-
Bug
-
Resolution: Unresolved
-
Undefined
-
4.22.0
-
None
Description of problem:
When a dynamic plugin renders a <NamespaceBar> component and the current user does not have "get" permissions on "projects"s the component performs auth checks that fail, and reset the active namespace to "All projects".
Version-Release number of selected component (if applicable):
Tested with version 4.19 of the dynamic plugin SDK on OpenShift 4.19
How reproducible:
Create a ClusterRole with "get/watch/list" on "namespace", but *not* "projects" and bind to a user. Create a Role granting access to resources on a namespace and bind to a user.
- In the console, visit a page and select the project the user has access to via the NamespaceBar dropdown.
- Navigate to a page that renders an entry point of a dynamic plugin, where the plugin renders a <NamespaceBar>
- After navigation, the current active project is reset to "All projects" and the NamespaceBar dropdown value changes from the current project to "All projects".
Steps to Reproduce:
See above
Actual results:
The current project is reset
Expected results:
The current project remains selected after navigation
Additional info:
Will attach ClusterRole and Role YAML used for reproduction, as well as a video of the observed behavior.
Edit: I cannot attach a video, but the observed behavior above should be enough.
Dynamic plugin entry point that reproduces this error can be found at
https://github.com/stackrox/stackrox/blob/150538e46656ee3db47c012a60e0333d2b477e6c/ui/apps/platform/src/ConsolePlugin/SecurityVulnerabilitiesPage/SecurityVulnerabilitiesPage.tsx
I suspect this is due to code found here
https://github.com/openshift/console/blob/1d96e43e57c14f140efe11d633cd03a576477b36/frontend/public/components/namespace-bar.tsx#L58