Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9174

cluster-readers role is not authorized to view NetworkAttachmentDefinition

XMLWordPrintable

    • Important
    • Rejected
    • Unspecified
    • N/A
    • Release Note Not Required

      Description of problem:
      An un-privileged user with cluster-readers role cannot view NetworkAttachmentDefinition resource.

      Version-Release number of selected component (if applicable):
      oc Version: 4.10.0-202203141248.p0.g6db43e2.assembly.stream-6db43e2
      OCP Version: 4.10.4
      Kubernetes Version: v1.23.3+e419edf
      ose-multus-cni:v4.1.0-7.155662231

      How reproducible:
      100%

      Steps to Reproduce:
      1. In an OCP cluster with multus installed - search which roles can view ("get") NetworkAttachmentDefinition resource, and see if "cluster-readers" role is part of this list, by running:
      $ oc adm policy who-can get network-attachment-definitions | grep "cluster-reader"

      Actual results:
      Empty output

      Expected results:
      Non-empty output with "cluster-readers" in it, e.g. when running the same command for the Namespace resource:
      $ oc adm policy who-can get namespace | grep "cluster-reader"
      system:cluster-readers

            dosmith Douglas Smith
            ysegev@redhat.com Yossi Segev
            Weibin Liang Weibin Liang
            Red Hat Employee
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: