Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-24302

[2160673] User cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io"

XMLWordPrintable

    • Moderate
    • No

      Description of problem:
      A regular user cannot use "virtctl ssh" to connect to a VM:

      ~~~
      $ virtctl ssh --username=cloud-user rhel9-casual-cat
      can't access VMI rhel9-casual-cat: virtualmachineinstances.subresources.kubevirt.io "rhel9-casual-cat" is forbidden: User "jorti" cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" in the namespace "jorti"
      ~~~

      Version-Release number of selected component (if applicable):
      OpenShift Virtualization 4.11.2

      How reproducible:
      Always

      Steps to Reproduce:
      1. Using a regular user with admin privileges in a project, try to connect to a VM:

      $ virtctl ssh --username=cloud-user rhel9-casual-cat

      Actual results:
      can't access VMI rhel9-casual-cat: virtualmachineinstances.subresources.kubevirt.io "rhel9-casual-cat" is forbidden: User "jorti" cannot get resource "virtualmachineinstances/portforward" in API group "subresources.kubevirt.io" in the namespace "jorti"

      Expected results:
      No errors

      Additional info:
      It looks like a fix for this has been already merged upstream:
      https://github.com/kubevirt/kubevirt/pull/7675

              fmatousc@redhat.com Felix Matouschek
              rhn-support-jortialc Juan Orti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: