-
Bug
-
Resolution: Done
-
Major
-
RHODS_1.17.0_GA
-
False
-
None
-
False
-
- cluster admin always get RHODS Admin access
- dashboard does not report any error about fetching rolebinding
-
Release Notes
-
No
-
-
-
-
-
-
1.19.0-14
-
No
-
-
Known Issue
-
No
-
Yes
-
None
-
RHODS 1.19
-
High
Description of problem:
It looks like when the cluster admin is the only user present in the cluster, it doesn't get the RHODS Admin access automatically.
The dashboard pod reports these lines of error about rolebindings:
{"level":50,"time":1664785629417,"pid":108,"hostname":"rhods-dashboard-59bb5c9d89-6kb2f","msg":"Failed to list rolebindings for user, Failed to list groups filtered by username."}{"level":50,"time":1664785629436,"pid":108,"hostname":"rhods-dashboard-59bb5c9d89-6kb2f","msg":"Failed to list rolebindings for user, Failed to list groups filtered by username."} ...
As soon as we created more users, it got the permissions and the logs stopped to show those errors about role binding.
Pull Request:
https://github.com/opendatahub-io/odh-dashboard/pull/725
Steps to Reproduce
- Create a cluster (reproduced on OSD)
- Create only one user with cluster admin permissions (no other users in the cluster)
- Log in RHODS Dashboard using the cluster admin
- Check if the user can access the "Settings" section of RHODS
- create new users
- Check point 4) once again
Actual results:
- Cluster admin doesn't get RHODS Admin access if it is the only user present in the cluster
- dashboard logs keep reporting an error about fetching role bindings
Expected results:
- cluster admin always get RHODS Admin access
- dashboard does not report any error about fetching rolebinding
Reproducibility (Always/Intermittent/Only Once):
Tested once on a fresh OSD cluster for now.
Build Details:
RHODS v1.17.0-9
Workaround:
- create more users
(To be Verified) granting cluster admin permissions to the single user instead of group (RHODS-5100). This is not verified
Additional info:
- May be related to https://issues.redhat.com/browse/RHODS-5100
- the cluster admin user has been defined by granting ClusterAdmins to a user group
- is related to
-
RHODS-5100 Cluster admins user do not get RHODS admin access if CRB is defined for a group
- Closed