Uploaded image for project: 'Hybrid Application Console'
  1. Hybrid Application Console
  2. HAC-4315

[OCM UI] A user granted with role "Identity provider editor" didn't have the options enabled to configure IDP for the cluster.

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • Infrastructure
    • False
    • False
    • None
    • HAC Infra OCM - Sprint 239, HAC Infra OCM - Sprint 240

      Description of problem:

      An org member user has granted with role permission "Identity provider editor" for a cluster. But in org member login session, the UI options to add or configure a new identity provider for the cluster is disabled. It looks like a wrong behavior.

      CLI Role binding definition after granting role as below 

       ocm get /api/accounts_mgmt/v1/subscriptions/2RSLSuDSL9WpjOCtnI3PeFDgK2x/role_bindings
{
  "items": [
    {
      "account": {
        "href": "/api/accounts_mgmt/v1/accounts/1TBa2A3mL0wcoYHlBgt0xTxfJNA",
        "id": "1TBa2A3mL0wcoYHlBgt0xTxfJNA",
        "kind": "Account"
      },
      "account_email": "",
      "account_username": "",
      "created_at": "2023-06-20T07:38:53.179865Z",
      "href": "/api/accounts_mgmt/v1/subscriptions/2RSLSuDSL9WpjOCtnI3PeFDgK2x/role_bindings/2RSc4gfOiwpGwc6v2sR4aisXGiJ",
      "id": "2RSc4gfOiwpGwc6v2sR4aisXGiJ",
      "kind": "RoleBinding",
      "role": {
        "href": "/api/accounts_mgmt/v1/roles/IdpEditor",
        "id": "IdpEditor",
        "kind": "Role"
      },
      "subscription": {
        "href": "/api/accounts_mgmt/v1/subscriptions/2RSLSuDSL9WpjOCtnI3PeFDgK2x",
        "id": "2RSLSuDSL9WpjOCtnI3PeFDgK2x",
        "kind": "Subscription"
      },
      "updated_at": "2023-06-20T07:38:53.179865Z"
    }
  ],
  "kind": "SubscriptionRoleBindingList",
  "page": 1,
  "size": 1,
  "total": 1
}

      How reproducible:

       Always

      Steps to reproduce:

      1. Launch OCM UI staging and login as org-admin user.
      2. Open a ROSA hypershift cluster.
      3. Go to access control tab > OCM roles and access , click "Grant" button.
      4. Input Redhat login with a valid user name (ex: use a org-member user)
      5. Select Role as Identity provider editor and Click on "Grant role".
      6. Login to OCM UI Staging with the user granted permission in step 4 .
      7. Select and Open  the cluster(same as step 2).
      8. Go to "Access control" tab > "Identity provider "and try to add the new IDP.
      9. Go to "Access control" tab> "OCM Roles and access" and try to grant a role.

      Actual results:

      The Access control section restricted to the user from adding new IDP or granting roles etc although user has granted with the role "Identity provider editor". 

      Expected results:
      The Access control section should not restrict  the user from adding new IDP or granting roles etc when user  granted with the role "Identity provider editor". 

        1. image-2023-06-20-12-39-01-319.png
          image-2023-06-20-12-39-01-319.png
          192 kB

              jschuler_kafka_devexp Joachim Schuler
              jmekkatt@redhat.com Jayakrishnan Mekkattillam
              Archiver:
              rhn-support-sthamilt Stacey Hamilton
              Jayakrishnan Mekkattillam Jayakrishnan Mekkattillam

                Created:
                Updated:
                Resolved:
                Archived: