Bug 1284783
| Summary: | [platformmanagement_public_470]Default value of additive-only for reconcile-cluster-roles should be true | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | XiaochuanWang <xiaocwan> |
| Component: | oc | Assignee: | David Eads <deads> |
| Status: | CLOSED EOL | QA Contact: | Wei Sun <wsun> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aos-bugs, jokerman, maszulik, mmccomas, xiaocwan |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-02-26 19:10:31 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
It sounds like the code is working correctly, but the help looks confusing. The help text "Preserves modified cluster roles", is for when the flag is true, but the flag is false by default so it looks confusing. I'll see if I can think of a better way to represent to describe it. Since its a help text problem, are you amenable to reducing severity? |
Description of problem: From runs: $ oadm policy reconcile-cluster-roles --additive-only=true added verb for a role will preserve, but deleted verbs will be rolled back $ oadm policy reconcile-cluster-roles --additive-only=false all change for verbs will be rolled back $ oadm policy reconcile-cluster-roles --additive-only the default is same with additive-only=false Above run is not same with # oadm policy reconcile-cluster-roles -h "--additive-only=false: Preserves modified cluster roles." Version-Release number of selected component (if applicable): oc v1.1-152-g052a56d openshift v1.1-152-g052a56d oadm v1.1-152-g052a56d How reproducible: always Steps to Reproduce: 1. Check help doc for reconcile-cluster-roles --additive-only oadm policy reconcile-cluster-roles -h -> Got: # Display the union of the default and modified cluster roles $ oadm policy reconcile-cluster-roles --additive-only Options: --additive-only=false: Preserves modified cluster roles. 2. Create user1 as cluster-admin oadm policy add-cluster-role-to-user cluster-admin user1 3. Change verbs of clusterrole oc edit clusterrole basic-users (add some verbs) oc edit clusterrole edit (delete some verbs) 4. Check verbs info for additive-only=true: oadm policy reconcile-cluster-role-bindings --additive-only=true oc describe clusterrolebinding/basic-users -> should preserve added verbs oc describe clusterrolebinding/edit -> deleted verbs should be back 5. Retry step4 with --additive-only=false oc describe clusterrolebinding/basic-users -> change should not be preserved oc describe clusterrolebinding/edit -> change should not be preserved 6. Retry step4 with --additive-only oc describe clusterrolebinding/basic-users oc describe clusterrolebinding/edit Actual results: Step1: Doc --additive-only=false: Preserves modified cluster roles. Step6: Default value (--additive-only) is false which will not preserve the added verbs Expected results: Step1: Doc --additive-only=true: Preserves modified cluster roles. Step6: Default value (--additive-only) should be true to preserve the added verbs Additional info: