Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.16
Component/s: Management Console
Labels:
- ServiceDeliveryImpact

Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, if you had permission to view nodes but not Certificate Signing Requests (CSR), you could not access the *Nodes list* page. With this release, permissions to view CSRs are no longer required to access the *Nodes list* page. (link:https://issues.redhat.com/browse/OCPBUGS-51149[*~~OCPBUGS-51149~~*])

Show
* Previously, if you had permission to view nodes but not Certificate Signing Requests (CSR), you could not access the *Nodes list* page. With this release, permissions to view CSRs are no longer required to access the *Nodes list* page. (link: https://issues.redhat.com/browse/OCPBUGS-51149 [* OCPBUGS-51149 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.18.z
Target Backport Versions:

4.17.z, 4.16.z, 4.18.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-50546. The following is the description of the original issue:
—
Description of problem:

A user without CSR read permission can not view the Node page in Openshift console.

Version-Release number of selected component (if applicable):

    4.16.30

How reproducible:

    Always

Steps to Reproduce:

    1. Create a 4.16.30 ROSA/OSD cluster
    2. Assign a user with dedicated-admins group. dedicated-admins has get node permission but without CSR related permissions.
    3. Open console access Compute - Node page

Actual results:

The page only shows an error, without other content:

certificatesigningrequests.certificates.k8s.io is forbidden: User "xxxx" cannot list resource "certificatesigningrequests" in API group "certificates.k8s.io" at the cluster scope

Expected results:

The user should still be able to view nodes.

Additional info:

OSD-28173 - card for SRE tracking.

clones

OCPBUGS-50546 CSR permission should not be a hard requirement for viewing Node tab

Verified

is blocked by

OCPBUGS-50546 CSR permission should not be a hard requirement for viewing Node tab

Verified

links to

openshift/console#14787: [release-4.18] OCPBUGS-51149: Do not load CSRs if user does not have permissions

RHBA-2025:2449 OpenShift Container Platform 4.18.z bug fix update

Assignee:: Rastislav Wagner

Reporter:: OpenShift Prow Bot

QA Contact:: Xiyun Zhao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/02/21 10:28 AM

Updated:: 2025/03/11 2:42 PM

Resolved:: 2025/03/11 2:08 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates