Bug 1321294

Summary: [Dedicated] Can not fix role inconsistencies for dedicated roles
Product: OpenShift Container Platform Reporter: weiwei jiang <wjiang>
Component: apiserver-authAssignee: Ravi Sankar <rpenta>
Status: CLOSED CURRENTRELEASE QA Contact: Wei Sun <wsun>
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aos-bugs, jokerman, mmccomas, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-23 15:09:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description weiwei jiang 2016-03-25 09:45:29 UTC 
Description of problem:
Both wjiang and wsun are dedicated-project-admin for all projects except skip projects.

After user wsun remove wjiang with dedicated-project-admin role on a specific project,
the rolebinding can not be fixed within 30 minutes.


Version-Release number of selected component (if applicable):
 openshift version 
openshift v3.2.0.7
kubernetes v1.2.0-36-g4a3f9c5
etcd 2.2.5


How reproducible:
Always

Steps to Reproduce:
1. Download apply-dedicated-roles.py ,dedicated-cluster-admin.json , dedicated-project-admin.json
2.Create some projects using one user,and create some projects using other user
3.Run apply-dedicated-roles.py to apply the dedicate admin role to one user
# python apply-dedicated-roles.py -c dedicated-cluster-admin.json -p dedicated-project-admin.json -u wsun,wjiang -v
4 run `oc policy remove-role-from-user wjiang -n <specific project>` via project admin
5. wait 30 minutes
6. check if wjiang is dedicated-project-admin for specific project

Actual results:
3 wjiang is not dedicated-project-admin for specific project

Expected results:
3. wjiang should be dedicated-project-admin for specific project after 30 minutes
Comment 1 Ravi Sankar 2016-03-28 21:39:50 UTC 
Fixed in https://github.com/openshift/online/pull/74
Comment 2 weiwei jiang 2016-03-30 07:01:24 UTC 
Checked with the latest apply-dedicated-roles.py ,dedicated-cluster-admin.json , dedicated-project-admin.json
And the issue has been fixed.