Epic Goal

To provide a VM admin the necessary access to manage VirtualMachine related resources. This includes the VM pod, attached secrets/configmaps, storage (PV, PVC), networking (NetworkAttachmentDefinition), etc. The current VM admin permissions (kubevirt:admin) does not include any of these related resources.

Why is this important?

VM admins need to be able to view/modify VM related resources in order to troubleshoot issues. If they do not have, then their troubleshooting ability will be limited.

Scenarios

1. VM admin can access all related VM resources with modify permissions
2. VM view permissions can access the same as above, but in read only
3. Permissions can be cluster wide as well as namespaced

Acceptance Criteria

1. VM related resources are viewable from ACM search Virtual Machines page
2. Through ClusterPermission, a role can be applied that provides access to all related/needed VM resources on managed clusters.
3. Both ACM and OCP VM console pages are fully functioning through the extended VM roles provided from #2

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. ...

Open questions:

1. …

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Doc issue opened with a completed template. Separate doc issue
  opened for any deprecation, removal, or any current known
  issue/troubleshooting removal from the doc, if applicable.
• Considerations were made for Extended Update Support (EUS)