Bug 1497106 – Admission controller should block creating new Service Credentials for an instance that is in the process of being deleted

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1497106 - Admission controller should block creating new Service Credentials for an instance that is in the process of being deleted

Summary:	Admission controller should block creating new Service Credentials for an ins...

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker (Show other bugs)
Sub Component:
Version:	3.7.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	3.7.0
Assigned To:	Jay Boyd
QA Contact:	Zhang Cheng
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2017-09-29 04:27 EDT by Zhang Cheng
Modified:	2017-11-28 17:13 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Story Points:	---
Clone Of:
Environment:
Last Closed:	2017-11-28 17:13:46 EST
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-28 21:34:54 EST

Groups: None (edit)

Comment 1 Jay Boyd 2017-10-17 14:02:33 EDT

I tried recreating with today's latest build.  It works for me.   

step 4:
$ oc create -f cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml 
Error from server (Forbidden): error when creating "cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml": servicebindings.servicecatalog.k8s.io "ups-binding2" is forbidden: ServiceBindings test-ns/ups-binding2 references an instance that is being deleted: test-ns/ups-instance

Could you verify if you can reproduce this still?

Note that if the ClusterServiceClass referenced by the instance doesn't exist it will prevent the binding from becoming ready and may impact test results.

Comment 3 Jay Boyd 2017-10-19 10:36:38 EDT

Thanks for the details Zhang Cheng.  I believe the issue is the Ansible installer is out of date for RBAC and Admission Controllers (& other things).  It looks to me like that is being fixed here https://github.com/openshift/openshift-ansible/pull/5746/files#diff-f5c4b4675369f72d180a86be3772fe87R44 as part of  https://bugzilla.redhat.com/show_bug.cgi?id=1496694

I have a feeling that 1496694 will address a lot of problems.

Please retest after https://bugzilla.redhat.com/show_bug.cgi?id=1496694  is merged.

Comment 4 Zhang Cheng 2017-10-27 13:11:16 EDT

I will retry after https://bugzilla.redhat.com/show_bug.cgi?id=1496426 is merged

Comment 9 errata-xmlrpc 2017-11-28 17:13:46 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.