Bug 2223775 - global permission found for ssp operator in cnv csv.spec.install.spec.clusterPermissions
Summary: global permission found for ssp operator in cnv csv.spec.install.spec.cluster...
Keywords:
Status: NEW
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Infrastructure
Version: 4.14.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Javier Cano Cano
QA Contact: Geetika Kapoor
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-07-18 20:18 UTC by Debarati Basu-Nag
Modified: 2023-07-19 11:47 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
ssp operator rules (11.33 KB, text/plain)
2023-07-18 20:18 UTC, Debarati Basu-Nag
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CNV-31140 0 None None None 2023-07-18 20:20:53 UTC

Description Debarati Basu-Nag 2023-07-18 20:18:09 UTC
Created attachment 1976389 [details]
ssp operator rules

Description of problem: With CNV-v4.14.0.rhel9-1274, for ssp operator we are seeing global permission set for multiple rules. Since https://issues.redhat.com/browse/CNV-24031 is now closed, opening this bug to track the current failures.


Version-Release number of selected component (if applicable):
CNV-v4.14.0.rhel9-1274

How reproducible:
100%

Steps to Reproduce:
1. Check csv.spec.install.spec.clusterPermissions for ssp-operator
2.
3.

Actual results:
================
- apiGroups:
  - '*'
  resources:
  - persistentvolumeclaims
  verbs:
  - '*'
- apiGroups:
  - '*'
  resources:
  - secrets
  verbs:
  - '*'
- apiGroups:
  - cdi.kubevirt.io
  resources:
  - datavolumes
  verbs:
  - '*'
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - kubevirt.io
  resources:
  - virtualmachines/finalizers
  verbs:
  - '*'
===============

Expected results:
No global permission for ssp operator should be present.

Additional info:


Note You need to log in before you can comment on or make changes to this bug.