Skip to content

Commit 154b19a

Browse files
SanjalKatiyaropenshift-cherrypick-robot
SanjalKatiyar
authored and
openshift-cherrypick-robot
committed
console: Fix authenticated endpoint (ux-backend-server)
A new authenticated endpoint was added for the non-admin ODF user to ux-backend-server (behind kube-rbac-proxy). But seems like we migrated the server deployment from OCS to ODF and this new path was missed from the `-openshift-delegate-urls` allowlist. Signed-off-by: SanjalKatiyar <[email protected]>
1 parent 240f377 commit 154b19a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

controllers/uxbackend.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@ func getUXBackendServerDeployment() *appsv1.Deployment {
125125
"-tls-key=/etc/tls/private/tls.key",
126126
"-cookie-secret-file=/etc/proxy/secrets/session_secret",
127127
"-openshift-service-account=ux-backend-server",
128-
`-openshift-delegate-urls={"/":{"group":"ocs.openshift.io","resource":"storageclusters","namespace":"openshift-storage","verb":"create"}}`,
128+
`-openshift-delegate-urls={"/":{"group":"ocs.openshift.io","resource":"storageclusters","namespace":"openshift-storage","verb":"create"},"/info/":{"group":"authorization.k8s.io","resource":"selfsubjectaccessreviews","verb":"create"}}`,
129129
"-openshift-ca=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"},
130130
Ports: []corev1.ContainerPort{
131131
{

0 commit comments

Comments
 (0)