Bug 1633101

Summary: `oc get project name --watch` run by cluster-admin should not print all projects first
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: ocAssignee: Maciej Szulik <maszulik>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: low Docs Contact:
Priority: medium    
Version: 3.11.0CC: aos-bugs, deads, jokerman, mmccomas
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Project list was not properly filtered when watching. Consequence: Invoking watch on a project retured all projects. Fix: Apply proper filtering in the API. Result: Watching projects does not return list of all projects.
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:40:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1800343    

Description Xingxing Xia 2018-09-26 08:11:47 UTC
Description of problem:
`oc get project name --watch` run by cluster-admin should not print all projects first
Resource like `oc get pod name --watch` does not have the issue.

Version-Release number of selected component (if applicable):
v3.11.15

How reproducible:
Always

Steps to Reproduce:
1. Suppose cluster-admin wants to watch an existing project xxia-proj, run:
oc get project xxia-proj --watch


Actual results:
1. It prints all projects first

Expected results:
1. It needs not print all projects, because I only want to watch one project

Additional info:
Normal user of multiple projects does not has the issue

Comment 1 Juan Vallejo 2018-09-26 22:27:53 UTC
You can work around this issue by getting the namespace instead:

```
oc get namespace xxia-proj --watch
```

Comment 2 Juan Vallejo 2018-09-28 23:21:21 UTC
It appears that when watching events for a single, particular project, as a cluster admin, `watch.Until()` will return events for all other projects in the cluster, despite asking to watch a single, particular project.

I will investigate this further, for now I have a patch that handles this case at the command level [2].

1. https://github.com/kubernetes/kubernetes/blob/master/pkg/kubectl/cmd/get/get.go#L688

2. https://github.com/openshift/origin/pull/21131

Comment 3 Juan Vallejo 2018-10-04 00:02:24 UTC
Updated Origin PR: https://github.com/openshift/origin/pull/21167

Comment 4 openshift-github-bot 2018-10-06 02:52:01 UTC
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/4528aa09b789710b6efcddb6c2994ce4260763e9
fix projects when watching with selector

Bug 1633101

Filters events for projects on membership-change for a user based on a
field or label selector provided by a consumer of project events.

Comment 6 Xingxing Xia 2018-11-02 10:14:06 UTC
Checked in latest 3.11.36, issue still exists. Looks like the code only goes into 4.0? If yes, pls update Target Release and drop bug from above 3.11 advisory. Thanks

Comment 8 Xingxing Xia 2018-11-06 02:56:18 UTC
Tested 4.0.0-0.47.0, the issue is fixed.

Comment 12 errata-xmlrpc 2019-06-04 10:40:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758