-
Bug
-
Resolution: Done
-
Normal
-
4.11
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
After creating a `ClusterRole` and a `Rolebinding` for an user in specific namespace with restricted permissions for `pods` resource, the "Create Pod" button and screen are shown, even if no permissions and later the "Create" button fails with error 'pods is forbidden: User "test1" cannot create resource "pods" in API group "" in the namespace "test"'
Version-Release number of selected component (if applicable):
4.11
How reproducible:
Always
Steps to Reproduce:
1. Create a `ClusterRole` with permissions for `delete`, `deletecollection`, `get`, `list` and `watch` for the `pods` resource. 2. Create a `RoleBinding` for a user in a namespace 3. In the admin console, go to "Workloads > Pods" in the namespace where the `Rolebinding` was created 4. Click in the "Create Pod" button. 5. Try to create the pod with the "Create" button.
Actual results:
The "Create Pod" button is shown, and the screen for creating a pod from a yaml is available.
Expected results:
No "Create Pod" button available.
Additional info:
Permissions in the `ClusterRole`: ~~~ - apiGroups: - "" resources: - pods verbs: - delete - deletecollection - apiGroups: - "" resources: - pods - pods/log - pods/status verbs: - get - list - watch ~~~
- links to
