Bug 1497106

Summary: Admission controller should block creating new Service Credentials for an instance that is in the process of being deleted
Product: OpenShift Container Platform Reporter: Zhang Cheng <chezhang>
Component: Service BrokerAssignee: Jay Boyd <jaboyd>
Status: CLOSED ERRATA QA Contact: Zhang Cheng <chezhang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.7.0CC: aos-bugs, chezhang, jaboyd, wmeng
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-28 22:13:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Jay Boyd 2017-10-17 18:02:33 UTC 
I tried recreating with today's latest build.  It works for me.   

step 4:
$ oc create -f cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml 
Error from server (Forbidden): error when creating "cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml": servicebindings.servicecatalog.k8s.io "ups-binding2" is forbidden: ServiceBindings test-ns/ups-binding2 references an instance that is being deleted: test-ns/ups-instance

Could you verify if you can reproduce this still?

Note that if the ClusterServiceClass referenced by the instance doesn't exist it will prevent the binding from becoming ready and may impact test results.
Comment 3 Jay Boyd 2017-10-19 14:36:38 UTC 
Thanks for the details Zhang Cheng.  I believe the issue is the Ansible installer is out of date for RBAC and Admission Controllers (& other things).  It looks to me like that is being fixed here https://github.com/openshift/openshift-ansible/pull/5746/files#diff-f5c4b4675369f72d180a86be3772fe87R44 as part of  https://bugzilla.redhat.com/show_bug.cgi?id=1496694

I have a feeling that 1496694 will address a lot of problems.

Please retest after https://bugzilla.redhat.com/show_bug.cgi?id=1496694  is merged.
Comment 4 Zhang Cheng 2017-10-27 17:11:16 UTC 
I will retry after https://bugzilla.redhat.com/show_bug.cgi?id=1496426 is merged
Comment 9 errata-xmlrpc 2017-11-28 22:13:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188