Description of problem: global permission found for mtq operator in cnv csv.spec.install.spec Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Check csv.spec.install.spec for mtq operator 2. 3. Actual results: I see the following entries with global permission for mtq operator: ====================================== cluster_permission: - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - clusterrolebindings - clusterroles verbs: - '*' - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions - customresourcedefinitions/status verbs: - '*' - apiGroups: - mtq.kubevirt.io resources: - '*' verbs: - '*' permission: - apiGroups: - '' resources: - serviceaccounts - configmaps - events - secrets - services verbs: - '*' - apiGroups: - apps resources: - deployments - deployments/finalizers verbs: - '*' - apiGroups: - coordination.k8s.io resources: - leases verbs: - '*' Expected results: No global permission for mtq operator Additional info:
Moving this bug back to ASSIGNED state, as per the above comment from Denys.
Hey this should be resolved in v1.1.7 because of the following patch: https://github.com/kubevirt/managed-tenant-quota/pull/23
Validated with CNV-v4.14.0.rhel9-2121
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6817