Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.16
Component/s: Management Console
Labels:
- ServiceDeliveryImpact

Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.19.0
Target Backport Versions:

4.17.z, 4.16.z, 4.18.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

A user without CSR read permission can not view the Node page in Openshift console.

Version-Release number of selected component (if applicable):

    4.16.30

How reproducible:

    Always

Steps to Reproduce:

    1. Create a 4.16.30 ROSA/OSD cluster
    2. Assign a user with dedicated-admins group. dedicated-admins has get node permission but without CSR related permissions.
    3. Open console access Compute - Node page

Actual results:

The page only shows an error, without other content:

certificatesigningrequests.certificates.k8s.io is forbidden: User "xxxx" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope

Expected results:

The user should still be able to view nodes.

Additional info:

OSD-28173 - card for SRE tracking.

blocks

OCPBUGS-51149 CSR permission should not be a hard requirement for viewing Node tab

is cloned by

OCPBUGS-51149 CSR permission should not be a hard requirement for viewing Node tab

relates to

CONSOLE-3899 Console should handle Node certificate signing requests

Closed

links to

openshift/console#14771: OCPBUGS-50546: Do not load CSRs if user does not have permissions

Assignee:: Rastislav Wagner

Reporter:: Siu Wa Wu

QA Contact:: YaDan Pei

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/02/11 3:13 AM

Updated:: 2025/02/21 10:28 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates