Details
-
Feature Request
-
Resolution: Done
-
Minor
-
None
-
None
-
False
-
False
-
0
-
0%
-
Undefined
Description
1. Proposed title of this feature request
Ability to view all the CRD instances in projects users have access to in the Instance page.
2. What is the nature and description of the request?
As of now, if we go to the `Administration` menu, then select `Custom Resource Definition`, and click on a CRD from the list, we get three sections:
1) Overview
2) YAML
3) Instances
From these sections, we are currently unable to view the Instance page if we don't have a cluster-wide role for the resources.
However, if we go to the CLI, and select the project we have access to and then if we try to get the CRD, we are able to do so. Here, the issue is that in GUI, it is searching for the instance at the cluster-level, and if the user does not have cluster-wide access they cannot see the Instances. It's because in the background OpenShift sents a command similar to the following:
# oc get apiservers.config.openshift.io --all-namespaces
And if the user does not have cluster-wide access the user is not being able to see the CRD instances even in the project user have access to. Trying to view the Instance page without cluster-wide access would give out an error similar to this:
apiservers.config.openshift.io is forbidden: User "<username>" cannot list resources "apiservers" in API group "config.openshift.io" at the cluster scope.
3. Why does the customer need this? (List the business requirements here)
As a project admin, the user should be able to see the CRD instances in all their project from the GUI. As of now, we can only see the CRD instance by going inside that project only from the CLI, but still, we won't be able to see all the CRD instances present inside all the project users have access to in one go.
4. List any affected packages or components.
OpenShift Webconsole
In CLI, we have an option of viewing the instance list for individual namespaces:
# oc get apiservers.config.openshift.io -n <namespace>
However, in the OpenShift console, currently, we are only able to see the CRD instance list if we have cluster-wide permissions for the same.