Bug 1493702 - Service accounts added with oc create service accound show up under System Users
Summary: Service accounts added with oc create service accound show up under System Users
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.5.1
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: ---
Assignee: Samuel Padgett
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-20 17:44 UTC by emahoney
Modified: 2020-12-14 10:09 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-10-03 14:42:50 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description emahoney 2017-09-20 17:44:02 UTC
Description of problem:

If this procedure is followed, the service account will show up under System Users:

~~~
$ oc create serviceaccount bogus
serviceaccount "bogus" created
$ oc policy add-role-to-user edit system:serviceaccounts:learn-stage:bogus
role "edit" added: "system:serviceaccounts:learn-stage:bogus"
$ oc export serviceaccount bogus -o json
{
    "kind": "ServiceAccount",
    "apiVersion": "v1",
    "metadata": {
        "name": "bogus",
        "creationTimestamp": null
    }
}
~~~

If instead use oc create -f to create the service account, the account will show up under Service Accounts. 

~~~
$ oc create -f bogus.ServiceAccount.json  <= Using the json above
serviceaccount "bogus" created
$ oc policy add-role-to-user edit system:serviceaccount:learn-stage:bogus
role "edit" added: "system:serviceaccount:learn-stage:bogus"
~~~


Version-Release number of selected component (if applicable):
atomic-openshift-3.5.5.31-1.git.0.b6f55a2.el7.x86_64        Wed Aug  2 15:53:13 2017


How reproducible:I was not able to reproduce this in my 3.5.5.31.19-1 environment. So perhaps this has been fixed. 


Steps to Reproduce:
1.na
2.
3.

Actual results: Service account ends up under User Accounts in the Openshift console.


Expected results: Service accounts should end up under Service Accounts in the Openshift console. 


Additional info:

Comment 1 Samuel Padgett 2017-09-21 20:21:26 UTC
It looks like there's a typo in the command:

oc policy add-role-to-user edit system:serviceaccounts:learn-stage:bogus

It should be `serviceaccount`, singular.

oc policy add-role-to-user edit system:serviceaccount:learn-stage:bogus

Can you try with the updated command to see if it fixes the problem?

See the admin guide here: https://docs.openshift.com/container-platform/3.5/admin_guide/service_accounts.html

Comment 2 emahoney 2017-10-03 14:42:50 UTC
This can be closed. I have opened a docs bug to fix this typo.

-mahoney


Note You need to log in before you can comment on or make changes to this bug.