2155460 – PVC clone fails with error "system:serviceaccount:openshift-storage:rook-csi-cephfs-provisioner-sa" cannot update resource "persistentvolumeclaims" in API group

Bug 2155460 - PVC clone fails with error "system:serviceaccount:openshift-storage:rook-csi-cephfs-provisioner-sa" cannot update resource "persistentvolumeclaims" in API group

Summary: PVC clone fails with error "system:serviceaccount:openshift-storage:rook-csi-...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	rook
Sub Component:
Version:	4.12
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.12.0
Assignee:	Madhu Rajanna
QA Contact:	Rachael
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-21 10:15 UTC by Rachael
Modified:	2023-08-09 17:03 UTC (History)
CC List:	4 users (show)
Fixed In Version:	4.12.0-156
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-02-08 14:06:28 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	red-hat-storage rook pull 444	0	None	open	BUG 2155460: csi: add missing update rbac	2022-12-21 14:48:36 UTC
Github	rook rook pull 11468	0	None	open	csi: add missing update rbac	2022-12-21 10:18:12 UTC

Description Rachael 2022-12-21 10:15:25 UTC

Description of problem (please be detailed as possible and provide log
snippets):

While creating PVC clone, the following error was observed:

Name:          clone-pvc-test-3594f249247249-50ff3c3536
Namespace:     namespace-test-221d45c9fe6349d291589408a
StorageClass:  ocs-storagecluster-cephfs
Status:        Pending
Volume:
Labels:        
Annotations:   volume.beta.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com
               volume.kubernetes.io/storage-provisioner: openshift-storage.cephfs.csi.ceph.com
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:
Access Modes:
VolumeMode:    Filesystem
DataSource:
  Kind:   PersistentVolumeClaim
  Name:   pvc-test-3594f2492472493990804ee7413a39c
Used By:  
Events:
  Type     Reason                Age                From                                                                                                                      Message



  Warning  ProvisioningFailed    63s                openshift-storage.cephfs.csi.ceph.com_csi-cephfsplugin-provisioner-766db4bcc5-xhjbt_5fc4f10a-9c20-4cc3-8f46-37bf5254ab0d  failed to provision volume with StorageClass "ocs-storagecluster-cephfs": persistentvolumeclaims "pvc-test-3594f2492472493990804ee7413a39c" is forbidden: User "system:serviceaccount:openshift-storage:rook-csi-cephfs-provisioner-sa" cannot update resource "persistentvolumeclaims" in API group "" in the namespace "namespace-test-221d45c9fe6349d291589408a"

This issue is intermittently seen. The cloned PVC eventually got bound.

Version of all relevant components (if applicable):
---------------------------------------------------
OCP: 4.12.0-0.nightly-2022-12-01-184212
ODF: 4.12.0-122


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?


Is there any workaround available to the best of your knowledge?


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
2

Can this issue reproducible?
Not always

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
This issue is observed intermittently

Steps to Reproduce:
-------------------
OCS-CI test: https://github.com/red-hat-storage/ocs-ci/blob/master/tests/manage/pv_services/pvc_clone/test_clone_when_pvc_full.py


Actual results:
---------------
The following error is seen during the cloning process:

Warning  ProvisioningFailed    63s                openshift-storage.cephfs.csi.ceph.com_csi-cephfsplugin-provisioner-766db4bcc5-xhjbt_5fc4f10a-9c20-4cc3-8f46-37bf5254ab0d  failed to provision volume with StorageClass "ocs-storagecluster-cephfs": persistentvolumeclaims "pvc-test-3594f2492472493990804ee7413a39c" is forbidden: User "system:serviceaccount:openshift-storage:rook-csi-cephfs-provisioner-sa" cannot update resource "persistentvolumeclaims" in API group "" in the namespace "namespace-test-221d45c9fe6349d291589408a"

Expected results:
-----------------
PVC clone should succeed without any errors

Note You need to log in before you can comment on or make changes to this bug.