Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-73864

VolumeSnapshot GET privileges should match PersistentVolumeClaim in openshift-virtualization-os-images namespace

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • CNV v4.21.0
    • Storage Ecosystem, Storage Platform
    • None
    • Quality / Stability / Reliability
    • 0.42
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None

      Description of problem:

      try to GET a VolumeSnapshot on namespace openshift-virtualization-os-images using a non admin client, I get an error of Forbidden.
Try to GET a PersistentVolumeClaim on namespace openshift-virtualization-os-images using a non admin client, and there was no issue with it.

A VolumeSnapshot/PersistentVolumeClaim should have the same behaviour (RBAC)

      Version-Release number of selected component (if applicable):

      4.21

      How reproducible:

      100%

      Steps to Reproduce:

      1. Login using a non admin client
2. Try to GET a PersistentVolumeClaim
3. Try to GET a VolumeSnapshot

      Actual results:

      The PVC succeed while the VSS fails

      Expected results:

      Both should have the same result

      Additional info:

      pvc is in v1 and rbac rules allow read access to unpriv client but volumesnapshot is in snapshot.storage.k8s.io. probably for our unpriv client we want to give explicit access to use snapshot.storage.k8s.io.

              ngavrilo@redhat.com Natalie Gavrielov
              rhn-support-rkishner Roni Kishner
              Natalie Gavrielov Natalie Gavrielov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: