Bug 1424598
| Summary: | Dedicated-admins cannot see projects with rolebinding admin role removed. | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Max Whittingham <mwhittin> |
| Component: | apiserver-auth | Assignee: | Abhishek Gupta <abhgupta> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chuan Yu <chuyu> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.3.1 | CC: | abhgupta, aos-bugs, erjones, mwhittin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-02-21 22:55:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Max Whittingham
2017-02-17 18:24:35 UTC
There is supposed to be a controller that ensures dedicated admins continuously have permissions in all appropriate projects That is correct - the dedicated admin service will recreate that rolebinding at its sync interval of 30 minutes. Is that not working? This did resolve the issue. Is this a part of the atomic-openshift-master-controllers service? If not, can we get a little more details about it? Its part of openshift-dedicated-role.service This is the service that is responsible for creating the roles and making sure that it is assigned to the cluster role as well as the project role for each user project. Eric: Once verified that your requirements are satisfied, please close this bug. That makes sense. Thanks Abhishek! |