Bug 2166508 - Virtualization -> Overview -> Settings page is crashed when the user have no permission to list network-attachment-definitions
Summary: Virtualization -> Overview -> Settings page is crashed when the user have no ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: User Experience
Version: 4.12.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.13.0
Assignee: Dana Orr
QA Contact: Guohua Ouyang
URL:
Whiteboard:
Depends On:
Blocks: 2172044
TreeView+ depends on / blocked
 
Reported: 2023-02-02 03:23 UTC by Guohua Ouyang
Modified: 2023-05-18 02:57 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-05-18 02:57:25 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
setting page crashed (298.73 KB, image/png)
2023-02-02 03:23 UTC, Guohua Ouyang
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt-ui kubevirt-plugin pull 1041 0 None open Bug 2166508: Setting page doesn't crash when the user doesn't have permission 2023-02-09 10:00:27 UTC
Red Hat Issue Tracker CNV-24920 0 None None None 2023-02-02 03:27:00 UTC
Red Hat Product Errata RHSA-2023:3205 0 None None None 2023-05-18 02:57:39 UTC

Description Guohua Ouyang 2023-02-02 03:23:13 UTC
Created attachment 1941707 [details]
setting page crashed

Description of problem:
Virtualization -> Overview -> Settings page is crashed when the user have no permission to list network-attachment-definitions, the related OCP bug is https://issues.redhat.com/browse/OCPBUGS-6959.

Even with the OCP bug, the page not crash, instead, it shows proper error while editing "Live migration network".

Version-Release number of selected component (if applicable):
v4.12.0

How reproducible:
100%

Steps to Reproduce:
1. create a regular user 'test', reference for creating the 'test' user: https://github.com/openshift/console/blob/master/test-prow-e2e.sh#L52

2. assign cluster-reader role to this user: 
$ oc adm policy add-cluster-role-to-user cluster-reader test 

3. try to list some resources:
$ oc get pod --all-namespaces | head -n 2
NAMESPACE                                          NAME                                                              READY   STATUS                  RESTARTS           AGE
alitke                                             virt-launcher-fedora-blue-shark-45r8s                             0/1     Completed               0                  6d11h
$ oc get vm --all-namespaces | head -n 2                                                                             
NAMESPACE                NAME                                  AGE     STATUS               READY
alitke                   fedora-blue-shark                     97d     Running              True
$ oc get network-attachment-definitions --all-namespaces
Error from server (Forbidden): network-attachment-definitions.k8s.cni.cncf.io is forbidden: User "test" cannot list resource "network-attachment-definitions" in API group "k8s.cni.cncf.io" at the cluster scope 

4. login the web console with this user, navigate to Virtualization -> Overview -> Settings page 

Actual results:
the page is crashed

Expected results:
the page is not crashed, and it shows a proper error while editing the "Live migration network".

Additional info:

Comment 2 errata-xmlrpc 2023-05-18 02:57:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:3205


Note You need to log in before you can comment on or make changes to this bug.