Details
-
Bug
-
Resolution: Done
-
Minor
-
4.12.0
-
None
-
False
-
Description
Description of problem:
project viewer is able to see a 'Create Pod Disruption Budget' button on Pods list page while the creation will fail finally due to less permission, in this way console should not show a 'Create Pod Disruption Budget' button for project viewer, other resources list page doesn’t have the issue
Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2021-09-16-212009
How reproducible:
Always
Steps to Reproduce:
1. normal user has a project and workloads
- oc get all -n yapei1-project
NAME READY STATUS RESTARTS AGE
pod/example-787f749bb-czkms 1/1 Running 0 79s
pod/example-787f749bb-m7wxt 1/1 Running 0 79s
pod/example-787f749bb-mw8jv 1/1 Running 0 79s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/example 3/3 3 3 79s
NAME DESIRED CURRENT READY AGE
replicaset.apps/example-787f749bb 3 3 3 79s
2. grant another user with view access to user project 'yapei1-project'
- oc adm policy add-role-to-user view uiauto1 -n yapei1-project
clusterrole.rbac.authorization.k8s.io/view added: "uiauto1"
3. login with user 'uiauto1' and check the permissions on Pods list page
Actual results:
3. project viewer 'uiauto1' can see pods list successfully, at the same time console also shows a 'Create Pod Disruption Budget' button while the creation will finally fail if project viewer tries to create a pod
Expected results:
3. console should not show 'Create Pod Disruption Budget' button for a project viewer
Additional info:
For comparison: we doesn't show resource creation button('Create xxx' button) on other workloads list page for a project viewer, such as Deployments, DeploymentConfigs list etc
