Bug 1381611
Summary: | oadm diagnostics shows extra permissions as a warning not an info | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Eric Jones <erjones> |
Component: | oc | Assignee: | Luke Meyer <lmeyer> |
Status: | CLOSED ERRATA | QA Contact: | Xia Zhao <xiazhao> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 3.3.0 | CC: | aos-bugs, jliggitt, jokerman, mmccomas, tdawson, xiazhao |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: |
undefined
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-04-12 19:07:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eric Jones
2016-10-04 14:39:39 UTC
the "extra permissions" messages should be at info level, and include the --additive-only=false flag in the recommended command to run (though they should also note that they should ensure they don't need the extra permissions before they remove them) Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/ebceafede31cbec87caabe93be0b9ee6e72e7062 diagnostics: make cluster role warning info, modify text bug 1381611 https://bugzilla.redhat.com/show_bug.cgi?id=1381611 This commit was merged into the origin 1.5 code, marking this as 3.5.0 target. This has been merged into ocp and is in OCP v3.5.0.7 or newer. Verified on # openshift version openshift v3.5.0.7+390ef18 kubernetes v1.5.2+43a9be4 etcd 3.1.0-rc.0 it's fixed: [Note] Running diagnostic: ClusterRoleBindings Description: Check that the default ClusterRoleBindings are present and contain the expected subjects Info: clusterrolebinding/cluster-readers has more subjects than expected. Use the `oadm policy reconcile-cluster-role-bindings` command to update the role binding to remove extra subjects. Info: clusterrolebinding/cluster-readers has extra subject {ServiceAccount management-infra management-admin }. Info: clusterrolebinding/self-provisioners has more subjects than expected. Use the `oadm policy reconcile-cluster-role-bindings` command to update the role binding to remove extra subjects. Info: clusterrolebinding/self-provisioners has extra subject {ServiceAccount management-infra management-admin }. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0884 |