Project access tab cannot differentiate between users and groups in ROSA web console
Environment
Red Hat OpenShift Service on AWS
- 4.11.x
Issue
- In the ROSA web console from developer perspective, the project access tab cannot differentiate between users and groups and furthermore cannot add groups from this web console. This has led to confusion whether existing resources were in fact users or groups.
Resolution
Red Hat identified this issue in bug report OCPBUGS-7800 and delivered a fix in OpenShift Container Platform 4.12 version through errata RHSA-2023:1409. If this issue still occurs in the environment after updating the cluster, open a support case in the Red Hat Customer Portal referring to this solution.
Diagnostic Steps
This issue can be detected using below steps:
- To create a group and add a user to it.
$ oc adm groups new <group_name>
$ oc adm groups add-users <group_name> <username>
$ oc get groups
- create new project.
$ oc new-project <namespace_name>
- Assign the group project level access.
$ oc adm policy add-role-to-group edit <group_name> -n <namespace_name>
-
Login to the ROSA web console > Developer perspective > Project > namespace_name > Project Access
Verified the rolebinding named 'edit' is bound to a group name. -
From the same project Access tab in the web console, add a new rolebinding with the role "View". Click on Add access> Assign Name and Role> Save. Now check the web console, it is unable to identify the group and user.
-
Run the following command to differentiate between groups and users through cli.
$ oc get rolebinding
$ oc get rolebinding <rolebinding_name> -o yaml
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments