Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-41356

Listing available networks when creating a new host on OCP-V requires too much permissions

XMLWordPrintable

    • 8
    • False
    • rubygem-foreman_kubevirt-0.4.2
    • Satellite Rocket Sprint 13, Satellite Rocket Sprint 14
    • sat-rocket
    • None
    • None
    • None
    • None

      Description of problem:

      While creating a new host on the OCP-V compute resource, there are no networks displayed in the lower part (CR related) of the NIC dialog. This stems from the fact that regular users don't have permission to list all the available networks.

      Another place that's broken is the "compute profiles" page. When you try to create one, the interfaces part will just tell you " No networks found. " and don't let you add anything. Especially this is blocked behind a cr.editable_network_interfaces? call, which will always return false if cr.networks is empty
       

      How reproducible:

       Always, as long as the OCP user does not have permissions to view networks.

      Is this issue a regression from an earlier version:

       

      Steps to Reproduce:

      1. Define an OCP-V compute resource
      2. Click on "Create host"
      3. Select the first NIC record
      4. Observe an empty networks list and an exception in the logs

      Actual behavior:

      Observe an empty networks list and an exception in the logs

      06:02:58 rails.1 | 2025-12-24T06:02:57 [D|app|7ea51c57] Receiving vm data for host 'shim-test-ricky-roton.example.com' from compute resource 'cnv - shim (KubeVirt)' failed. ActiveRecord::RecordNotFound: ActiveRecord::RecordNotFound
06:02:58 rails.1 | 2025-12-24T06:02:58 [W|app|7ea51c57] <Kubeclient::HttpError> network-attachment-definitions.k8s.cni.cncf.io is forbidden: User "system:serviceaccount:example-ns:example-user" cannot list resource "network-attachment-definitions" in API group "k8s.cni.cncf.io" at the cluster scope
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/kubeclient-4.13.0/lib/kubeclient/common.rb:132:in `rescue in handle_exception'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/kubeclient-4.13.0/lib/kubeclient/common.rb:122:in `handle_exception'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/kubeclient-4.13.0/lib/kubeclient/common.rb:357:in `get_entities'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/kubeclient-4.13.0/lib/kubeclient/common.rb:231:in `block (2 levels) in define_entity_methods'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/fog-kubevirt-1.4.0/lib/fog/kubevirt/compute/utils/exception_wrapper.rb:19:in `method_missing'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/fog-kubevirt-1.4.0/lib/fog/kubevirt/compute/requests/list_networkattachmentdefs.rb:6:in `list_networkattachmentdefs'
06:02:58 rails.1 | /home/vagrant/foreman/.vendor/ruby/3.0.0/gems/fog-kubevirt-1.4.0/lib/fog/kubevirt/compute/models/networkattachmentdefs.rb:13:in `all'
06:02:58 rails.1 | /home/vagrant/foreman_kubevirt/app/models/foreman_kubevirt/kubevirt.rb:81:in `networks'

      Expected behavior:

      The user can define the network for the host

          1.
          		 allow to enter arbitrary data for the network by evgeni · Pull Request #175 · theforeman/foreman_kubevirt · GitHub Sub-task Release Pending - Upstream Undefined Evgeni Golov
          2.
          		 Document required OCP-V permissions Sub-task Review Undefined Jan Fiala

              egolov@redhat.com Evgeni Golov
              rhn-engineering-sshtein Shimon Shtein
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: