-
Bug
-
Resolution: Done
-
Blocker
-
None
-
ACM 2.9.0
-
True
-
Not able to create apps o MDR setup.
-
False
-
-
-
Critical
-
Yes
Description of problem:
Application users are unable to create application from UI. Application users have all resources permission in their own namespace but still ACM application page is not allowing them to create application.
Please find attached screenshot for error.
Response -
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "admission webhook \"managedclustersetbindingvalidators.admission.cluster.open-cluster-management.io\" denied the request: managedclustersets/bind.cluster.open-cluster-management.io \"default\" is forbidden: user \"redhat\" is not allowed to bind cluster set \"default\"",
"reason": "Forbidden",
"details":
,
"code": 403
}
Payload-
{"apiVersion":"cluster.open-cluster-management.io/v1beta2","kind":"ManagedClusterSetBinding","metadata":
{"namespace":"redhat-new","name":"default"},"spec":{"clusterSet":"default"}}
Version-Release number of selected component (if applicable):
OCP - 4.14.0
ODF - quay.io/rhceph-dev/ocs-registry:4.14.0-117
ACM- 2.9.0
How reproducible:
Steps to Reproduce:
1. Create openshift user
2. Followed article for user creation and role binding
https://access.redhat.com/articles/6994630
3. Added role managedclusterset
oc create clusterrolebinding managedclusterset {}clusterrole=open-cluster{-} management:managedclusterset:view:default – user=redhat
4. Create app via UI
5. UI wont allows the users to create app shows error message.
Actual results:
Application users are unable to create app
Expected results:
Application users are able to create app
