerized-data-importer pull 2025 0 None Merged Add storageprofiles to RBAC 2021-12-05 08:37:48 UTC
Github kubevirt containerized-data-importer pull 2041 0 None Merged [release-v1.38] Add storageprofiles to RBAC 2021-12-16 10:27:39 UTC
Github openshift console pull 10408 0 None Merged Bug 1992961: Regular user cannot create VM because of an unclear error 2021-12-12 12:10:36 UTC
Red Hat Product Errata RHSA-2022:0191 0 None None None 2022-01-19 17:51:06 UTC

Description Guohua Ouyang 2021-08-12 06:45:58 UTC
Created attachment 1813328 [details]
'value' of undefined

Description of problem:
Regular user cannot create VM because of an unclear error "Cannot read property 'value' of undefined".

But it works in customize wizard.


Version-Release number of selected component (if applicable):
master

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Guohua Ouyang 2021-10-09 01:53:44 UTC
The problem is that normal user cannot read storageProfile settings.
Move this to high as it blocks VM creation and needs backport to 4.9.z.

Comment 2 Guohua Ouyang 2021-11-02 01:38:28 UTC
normal user could not load storageProfile settings in PVC upload form too.

Comment 4 Guohua Ouyang 2021-11-09 10:13:54 UTC
The current fix is disabling the optimized storageProfile settings so the page could load properly, but it means normal user could not benefit from the optimized storageProfile settings.

I think we need to work out a better solution for normal user(project admin) to read the optimized storageProfile value.

@Kobi, what do you think?

Comment 5 Yaacov Zamir 2021-11-09 11:36:02 UTC
> but it means normal user could not benefit from the optimized storageProfile settings.

Yes, I agree.

Moving to storage team,

Hi, in the UI we want to let user know what the storage profile is suggesting for specific storage class

Can we make storage profile readable to project admins ?

adding something like 

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: storage-profile-reader
  labels:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
- apiGroups: ["cdi.kubevirt.io/v1beta1"]
  resources: ["StorageProfile"]
  verbs: ["watch", "list", "get"]

Comment 6 Maya Rashish 2021-11-09 17:47:33 UTC
Lowering severity because 4.9.z has a workaround.
Bartosz, what do you think about this RBAC?

Comment 7 Bartosz Rybacki 2021-11-10 16:01:12 UTC
Yes, we should update our ClusterRoles. I'll take a look and propose a PR to CDI.

Comment 9 Bartosz Rybacki 2021-11-18 16:25:58 UTC
@yzamir which accounts or roles are used by UI to access this information?

Comment 10 Bartosz Rybacki 2021-11-19 11:30:22 UTC
A PR to add RBAC rules has been posted. 

I assume we can change the workaround done here: https://github.com/openshift/console/pull/10408 when the new Rules are available.

Comment 11 Yaacov Zamir 2021-11-21 12:11:58 UTC
> @yzamir which accounts or roles are used by UI to access this information?

The role is project admin, e.g. the user that admins one project

Comment 12 Dan Kenigsberg 2021-11-22 08:20:53 UTC
This bug is quite severe: a non-priv user cannot really enjoy our StorageProfiles feature without extra help, and they may not even know that they are missing something. Raising to High even though well-informed cluster admins can grant them.

Comment 13 Bartosz Rybacki 2021-11-29 14:07:16 UTC
CDI change merged, ready for testing

Comment 14 Bartosz Rybacki 2021-11-29 15:05:13 UTC
It was merged for main, but to target the 4.9.2, it needs to be backported - which is still in progress.

Comment 15 Bartosz Rybacki 2021-12-21 16:25:29 UTC
the backport was merged https://github.com/kubevirt/containerized-data-importer/pull/2041

It should be now available on new 4.9.2 builds

Comment 16 Guohua Ouyang 2021-12-22 00:27:44 UTC
Verified on CNV-v4.9.2-11 +  OCP-4.9.11, regular user can create VM successfully.

Comment 22 errata-xmlrpc 2022-01-19 17:49:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.9.2 Images security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0191


Note You need to log in before you can comment on or make changes to this bug.