Details
-
Bug
-
Resolution: Done
-
Major
-
maistra-1.0.2
-
None
Description
OCP 4.3 changed the console UI Operators section permission. In previous OCP (OCP 4.1, 4.2) user is able to create a SMCP from console UI after login as a non cluster-admin user. In OCP 4.3 console UI, Installed Operators shows
Restricted Access
You don't have access to this section due to cluster policy.
Error details
subscriptions.operators.coreos.com is forbidden: User "qe1" cannot list resource "subscriptions" in API group "operators.coreos.com" at the cluster scope
A non cluster-admin user ("qe1" above) cannot access the OSSM operator UI section. So this blocks a SMCP and SMMR creation from console UI.
However, we can create a SMCP from CLI when we login as a non cluster-admin user successfully.
OCP version: https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/latest-4.3/openshift-install-linux-4.3.0-0.nightly-*.tar.gz
OSSM version: 1.0.3
Environment: OCP 4.3 on AWS
non cluster-admin user creation step:
$ htpasswd -c -B -b users.htpasswd qe1 "${QE1_PWD:-qe1pw}"
$ oc -n openshift-config create secret generic htpass-secret --from-file=htpasswd=users.htpasswd
$ oc apply -f <(cat <<EOF
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret
EOF
)
Attachments
Issue Links
- is incorporated by
-
-
- Closed
-
- links to
