Bug 2072014 - non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume"
Summary: non-privileged user cannot add disk as it cannot update resource "virtualmach...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.9.3
Hardware: Unspecified
OS: Unspecified
high
urgent
Target Milestone: ---
: 4.9.5
Assignee: Alexander Wels
QA Contact: Yan Du
URL:
Whiteboard: release note
Depends On: 2056421
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-04-05 12:20 UTC by Alexander Wels
Modified: 2022-06-28 16:30 UTC (History)
14 users (show)

Fixed In Version: CNV v4.9.4-72
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2056421
Environment:
Last Closed: 2022-06-28 16:30:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt kubevirt pull 7515 0 None Merged [release-0.44] Set RBAC for VM/addvolume and VM/removevolume 2022-04-11 18:55:25 UTC
Github kubevirt kubevirt pull 7588 0 None Merged [release-0.44] Fix typo in permissions, was missing (s) in virtualmachines 2022-04-22 07:29:34 UTC
Red Hat Product Errata RHEA-2022:5389 0 None None None 2022-06-28 16:30:54 UTC

Description Alexander Wels 2022-04-05 12:20:14 UTC 
+++ This bug was initially created as a clone of Bug #2056421 +++

Description of problem:
Login with a non-privileged user, create a VM, and try to add a disk, an error shows:
user "test" cannot update resource "virtualmachines/addvolume" in API group "subresources.kubevirt.io" in the namespace "test"

Version-Release number of selected component (if applicable):
4.9.x

How reproducible:


Steps to Reproduce:
1. Login with a non-privileged user
2. Create a VM and adding disk to the vm
3.

Actual results:
error shows while adding disk

Expected results:
disk is added properly
Comment 1 Yan Du 2022-04-15 07:52:42 UTC 
Test on OCP-4.9.29 , CNV-v4.9.4-58, issue still can be reproduced.

$ virtctl version
Client Version: version.Info{GitVersion:"v0.44.3-64-gba04a33c3", GitCommit:"ba04a33c3ee7ace1769bbb9abcb43d18e6142347", GitTreeState:"clean", BuildDate:"2022-04-06T21:29:07Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{GitVersion:"v0.44.3-64-gba04a33c3", GitCommit:"ba04a33c3ee7ace1769bbb9abcb43d18e6142347", GitTreeState:"clean", BuildDate:"2022-04-06T22:39:00Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

$ virtctl addvolume fedora-1619697674-6212 --volume-name=blank-dv --persist
error adding volume, virtualmachines.subresources.kubevirt.io "fedora-1619697674-6212" is forbidden: User "test" cannot update resource "virtualmachines/addvolume" in API group "subresources.kubevirt.io" in the namespace "test"
Comment 3 Yan Du 2022-05-06 08:09:33 UTC 
Test on CNV-v4.9.5-4, bug has been fixed.
Comment 9 errata-xmlrpc 2022-06-28 16:30:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Virtualization 4.9.5 Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:5389
Note You need to log in before you can comment on or make changes to this bug.