Bug 1684036

Summary: secret name and clusterrole name for asb are not the same with v3.11
Product: OpenShift Container Platform Reporter: Zihan Tang <zitang>
Component: Service BrokerAssignee: Shawn Hurley <shurley>
Status: CLOSED NOTABUG QA Contact: Zhang Cheng <chezhang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.1.0CC: aos-bugs
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-04 21:29:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Zihan Tang 2019-02-28 09:59:29 UTC 
Description of problem:
Using operator to install ASB, the secret name and ASB access clusterrole are different from v3.11.
secret should be name with asb* prefix like
asb-client                 
asb-client-dockercfg*

clusterrole should be named with asb* prefix like:
asb-access
asb-user-access


Version-Release number of selected component (if applicable):
ASB operator: 
docker.io/automationbroker/automation-broker-operator:v4.0
ASB version : 1.4.4

How reproducible:
awlays

Steps to Reproduce:
1. install asb from markertplace&OLM
2. check secret in ASB namespace
3. check asb clusterrole

Actual results:
2.
in 4.0
$ oc get secret
NAME                                            TYPE                                  DATA   AGE
ansible-service-broker-client                   kubernetes.io/service-account-token   3      27h
ansible-service-broker-client-dockercfg-785jq   kubernetes.io/dockercfg               1      27h
ansible-service-broker-client-token-n7f9c       kubernetes.io/service-account-token   3      27h
ansible-service-broker-client-token-qxmxp       kubernetes.io/service-account-token   3      27h
ansible-service-broker-dockercfg-wg6h5          kubernetes.io/dockercfg               1      27h
ansible-service-broker-tls                      kubernetes.io/tls                     2      27h
ansible-service-broker-token-7tmvf              kubernetes.io/service-account-token   3      27h
ansible-service-broker-token-j2bzh              kubernetes.io/service-account-token   3      27h

3. 
in 4.0
oc get clusterrole | grep ansible
access-ansible-service-broker-openshift-ansible-service-broker-role    27h
ansible-service-broker-openshift-ansible-service-broker                27h
ansible-service-broker-openshift-ansible-service-broker-user-auth      27h

Expected results:
in 3.11 secret are named with asb* prefix. should be keep the same in v4.0
# oc get secret
NAME                         TYPE                                  DATA      AGE
asb-client                   kubernetes.io/service-account-token   4         1h
asb-client-dockercfg-l95cq   kubernetes.io/dockercfg               1         1h
asb-client-token-7ndmj       kubernetes.io/service-account-token   4         1h
asb-client-token-ml9w2       kubernetes.io/service-account-token   4         1h
asb-dockercfg-kw6x2          kubernetes.io/dockercfg               1         1h
asb-registry-auth            Opaque                                2         1h

clusterrole should be named with asb* prefix
in 3.11
# oc get clusterrole | grep asb
asb-access
asb-auth
asb-user-access

Additional info:
Comment 1 Shawn Hurley 2019-03-04 21:29:22 UTC 
The Operator had to change the names of how this was installed because the operator can install more than one broker. The name has to be namespaced and named with the name of the CR to ensure successful reconcile's. This is a change that was by design and was needed for the operator to behave correctly.