Created attachment 1345694 [details]
operations provided from customer, please do not share outside Red hat
Description of problem:
- This is a issue when delete a serviceaccount rolebinding from a project via webUI. An project contains two role binding with same SA name but different namespace such as: pro1/test . pro2/test and binding to same role (etc. view), if i delete one of the two, another one will also be deleted. However delete via oc command is normal.
Version-Release number of selected component (if applicable):
- report the issue in 3.5 from customer and can be repo in 3.6 too.
- refer to below steps
Steps to Reproduce:
1. Login Web UI and Create two projects (etc: pro1 . pro2)
2. Located to "project--resourse--membership--service account"
3. Add two rolebindings to this project (etc: pro1/default->view . pro2/default->view) and click"done editing"
4. Re-edit the setting and delete one of above two and find another one has also been deleted
- delete one any and find another one has also been deleted (etc delete pro1/default then pro2/default will be disappeared too)
- delete one service account role binding should not affect the others
- this issue can be repo no mater what the serviceaccount/role is.
- delete rolebinding via oc command doesn't have this issue:
$oadm policy remove-role-from-user <role> system:serviceaccount:<project>:<serviceaccount>
I can confirm that this issue hits the master as well
PR opened to address this:
Checked on v3.7.0-0.190.0
Delete ServiceAccount rolebinding will not affect each other and issue described is fixed.
Move to VERIFIED
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.