Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.14.0
Affects Version/s: 4.10
Component/s: Networking / multus
Labels:
- migrated_from_bz

Severity:
Important
Release Blocker:
Rejected
Architecture:

Unspecified
Release Note Text:
N/A
Release Note Type:
Release Note Not Required
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:
An un-privileged user with cluster-readers role cannot view NetworkAttachmentDefinition resource.

Version-Release number of selected component (if applicable):
oc Version: 4.10.0-202203141248.p0.g6db43e2.assembly.stream-6db43e2
OCP Version: 4.10.4
Kubernetes Version: v1.23.3+e419edf
ose-multus-cni:v4.1.0-7.155662231

How reproducible:
100%

Steps to Reproduce:
1. In an OCP cluster with multus installed - search which roles can view ("get") NetworkAttachmentDefinition resource, and see if "cluster-readers" role is part of this list, by running:
$ oc adm policy who-can get network-attachment-definitions | grep "cluster-reader"

Actual results:
Empty output

Expected results:
Non-empty output with "cluster-readers" in it, e.g. when running the same command for the Namespace resource:
$ oc adm policy who-can get namespace | grep "cluster-reader"
system:cluster-readers

Attachments

Issue Links

links to

openshift/cluster-network-operator#1343: OCPBUGS-9174: The cluster-readers group should be able to get net-attach-defs

RHEA-2023:5006 rpm

Activity

People

Assignee:: Douglas Smith

Reporter:: Yossi Segev

QA Contact:: Weibin Liang

Contributing Groups:: Red Hat Employee

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 2022/03/15 1:31 PM

Updated:: 2023/10/31 1:37 PM

Resolved:: 2023/10/31 1:37 PM