Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37235

[CAPI]Cluster-reader couldn't able to view capi machine resources

XMLWordPrintable

    • Low
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Cluster-reader couldn't able to view capi machine resources

      Version-Release number of selected component (if applicable):

      4.17

      How reproducible:

      100%

      Steps to Reproduce:

      1. Install a cluster on GCP with TechPreviewNoUpgrade
2. Add cluster-reader role to a common user     
$ oc adm policy add-cluster-role-to-user cluster-reader testuser-48 --as system:admin
3. Login in the cluster with the common user
$ oc login -u testuser-48
Authentication required for https://api.zhsungcp58.qe.gcp.devcluster.openshift.com:6443 (openshift)
Username: testuser-48
Password: 
Login successful.
4. Check cluster-reader could view capi machine resources.
    

      Actual results:

      cluster-reader couldn't view capi machine resources
$ oc get cluster      
Error from server (Forbidden): clusters.cluster.x-k8s.io is forbidden: User "testuser-48" cannot list resource "clusters" in API group "cluster.x-k8s.io" in the namespace "openshift-cluster-api"
$ oc get gcpcluster                                                           
Error from server (Forbidden): gcpclusters.infrastructure.cluster.x-k8s.io is forbidden: User "testuser-48" cannot list resource "gcpclusters" in API group "infrastructure.cluster.x-k8s.io" in the namespace "openshift-cluster-api"
$ oc get gcpmachinetemplate                                                  
Error from server (Forbidden): gcpmachinetemplates.infrastructure.cluster.x-k8s.io is forbidden: User "testuser-48" cannot list resource "gcpmachinetemplates" in API group "infrastructure.cluster.x-k8s.io" in the namespace "openshift-cluster-api"
$ oc get machineset                                                          
Error from server (Forbidden): machinesets.cluster.x-k8s.io is forbidden: User "testuser-48" cannot list resource "machinesets" in API group "cluster.x-k8s.io" in the namespace "openshift-cluster-api"
$ oc get mhc                                                                           
Error from server (Forbidden): machinehealthchecks.cluster.x-k8s.io is forbidden: User "testuser-48" cannot list resource "machinehealthchecks" in API group "cluster.x-k8s.io" in the namespace "openshift-cluster-api"

      Expected results:

      cluster-reader could view capi machine resources

              ddonati@redhat.com Damiano Donati
              rhn-support-zhsun Zhaohua Sun
              Zhaohua Sun Zhaohua Sun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: