Bug 1284783 - [platformmanagement_public_470]Default value of additive-only for reconcile-cluster-roles should be true
[platformmanagement_public_470]Default value of additive-only for reconcile-c...
Status: NEW
Product: OpenShift Origin
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
3.x
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: David Eads
Wei Sun
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-24 03:51 EST by XiaochuanWang
Modified: 2015-11-24 20:28 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description XiaochuanWang 2015-11-24 03:51:16 EST
Description of problem:
From runs:
$ oadm policy reconcile-cluster-roles --additive-only=true
added verb for a role will preserve, but deleted verbs will be rolled back
$ oadm policy reconcile-cluster-roles --additive-only=false
all change for verbs will be rolled back
$ oadm policy reconcile-cluster-roles --additive-only
the default is same with additive-only=false
Above run is not same with  # oadm policy reconcile-cluster-roles -h
"--additive-only=false: Preserves modified cluster roles."

Version-Release number of selected component (if applicable):
oc v1.1-152-g052a56d
openshift v1.1-152-g052a56d
oadm v1.1-152-g052a56d

How reproducible:
always

Steps to Reproduce:
1. Check help doc for reconcile-cluster-roles --additive-only
oadm policy reconcile-cluster-roles -h -> Got:
  # Display the union of the default and modified cluster roles
  $ oadm policy reconcile-cluster-roles --additive-only
Options:
      --additive-only=false: Preserves modified cluster roles.

2. Create user1 as cluster-admin
oadm policy add-cluster-role-to-user cluster-admin user1

3. Change verbs of clusterrole
oc edit clusterrole basic-users (add some verbs)
oc edit clusterrole edit (delete some verbs)

4. Check verbs info for additive-only=true:
oadm policy reconcile-cluster-role-bindings --additive-only=true
oc describe clusterrolebinding/basic-users -> should preserve added verbs
oc describe clusterrolebinding/edit -> deleted verbs should be back

5. Retry step4 with --additive-only=false
oc describe clusterrolebinding/basic-users -> change should not be preserved
oc describe clusterrolebinding/edit -> change should not be preserved

6. Retry step4 with --additive-only
oc describe clusterrolebinding/basic-users 
oc describe clusterrolebinding/edit 

Actual results:
Step1:  Doc --additive-only=false: Preserves modified cluster roles.
Step6:  Default value (--additive-only) is false which will not preserve the added verbs

Expected results:
Step1:  Doc --additive-only=true: Preserves modified cluster roles.
Step6:  Default value (--additive-only) should be true to preserve the added verbs

Additional info:
Comment 1 David Eads 2015-11-24 08:00:20 EST
It sounds like the code is working correctly, but the help looks confusing.  The help text "Preserves modified cluster roles", is for when the flag is true, but the flag is false by default so it looks confusing.

I'll see if I can think of a better way to represent to describe it.  Since its a help text problem, are you amenable to reducing severity?

Note You need to log in before you can comment on or make changes to this bug.