Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.20
Component/s: Installer / openshift-installer
Labels:
None

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    The SimulatePrincipalPolicy is included as a base permission, required for all installs. But this permission should only be needed if the Permissions check is run, which only occurs when CredentialsMode == "". Therefore, SimulatePrincipalPolicy should be indicated as an optional permission. 

This is relevant because sometimes SCP policies may break this permission/functionality.

See:

https://redhat-internal.slack.com/archives/C68TNFWA2/p1760641140491929

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1. remove SimulatePrincipalPolicy from permissions
    2. set CredentialsMode (to anything except "", Mint is fine)
    3. Start install

Actual results:

    Install should work

Expected results:

    According to our docs, this install should fail, because SimulatePrincipalPolicy is required for everything. If CredentialsMode is set to "" (and the SimulatePrincipalPolicy permission is removed) then I would expect the installer to fail.

Additional info:

Assignee:: Unassigned

Reporter:: Patrick Dillon

Need Info From:: None

Contributors:: None

QA Contact:: Gaoyun Pei

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/10/17 5:38 PM

Updated:: 2025/10/17 5:38 PM