Hide Forgot
Description of problem: Still can docker build or custom build in Online env. Version-Release number of selected component (if applicable): 3.2 Online openshift v3.2.0.6 kubernetes v1.2.0-36-g4a3f9c5 etcd 2.2. How reproducible: always Steps to Reproduce: 1. Do docker/custom build after log into Online env 2. 3. Actual results: Docker/custom build is successful. Expected results: Cannot docker/custom build in Online env Additional info:
This should not have been a problem assuming the two issues below have been configured correctly. I'll verify the configuration on INT tomorrow. https://github.com/openshift/online/issues/65 https://github.com/openshift/online/issues/63
Dan: Can you please take a look?
I believe the issue is project owners are getting bound to the /admin role rather than /openshift-online:admin: https://github.com/openshift/online/blob/master/config/project-request.json#L116-L136 Will verify a fix and open a PR.
Fixed by https://github.com/openshift/online/pull/88.
QE Will verify when the pr is merged into Online env.
The fix is merged and deployed to INT, feel free to test.
Have checked on dev-preview-int, still haven't see the fix.
(In reply to Wenjing Zheng from comment #7) > Have checked on dev-preview-int, still haven't see the fix. Can you please give more detail about which user is affected? I forgot to mention when I fixed the bug that existing accounts will still have the incorrect roles and only NEW users will have the corrected roles. Please make sure to test with a new user, and if the problem persists, let me know which username has the escalated privileges. Thanks!
Yes, if using new created account, docker/custom build is forbidden. But how to make the existing accounts to have correct roles?
(In reply to Wenjing Zheng from comment #9) > Yes, if using new created account, docker/custom build is forbidden. But how > to make the existing accounts to have correct roles? We're not going to update the existing accounts- they'll need deleted and recreated.
Thanks, Dan! Per comment #9, verify this bug now.
why didn't we change the default role permissions instead of creating a new role?