Bug 1802719

Summary: oc adm groups sync return code
Product: OpenShift Container Platform Reporter: Jaspreet Kaur <jkaur>
Component: ocAssignee: Sally <somalley>
Status: CLOSED ERRATA QA Contact: pmali
Severity: medium Docs Contact:
Priority: medium    
Version: 4.2.0CC: aos-bugs, eparis, jokerman, mfojtik, pmali, slaznick, somalley
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1838838 (view as bug list) Environment:
Last Closed: 2020-07-13 17:15:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1838838    

Description Jaspreet Kaur 2020-02-13 18:40:17 UTC 
Description of problem: When calling ' oc adm groups sync' it reports that some groups are outside the group base, which is true, but intended. However, the utility returns an error code '1' in this case, which will lead to failed cron jobs. 

when running the command, it returns an error code:

#  oc adm groups sync --sync-config=augmented_active_directory_config.yaml --confirm=false >sync_output 2>&1
# echo $?

When looking at the output, there is no other error then the on 'group outside the base dn'

# grep Error sync_output  | grep -c -v 'outside of the base'
0



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results: It returns a postive error code


Expected results: Should not return any errors


Additional info:
Comment 2 Maciej Szulik 2020-02-18 11:28:00 UTC 
This seems like minor annoyance that will be fixed in the next release. 

Sally, we should identify the place where this error happens and make it not error.
Comment 3 Standa Laznicka 2020-05-11 13:32:49 UTC 
Your use-case looks wrong. Why don't you broaden the DN of the group tree if you want groups that are outside your current tree? If it's because there's more groups than you'd like to sync, use whitelisting/blacklisting.
Comment 4 Standa Laznicka 2020-05-12 07:55:51 UTC 
You don't want to do that, you just want that the sync to pass, I misunderstood.
Comment 7 Sally 2020-05-21 14:23:14 UTC 
The openshift/oc pull 405 does not fully resolve this issue, I'm moving back to modified while I open a follow-up PR.
Comment 8 Sally 2020-05-21 20:57:56 UTC 
Actually, @pmali the PR linked to this report (https://github.com/openshift/oc/pull/405) resolves this bug, please move back to ON_QA and verify.  I'll clone/open a new bz for follow-up work - The follow-up is for RFC 2307 instead of Active Directory. Thanks
Comment 12 errata-xmlrpc 2020-07-13 17:15:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409
Comment 13 Red Hat Bugzilla 2023-09-14 05:52:27 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days