Bug 1906618

Summary: New Bucket Claim in pending state
Product: [Red Hat Storage] Red Hat OpenShift Container Storage Reporter: Brett Johnson <brejohns>
Component: Multi-Cloud Object GatewayAssignee: Nimrod Becker <nbecker>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Raz Tamir <ratamir>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.6CC: assingh, belimele, etamir, jthottan, madam, muagarwa, ocs-bugs, pbalogh, wdovey
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-10 22:32:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brett Johnson 2020-12-10 23:18:49 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

OCS deployed via the operator on OCP 4.6 was unable to create ObjectBucketClaims due to permission issues. New OBC's would stay in a pending state indefinitely.

While troubleshooting, I found that running `nooba-operator` status and list commands from the nooba-operator pod return permission errors.

Testing:
Run commands from terminal
oc -n openshift-storage exec -it noobaa-operator-<ID> -- sh
noobaa-operator status
noobaa-operator bucket list
noobaa-operator obc list
	Expected Results
No errors in stdout
	Actual Results
Stdout partially returns the result and finishes at a ‘panic’ due to Forbidden permission denied.


I no longer have access to the environment that is issue occurred.

Version of all relevant components (if applicable): 
Nooba


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)? 
Yes, unable to use Object bucket functionality in RHCOS


Is there any workaround available to the best of your knowledge? 
I was able to resolve the issue by changing `subjects[0].namespace` from 'nooba' to 'openshift-storage' the `noobaa.noobaa.io` cluster role binding.

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes - Create an OBC

If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1. Deploy OBS on OCP 4.6 and configure for bucket storage
2. Create new OBC in a non openshift-storage namespace
3.


Actual results:
OBC stays in a pending state.

Expected results:
OBC, OB and Secret are created in specified namespace

Additional info:
Comment 2 Petr Balogh 2020-12-11 09:21:56 UTC 
What platform is it? AWS/vSphere or any other?

Can you please provide the must gather logs?

Thanks
Comment 3 Brett Johnson 2020-12-16 04:02:49 UTC 
This was on a vSphere platform.

I'm not able to gather logs as I cannot access the environment anymore
Comment 4 Petr Balogh 2020-12-16 12:04:54 UTC 
If it's reproducible can you please reproduce and collect and attach the must gather logs?

I think that without this no one will actually know what is happening on your cluster.

I don't remember we hit such issues in our regression runs for OCS 4.6 so curious what can be the case here.

Thanks
Comment 6 Brett Johnson 2021-01-10 22:32:21 UTC 
Fair points on not being able to provide logs. 

I'm going to close the ticket as I cannot access the environment anymore.