Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-926

[vsphere-problem-detector] report privilege missing when using pre-existing folder and/or resource pool with ReadOnly permission

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Undefined
    • Resolution: Done
    • 4.12
    • None
    • Storage / Operators
    • Moderate
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      According to https://issues.redhat.com/browse/OCPBUGS-705, thanks Junyun share the test env/result for install part, and we need the fix in vsphere-problem-detector, currently it reports the following missing when using the pre-existing folder and/or resource pool with ReadOnly permission:
        
      1. vcenter cluster set ReadOnly permission: 
      I0902 10:07:50.324782       1 vsphere_check.go:244] CheckComputeClusterPermissions:jima-permission-q84s8-worker-86gd4 failed: missing privileges for compute cluster workloads: Resource.AssignVMToPool, VApp.AssignResourcePool, VApp.Import, VirtualMachine.Config.AddNewDisk
      
      
      2. datacenter set ReadOnly permission:
      I0902 08:09:19.462001       1 vsphere_check.go:225] CheckAccountPermissions failed: missing privileges for datacenter OCP-DC: Resource.AssignVMToPool, VApp.Import, VirtualMachine.Config.AddExistingDisk, VirtualMachine.Config.AddNewDisk, VirtualMachine.Config.AddRemoveDevice, VirtualMachine.Config.AdvancedConfig, VirtualMachine.Config.Annotation, VirtualMachine.Config.CPUCount, VirtualMachine.Config.DiskExtend, VirtualMachine.Config.DiskLease, VirtualMachine.Config.EditDevice, VirtualMachine.Config.Memory, VirtualMachine.Config.RemoveDisk, VirtualMachine.Config.Rename, VirtualMachine.Config.ResetGuestInfo, VirtualMachine.Config.Resource, VirtualMachine.Config.Settings, VirtualMachine.Config.UpgradeVirtualHardware, VirtualMachine.Interact.GuestControl, VirtualMachine.Interact.PowerOff, VirtualMachine.Interact.PowerOn, VirtualMachine.Interact.Reset, VirtualMachine.Inventory.Create, VirtualMachine.Inventory.CreateFromExisting, VirtualMachine.Inventory.Delete, VirtualMachine.Provisioning.Clone, VirtualMachine.Provisioning.DeployTemplate, VirtualMachine.Provisioning.MarkAsTemplate, Folder.Create, Folder.Delete 

      Version-Release number of selected component (if applicable):

      4.12.0-0.nightly-2022-09-02-194931

      How reproducible:

      Always 

      Steps to Reproduce:

      See Description of problem

      Actual results:

      The vsphere-problem-detector operator reports privilege missing when using pre-existing folder and/or resource pool with ReadOnly permission

      Expected results:

      The vsphere-problem-detector operator should not reports privilege missing in that case.

      Additional info:

       

      Attachments

        Activity

          People

            rhn-support-rbost Robert Bost
            wduan@redhat.com Wei Duan
            Wei Duan Wei Duan
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: