1508582 – non-admin users aren't able to update ServiceInstances

Bug 1508582 - non-admin users aren't able to update ServiceInstances

Summary: non-admin users aren't able to update ServiceInstances

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Service Broker
Sub Component:
Version:	3.7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	3.7.0
Assignee:	Jeff Peeler
QA Contact:	Qixuan Wang
Docs Contact:
URL:
Whiteboard:
Depends On:	1507617
Blocks:
TreeView+	depends on / blocked

Reported:	2017-11-01 17:55 UTC by Jeff Peeler
Modified:	2017-11-28 22:20 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: RBAC rules were missing for ServiceInstances for non-admin users. Consequence: Users could not update ServiceInstances. Fix: Add RBAC rule to allow ServiceInstance patch. Result: This allows users to update ServiceInstances.
Clone Of:
Environment:
Last Closed:	2017-11-28 22:20:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:3188	0	normal	SHIPPED_LIVE	Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update	2017-11-29 02:34:54 UTC

Description Jeff Peeler 2017-11-01 17:55:47 UTC

This is the "oc cluster up" portion of bug #1507598.

Comment 1 Jeff Peeler 2017-11-01 17:56:27 UTC

https://github.com/openshift/origin/pull/17134

Comment 3 Qixuan Wang 2017-11-08 05:45:34 UTC

“oc cluster up” can establish service catalog. However, ansible service broker need template (https://raw.githubusercontent.com/openshift/ansible-service-broker/master/templates/deploy-ansible-service-broker.template.yaml) to start, it's blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1507617, so defer verifying.

Comment 4 Qixuan Wang 2017-11-09 11:31:00 UTC

Tested on OCP (openshift v3.7.0-0.198.0, kubernetes v1.7.6+a08f5eeb62, etcd 3.2.8, ose-service-catalog:v3.7.0), the bug has been fixed, thanks.


Here is the test result:
[root@host-172-16-120-99 ~]# oc whoami
qwang

[root@host-172-16-120-99 ~]# oc get serviceinstance dh-rhscl-postgresql-apb-7z927 -o yaml | grep Plan
  clusterServicePlanExternalName: dev
  clusterServicePlanRef:
    clusterServicePlanExternalID: 9f90a44d8181941768273a684de50de5
    clusterServicePlanExternalName: dev

Update plan: dev->prod

[root@host-172-16-120-99 ~]# oc edit serviceinstance dh-rhscl-postgresql-apb-7z927
serviceinstance "dh-rhscl-postgresql-apb-7z927" edited

[root@host-172-16-120-99 ~]# oc get serviceinstance dh-rhscl-postgresql-apb-7z927 -o yaml | grep Plan
  clusterServicePlanExternalName: prod
  clusterServicePlanRef:
    clusterServicePlanExternalID: b2dfdcfa094694aa7377a1c69b3100a6
    clusterServicePlanExternalName: prod

Comment 7 errata-xmlrpc 2017-11-28 22:20:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.