-
Bug
-
Resolution: Done
-
Critical
-
RHODS_1.16.0_GA
-
False
-
None
-
False
-
-
Release Notes
-
No
-
-
-
-
-
-
1.17.0-9
-
No
-
-
Documented as Resolved Issue
-
No
-
Yes
-
None
-
RHODS 1.17
-
High
Description of problem:
If cluster admin privileges are assign to a group instead of specific user the Dashboard does not recognize the users from that group as RHODS Admin.
Bug related to https://issues.redhat.com/browse/RHODS-2740
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
- Assign cluster admin permission to an Openshift group
- Log in RHODS Dashboard using one of the users belonging to the group from point 1
- check if you have access to "Settings" section
- Assign cluster admin permission to a specific user rather than a group
- repeat point 2 and 3
Actual results:
- no RHODS admin access for cluster admin "group"
- RHODS admin access granted for cluster admin "user"
Expected results:
RHODS admin access granted for all the cluster admins
Reproducibility (Always/Intermittent/Only Once):
Always
Build Details:
RHODS v1.16
Workaround:
Assign cluster admin permissions using this kind of ClusterRoleBinding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-user-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: my-user
Additional info:.
CRB for cluster admin "group"
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: osd-cluster-admin
labels:
hive.openshift.io/managed: 'true'
managedFields:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: cluster-admins
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: my-user-group
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
- duplicates
-
-
- Closed
-
- is caused by
-
RHODS-2740 Admin UI for mapping RHODS groups
-
- Closed
-
- relates to
-
-
- Closed
-