1497106 – Admission controller should block creating new Service Credentials for an instance that is in the process of being deleted

Bug 1497106 - Admission controller should block creating new Service Credentials for an instance that is in the process of being deleted

Summary: Admission controller should block creating new Service Credentials for an ins...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker
Sub Component:
Version:	3.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.7.0
Assignee:	Jay Boyd
QA Contact:	Zhang Cheng
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-29 08:27 UTC by Zhang Cheng
Modified:	2017-11-28 22:13 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:	undefined
Clone Of:
Environment:
Last Closed:	2017-11-28 22:13:46 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	0	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-29 02:34:54 UTC

Comment 1 Jay Boyd 2017-10-17 18:02:33 UTC

I tried recreating with today's latest build.  It works for me.   

step 4:
$ oc create -f cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml 
Error from server (Forbidden): error when creating "cmd/service-catalog/go/src/github.com/kubernetes-incubator/service-catalog/contrib/examples/walkthrough/ups-binding2.yaml": servicebindings.servicecatalog.k8s.io "ups-binding2" is forbidden: ServiceBindings test-ns/ups-binding2 references an instance that is being deleted: test-ns/ups-instance

Could you verify if you can reproduce this still?

Note that if the ClusterServiceClass referenced by the instance doesn't exist it will prevent the binding from becoming ready and may impact test results.

Comment 3 Jay Boyd 2017-10-19 14:36:38 UTC

Thanks for the details Zhang Cheng.  I believe the issue is the Ansible installer is out of date for RBAC and Admission Controllers (& other things).  It looks to me like that is being fixed here https://github.com/openshift/openshift-ansible/pull/5746/files#diff-f5c4b4675369f72d180a86be3772fe87R44 as part of  https://bugzilla.redhat.com/show_bug.cgi?id=1496694

I have a feeling that 1496694 will address a lot of problems.

Please retest after https://bugzilla.redhat.com/show_bug.cgi?id=1496694  is merged.

Comment 4 Zhang Cheng 2017-10-27 17:11:16 UTC

I will retry after https://bugzilla.redhat.com/show_bug.cgi?id=1496426 is merged

Comment 9 errata-xmlrpc 2017-11-28 22:13:46 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.