Description of problem: one error message will show 'error: rolebinding "router-third-role" already exists' if the related role already exist when creating router pod. Actually, The error message should not use 'rolebinding' since cannot get that role via 'oc get rolebinding'. should update this keyword to 'clusterrolebinding' Version-Release number of selected component (if applicable): # openshift version openshift v3.2.0.11 kubernetes v1.2.0-36-g4a3f9c5 etcd 2.2.5 How reproducible: always Steps to Reproduce: 1. Create router with name 'first' 2. Delete router dc/first and service 'first' 3. Create router again with name 'first' Actual results: step 3 an error message will show: error: rolebinding "router-first-role" already exists Expected results: the error message should be : error: clusterrolebindings "router-first-role" already exists. Additional info:
oc get rolebinding is supported now: # oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin ...
yes, but oc get rolebinding cannot show the related info # oc get rolebinding |grep -i router-first-role #return nothing. ********************************************* # oc get clusterrolebindings |grep -i router-first-role router-first-role /system:router default/router
The problem does not have to do with the router specifically but with the delegation of clusterrolebinding actions to rolebinding (under the hood). [root@localhost ~]# oc get clusterrolebindings doesnotexist Error from server: rolebinding "doesnotexist" not found [root@localhost ~]# oc delete clusterrolebindings doesnotexist Error from server: rolebinding "doesnotexist" not found and so forth This happens because when a user attempts to create/access clusterrolebinding objects objects get converted to rolebinding objects and when errors occur the hardcoded error returned from the rolebinding functions propagate up unchanged.
Posted: https://github.com/openshift/origin/pull/11099
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/a1a5cdd9d5e7715a2c1eb825fc4a797ee767601d fix error messages for clusterrolebinding when accessing clusterrolebindings, on an error the system currently displays the type erroneously as rolebinding by adding the type to the struct makes it easy to return the correct type fixes bug 1323997 changelog - pass unversioned.GroupResource to create instead of a string - fix error messages for role/clusterrole as well - fix gofmt error - changed some types in the testing functions to the correct types
This has been merged into ose and is in OSE v3.4.0.16 or newer.
verified this bug on # openshift version openshift v3.4.0.37+3b76456-1 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0 oadm router first info: password for stats user admin has been set to 18ezc65RbX --> Creating router first ... warning: serviceaccounts "router" already exists clusterrolebinding "router-first-role" created deploymentconfig "first" created service "first" created --> Success
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0066