-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
1.5.0
-
False
-
-
False
-
-
-
Critical
Description of the problem:
RBAC role for configuring ros.cluster.project.projectid returns NotAllowedError. I expect in this instance that the user would be able to see all pods under that cluster when this role is assigned.
How reproducible: 100%
Steps to reproduce:
1. Deploy Orchestrator 1.5
2. Enable RO plugin RC4
3. Configure RBAC
################################################################################## ## Additional users with full read/write/execution ################################################################################## g, user:default/rhdh-orchestrator-test-1, role:default/RORead g, user:default/rhdh-orchestrator-test-2, role:default/ROCluster g, user:default/rhdh-orchestrator-test-3, role:default/ROProject g, user:default/rhdh-orchestrator-test-4, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-5, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-6, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-7, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-8, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-9, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-10, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-11, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-12, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-13, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-14, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-15, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-16, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-17, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-18, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-19, role:default/workflowReadwrite g, user:default/rhdh-orchestrator-test-20, role:default/workflowReadwrite
################################################################################## ## resource optimization plugin roles ################################################################################## p, role:default/RORead, ros.plugin, read, allow p, role:default/ROCluster, ros.cluster.023d9b0e-7ca6-481d-b04f-ea606becd54e, read, allow p, role:default/ROProject, ros.cluster.project.thanos, read, allow
Actual results: User with this role is not allowed to see any pods
Expected results: User with this role is allowed to see pods owned by that project