| Summary: | oc create ignores policy name | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Evgheni Dereveanchin <ederevea> |
| Component: | apiserver-auth | Assignee: | David Eads <deads> |
| Status: | CLOSED NOTABUG | QA Contact: | weiwei jiang <wjiang> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.1.0 | CC: | aos-bugs, jokerman, mmccomas, pweil, wsun |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-04 14:48:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
also here are the resulting policies that are created
# oc get policy
NAME ROLES LAST MODIFIED
default test 0001-01-01 00:00:00 +0000 UTC
# oc get policy default -o yaml
apiVersion: v1
kind: Policy
lastModified: null
metadata:
creationTimestamp: 2016-03-02T15:17:53Z
name: default
namespace: "test"
resourceVersion: "3791510"
selfLink: /oapi/v1/namespaces/test/policies/default
uid: ef5e1fad-e089-11e5-b5e6-52540091350e
roles:
- name: test
role:
metadata:
creationTimestamp: null
name: test
namespace: test
rules:
- apiGroups: null
attributeRestrictions: null
resources:
- pods
verbs:
- create
- get
correct, only a single policy per namespace is currently allowed. Roles are intended to be the primary mode of interacting with Policies. The Policy object is an artifact of the storage mechanism. |
Description of problem: When creating a policy using "oc create" the name is ignored and "default" policy is created Version-Release number of selected component (if applicable): # oc version oc v3.1.1.6-16-g5327e56 kubernetes v1.1.0-origin-1107-g4c8e6f4 # rpm -q atomic-openshift-master atomic-openshift-master-3.1.1.6-3.git.16.5327e56.el7aos.x86_64 How reproducible: always Steps to Reproduce: 1. create new project oc new-project test 2. try to create test policy oc create -f - <<EOF apiVersion: v1 kind: Policy metadata: name: test roles: - name: test role: metadata: name: test namespace: test rules: - apiGroups: null attributeRestrictions: null resources: - pods verbs: - get - create EOF Actual results: policy "default" created Expected results: policy "test" created Additional info: this leads to issues when several policies need to exist: this will produce an error saying: Error from server: error when creating "STDIN": policy "default" already exists also, oc replace seems to parse this correctly: oc replace -f - <<EOF apiVersion: v1 kind: Policy metadata: name: test roles: - name: test role: metadata: name: test namespace: test rules: - apiGroups: null attributeRestrictions: null resources: - pods verbs: - get - create EOF Error from server: error when replacing "STDIN": policy "test" not found note that the policy name is "test" in the error message, not "default"