Bug 1989391
| Summary: | `oc adm groups sync` will generate useless data | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | zhou ying <yinzhou> |
| Component: | oc | Assignee: | Ross Peoples <rpeoples> |
| Status: | CLOSED ERRATA | QA Contact: | zhou ying <yinzhou> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.9 | CC: | aos-bugs, jokerman, mfojtik, rhodain |
| Target Milestone: | --- | ||
| Target Release: | 4.9.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-18 17:43:52 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
can't reproduce the issue now:
[root@localhost ~]# oc adm groups sync --sync-config=/tmp/sync-config-user-defined.yaml -o yaml |oc create -f -
group.user.openshift.io/tc509128group1 created
group.user.openshift.io/tc509128group2 created
group.user.openshift.io/tc509128group3 created
oc adm groups sync --sync-config=/tmp/sync-config-user-defined.yaml -o yaml >/tmp/group.yaml
[root@localhost ~]# cat /tmp/group.yaml
apiVersion: v1
items:
- apiVersion: user.openshift.io/v1
kind: Group
metadata:
annotations:
openshift.io/ldap.sync-time: 2021-08-19T18:57:5100800
openshift.io/ldap.uid: cn=group1,ou=groups,ou=rfc2307,dc=example,dc=com
openshift.io/ldap.url: 127.0.0.1:59738
creationTimestamp: null
labels:
openshift.io/ldap.host: 127.0.0.1
name: tc509128group1
users:
- person1smith
- person2smith
- person3smith
- person4smith
- person5smith
- apiVersion: user.openshift.io/v1
kind: Group
metadata:
annotations:
openshift.io/ldap.sync-time: 2021-08-19T18:57:5100800
openshift.io/ldap.uid: cn=group2,ou=groups,ou=rfc2307,dc=example,dc=com
openshift.io/ldap.url: 127.0.0.1:59738
creationTimestamp: null
labels:
openshift.io/ldap.host: 127.0.0.1
name: tc509128group2
users:
- person1smith
- person2smith
- person3smith
- apiVersion: user.openshift.io/v1
kind: Group
metadata:
annotations:
openshift.io/ldap.sync-time: 2021-08-19T18:57:5100800
openshift.io/ldap.uid: cn=group3,ou=groups,ou=rfc2307,dc=example,dc=com
openshift.io/ldap.url: 127.0.0.1:59738
creationTimestamp: null
labels:
openshift.io/ldap.host: 127.0.0.1
name: tc509128group3
users:
- person1smith
- person5smith
kind: List
metadata: {}
[root@localhost ~]# oc version --client
Client Version: 4.9.0-202108181430.p0.git.ddd7170.assembly.stream-ddd7170
*** Bug 2012766 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759 |
Description of problem: `oc adm groups sync` will generate useless data, like: [root@localhost ~]# oc adm groups sync --sync-config=/tmp/sync-config-user-defined.yaml -o yaml apiVersion: user.openshift.io/v1 items: - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null Version-Release number of selected component (if applicable): [root@localhost ~]# oc version --client Client Version: 4.9.0-0.nightly-2021-07-28-181504 How reproducible: always Steps to Reproduce: 1. Create LDAP server in the cluster ; 2. Try to sync groups from the LDAP server with yaml output format [root@localhost tmp]# cat sync-config-user-defined.yaml kind: LDAPSyncConfig apiVersion: v1 url: ldap://127.0.0.1:59738 <replace with the accurate port> insecure: true groupUIDNameMapping: "cn=group1,ou=groups,ou=rfc2307,dc=example,dc=com": tc509128group1 "cn=group2,ou=groups,ou=rfc2307,dc=example,dc=com": tc509128group2 "cn=group3,ou=groups,ou=rfc2307,dc=example,dc=com": tc509128group3 rfc2307: groupsQuery: baseDN: "ou=groups,ou=rfc2307,dc=example,dc=com" scope: sub derefAliases: never filter: (objectclass=groupOfNames) groupUIDAttribute: dn groupNameAttributes: [ cn ] groupMembershipAttributes: [ member ] usersQuery: baseDN: "ou=people,ou=rfc2307,dc=example,dc=com" scope: sub derefAliases: never userUIDAttribute: dn userNameAttributes: [ mail ] `oc adm groups sync --sync-config=sync-config-user-defined.yaml -o yaml` Actual results: 2. The output contain useless data and will cause the following error when use the data by `oc apply`. [root@localhost ~]# oc adm groups sync --sync-config=/tmp/sync-config-user-defined.yaml -o yaml apiVersion: user.openshift.io/v1 items: - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-08-03T11:10:5000800 openshift.io/ldap.uid: cn=group1,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:53586 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group1 users: - person1smith - person2smith - person3smith - person4smith - person5smith - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-08-03T11:10:5000800 openshift.io/ldap.uid: cn=group2,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:53586 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group2 users: - person1smith - person2smith - person3smith - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-08-03T11:10:5000800 openshift.io/ldap.uid: cn=group3,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:53586 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group3 users: - person1smith - person5smith kind: GroupList metadata: {} [root@localhost ~]# oc adm groups sync --sync-config=/tmp/sync-config-user-defined.yaml -o yaml >/tmp/groups.yaml [root@localhost ~]# oc apply -f /tmp/groups.yaml group.user.openshift.io/tc509128group1 created group.user.openshift.io/tc509128group2 created group.user.openshift.io/tc509128group3 created resource name may not be empty resource name may not be empty resource name may not be empty Expected results: 2. No useless data : - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null Additional info: Also could reproduce with oc4.8