Bug 1292321
Summary: | Group and user binding relationship is not clear by "describe" or "get" even though group role is shared with user | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | XiaochuanWang <xiaocwan> |
Component: | apiserver-auth | Assignee: | David Eads <deads> |
Status: | CLOSED WONTFIX | QA Contact: | Wei Sun <wsun> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | aos-bugs, ccoleman, mmccomas, nagrawal, wsun, xiaocwan |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-04-02 15:37:03 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
XiaochuanWang
2015-12-17 03:25:30 UTC
The `Groups` field on a `User` is not virtualized. They are two different ways of representing the group, that means that `edit` on the resources can't behave the way you've described. I don't think we have non-congruent groups between update and get, so I probably wouldn't change the get behavior to collapse them either. I see a couple options: 1. Sub-resource on a user to get its groups. This seems pretty reasonable. 1. Status.Groups on a User that indicates its current group affiliations as known by the server. I think both are reasonable. Jordan, Clayton opinions? Agree... `groups` field on user != all group memberships. Need to document that (and maybe mark groups field as deprecated?). I think I'd lean toward the subresource to keep the user call cheap and small, but I need to think about that a little more The API is functioning as expected. Its a little difficult to follow as a user, but no data is being lost and the rolebindings are operating as expected. XiaochuanWang: If you agree, can you reduce severity to "low"? severity is down to "low" |