Bug 1536340
| Summary: | [DOCS] cluster-admins can modify route via CLI | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | wangzhida <zhiwang> | |
| Component: | Documentation | Assignee: | brice <bfallonf> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Meng Bo <bmeng> | |
| Severity: | urgent | Docs Contact: | Vikram Goyal <vigoyal> | |
| Priority: | unspecified | |||
| Version: | 3.6.0 | CC: | aos-bugs, bbennett, jialiu, jokerman, mmasters, mmccomas, xtian, zhiwang | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1540783 (view as bug list) | Environment: | ||
| Last Closed: | 2018-02-19 04:00:16 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
|
Description
wangzhida
2018-01-19 07:56:55 UTC
It is correct that a cluster administrator is able to modify the host name on an existing route. This is because the ability to modify a route's host name is conferred by having access to the "update" verb on the "routes/custom-host" resource (added in 3.6: <https://github.com/openshift/origin/pull/13905>; thanks Ben for pointing this out!), and the cluster-admin role grants "update" access to all resources. This is therefore an error in the documentation, and so I am re-assigning this report to the "Documentation" component. I have made a PR to change the documentation to state explicitly that the cluster administrator can edit the host name on an existing route, and also to document how to grant other users the same ability. PR: https://github.com/openshift/openshift-docs/pull/7398 (In reply to Miciah Dashiel Butler Masters from comment #2) > It is correct that a cluster administrator is able to modify the host name > on an existing route. This is because the ability to modify a route's host > name is conferred by having access to the "update" verb on the > "routes/custom-host" resource (added in 3.6: > <https://github.com/openshift/origin/pull/13905>; thanks Ben for pointing > this out!), and the cluster-admin role grants "update" access to all > resources. > > This is therefore an error in the documentation, and so I am re-assigning > this report to the "Documentation" component. > > I have made a PR to change the documentation to state explicitly that the > cluster administrator can edit the host name on an existing route, and also > to document how to grant other users the same ability. > > PR: https://github.com/openshift/openshift-docs/pull/7398 Hi, thank you for your feedback, but I still have only one question: why we can't modify hostname from Web Console ? even through i login with cluster-admin user. Looking forward to your reply, thank you. Regards Wangzhida Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/4e7bc64dc24e481e94109819305b06421d0dc898 managing_networking: Document routes/custom-host Change the heading "Disabling Host Name Collision Prevention For Ingress Objects" read "Routes and Ingress Objects" because the section discusses both routes and ingresses. Reorder the text to first state what host name collision prevention is, then its purpose, and then how to disable it. Explicitly state that the cluster administrator can edit the host name on an existing route. Document how to disable host name collision prevention for routes. Add a "WARNING" marker to the text that explains about host name hijacking. This commit fixes bug 1536340. https://bugzilla.redhat.com/show_bug.cgi?id=1536340 Sorry, Zhida, I missed what you said in comment 3 till Brice pointed it out to me. I tried to reproduce the problem you reported. It looks like the management console reports a successful update but silently drops all edits to the route host. I reported the exact behavior that I saw as bug 1540783. Can you confirm that this is the same problem that you saw? (In reply to Miciah Dashiel Butler Masters from comment #5) > Sorry, Zhida, I missed what you said in comment 3 till Brice pointed it out > to me. I tried to reproduce the problem you reported. It looks like the > management console reports a successful update but silently drops all edits > to the route host. I reported the exact behavior that I saw as bug 1540783. > Can you confirm that this is the same problem that you saw? Hi, When I login Mgt Console using cluster-admin , point to "route" and click "edit" the page will always show: "The hostname can't be changed after the route is created " and I can't modify the blank of "hostname". However I just found if I use "edit YAML" I can successfully update the hostname , this is match the result when using $oc edit route. As a compare, the regular users will get below error on the top of the page when edit YAML Failed to process the resource. Reason: Route "xxxxxx" is invalid: spec.host: Invalid value: "xxxxxx.cloudapp.example.com": field is immutable My env: OCP3.6 Thanks. The docs PR above has merged, so I'm going to close this BZ. Feel free to continue the conversation, here or in 1540783. If there's anything more for this, please let me know and we can do a followup PR for the docs. Here's a link to the released docs: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html-single/cluster_administration/#admin-guide-disabling-hostname-collision |