Bug 2022175

Summary:	No data return when checking existing rolebinding information on RoleBindinds page
Product:	OpenShift Container Platform	Reporter:	Xiyun Zhao <xiyuzhao>
Component:	Management Console	Assignee:	Cyril <cajieh>
Status:	CLOSED DUPLICATE	QA Contact:	Yadan Pei <yapei>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	4.9	CC:	aos-bugs, jokerman
Target Milestone:	---
Target Release:	4.10.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-12-07 13:48:11 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Xiyun Zhao 2021-11-11 01:14:44 UTC

Description of problem:
When user tries to check existing Binding information on RoleBindings tab on 'User details' page, 'No RoleBindins found' is always returned even there are some rolebindings subjected to the user

Version-Release number of selected component (if applicable):
4.10.0-0.nightly-2021-11-04-001635

How reproducible:
Always

Steps to Reproduce:
1. Login OCP as administrator
2. Create a Cluster RoleBindings, and add basic-user role to a user (testuser-3) 
   $oc adm policy add-role-to-user basic-user testuser-3
   $oc describe rolebindings basic-user
   Name:         basic-user
   Labels:       <none>
   Annotations:  <none>
   Role:
     Kind:  ClusterRole
     Name:  basic-user
   Subjects:
     Kind  Name        Namespace
     ----  ----        ---------
     User  testuser-3
   $oc create -f testrole.yaml
   $cat testrole.yaml
     kind: ClusterRoleBinding
     apiVersion: rbac.authorization.k8s.io/v1
     metadata:
       name: testrole
     subjects:
       - kind: User
         apiGroup: rbac.authorization.k8s.io
         name: testuser-3
     roleRef:
       apiGroup: rbac.authorization.k8s.io
       kind: ClusterRole
       name: admin
   $oc describe clusterrolebindings testrole
    Name:         testrole
    Labels:       <none>
    Annotations:  <none>
    Role:
      Kind:  ClusterRole
      Name:  admin
    Subjects:
      Kind  Name        Namespace
      ----  ----        ---------
      User  testuser-3
3. Re-login OCP as testuser-3, navigate to User-management - RoleBindings page on administrator perspective
4. Verify if user is able to check Roblebindins details 
5. Re-login OCP as administrator, navigate User-Management -> Users page
6. Check the user details of testuser-3, navigate to Rolebindings page
7. Verify if the created test role is listed on RoleBindings page   

Actual results:
4. An Error message "clusterrolebindings.rbac.authorization.k8s.io "testrole" is forbidden: User "testuser-3" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope" is shown on the page
7. The created role bindings 'testrole' cannot be found on the Rolebindings tab on 'User details' page.
   An error message would be found on Console of developer tools of browse as below shown:
main-chunk-8ed6d19deafe22537a06.min.js:1 Error fetching bindable services TypeError: Object(...) is not a function
    at main-chunk-8ed6d19deafe22537a06.min.js:1
    at Generator.next (<anonymous>)
    at main-chunk-8ed6d19deafe22537a06.min.js:1
    at new Promise (<anonymous>)
    at o (main-chunk-8ed6d19deafe22537a06.min.js:1)
    at s (main-chunk-8ed6d19deafe22537a06.min.js:1)
    at Object.<anonymous> (main-chunk-8ed6d19deafe22537a06.min.js:1)
    at r (runtime~main-bundle-d51c0941a313cde24f50.min.js:1)
    at Module.<anonymous> (main-chunk-8ed6d19deafe22537a06.min.js:1)
    at r (runtime~main-bundle-d51c0941a313cde24f50.min.js:1)
(anonymous) @ main-chunk-8ed6d19deafe22537a06.min.js:1
32WebSocket connection to '<URL>' failed: WebSocket is closed before the connection is established.
main-chunk-8ed6d19deafe22537a06.min.js:1 Attempting to get Kubernetes object model using string kind: RoleBinding, which is not guaranteed to be unique!
l @ main-chunk-8ed6d19deafe22537a06.min.js:1
main-chunk-8ed6d19deafe22537a06.min.js:1 Attempting to get Kubernetes object model using string kind: ServiceAccount, which is not guaranteed to be unique!
l @ main-chunk-8ed6d19deafe22537a06.min.js:1Attempting to get Kubernetes object model using string kind: ClusterRoleBinding, which is not guaranteed to be unique!

Expected results:
4,7. User is able to check the subject of Rolebindings correctly

Additional info:
This bug request to backport to OCP4.9

Comment 1 Jakub Hadvig 2021-11-11 11:30:01 UTC

Setting for Version 4.9 since a backport for that version will be required.

Comment 2 Cyril 2021-12-07 13:48:11 UTC

xiyuzhao This bug is fixed in PR - https://github.com/openshift/console/pull/10587 .
Marking as duplicate. Please test in the latest Cluster version and let me know if you have any concerns.

*** This bug has been marked as a duplicate of bug 2025903 ***