Details
-
Bug
-
Resolution: Won't Do
-
Blocker
-
None
-
None
-
None
Description
Istio config list fails to load for admin access "foo" user.
Could not fetch Istio objects list: authorizationpolicies.security.istio.io is forbidden: User "foo" cannot list resource "authorizationpolicies" in API group "security.istio.io" in the namespace "bookinfo"
Steps to reproduce:
- Install SM 1.1 with Kiali 1.12.5 and Bookinfo.
- Create a "foo" user with admin permission on "bookinfo" and "istio-system". "oc adm policy add-cluster-role-to-user basic-user foo", "oc adm policy add-role-to-user admin foo -n bookinfo", "oc adm policy add-role-to-user admin foo -n istio-system".
- Istio Config page. It fails to load, and error is displayed:
Could not fetch Istio objects list: authorizationpolicies.security.istio.io is forbidden: User "foo" cannot list resource "authorizationpolicies" in API group "security.istio.io" in the namespace "bookinfo"
"foo" user can list VirtualServices and DestinationRules via OCP CLI.
Only "authorizationpolicies" cannot be listed.
Attachments
Issue Links
- causes
-
OSSM-173 NoN cluster-admin User configuration
- Closed