Bug 1477955
| Summary: | Creating a rolebinding doesn't find the local role due to missing policybinding | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Erik Bernoth <erik.bernoth> | ||||
| Component: | Unknown | Assignee: | Eric Paris <eparis> | ||||
| Status: | CLOSED DUPLICATE | QA Contact: | Johnny Liu <jialiu> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 3.5.1 | CC: | aos-bugs, jokerman, mmccomas | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-08-03 15:51:02 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
*** This bug has been marked as a duplicate of bug 1477956 *** |
Created attachment 1308676 [details] for reproduction, workaround commented out Description of problem: When creating a SA, (local) Role and a (local) RoleBinding, creation of the RoleBinding fails since it is not able to find the PolicyBinding. Version-Release number of selected component (if applicable): - How reproducible: Create Resources in an empty project. Steps to Reproduce: 1. Switch to fresh project "myproject" with user "system:admin" 2. cat rb.yaml --- apiVersion: v1 kind: ServiceAccount metadata: name: operator --- apiVersion: v1 kind: Role metadata: name: xrole rules: - apiGroups: - "" - "batch" - "api" - "apps" resources: - "pods" - "jobs" - "statefulsets" verbs: - "get" - "list" - "create" - "delete" - "watch" --- apiVersion: v1 kind: RoleBinding metadata: name: xbinding subjects: - kind: ServiceAccount name: operator roleRef: kind: Role name: xrole namespace: myproject userNames: - system:serviceaccount:myproject:operator groupNames: null 3. oc create -f rb.yaml Actual results: serviceaccount "operator" created role "xrole" created Error from server (NotFound): error when creating "rb.yaml": policybinding "myproject:default" not found Expected results: PolicyBinding is generated RoleBinding is created Additional info: It works if the PolicyBinding is created before the RoleBinding: --- apiVersion: v1 kind: PolicyBinding metadata: name: myproject:default policyRef: name: default namespace: myproject roleBindings: null