Description of problem: On registry console, add role to service account, e.g. system:serviceaccount:xxia-proj:default, it will prompt 'member name contains invalid characters'. It should support service account. Version-Release number of selected component (if applicable): cockpit 154 How reproducible: Always Steps to Reproduce: 1. On registry console, create project. Click nav menu 'Projects', select the project, click 'Add Member'. 2. In the dialogue, input system:serviceaccount:xxia-proj-2:default and select role Pull, click 'Add' Actual results: 2. It prompts: The member name contains invalid characters. Only letters, numbers, spaces and the following symbols are allowed: , = @ . _ Expected results: 2. It should support adding service account Additional info:
Upstream PR to fix this: https://github.com/cockpit-project/cockpit/pull/9033
Setting a tentative target release. Xingxing or anyone else, please adjust as you see fit.
Checked the latest registry console in OCP 3.10 env, issue still exists. The env uses below image as registry console: registry.reg...com:443/openshift3/registry-console v3.10 eaca67e14beb 11 hours ago 243 MB # oc rsh registry-console-1-phbmc rpm -qa | grep "cockpit" cockpit-ws-155-1.el7.x86_64 cockpit-dashboard-165-3.el7.x86_64 cockpit-system-155-1.el7.noarch cockpit-bridge-155-1.el7.x86_64 cockpit-kubernetes-155-1.el7.x86_64 Martin, looks like the fix does not yet land in latest registry-console image, which version will it land in?
@Xingxing: The fix is in upstream release 167.
Checked on OCP v3.10.12, the bug still exists. Here are the related info about registry console: # docker images|grep registry-console registry.reg-aws.openshift.com:443/openshift3/registry-console v3.10 21a0d79b97e6 9 hours ago 255 MB # oc rsh registry-console-1-v9c5f rpm -qa|grep cockpit cockpit-bridge-155-1.el7.x86_64 cockpit-kubernetes-155-1.el7.x86_64 cockpit-ws-155-1.el7.x86_64 cockpit-dashboard-169-1.el7.x86_64 cockpit-system-155-1.el7.noarch # rpm -qa|grep cockpit cockpit-system-169-1.el7.noarch cockpit-docker-169-1.el7.x86_64 cockpit-bridge-169-1.el7.x86_64 cockpit-ostree-169-1.el7.x86_64 @Martin, the packages versions vary from 155 to 169, which cockpit package exactly has relation to the bug? If non of above packages contains the fix, could you pls ask someone to prepare an ocp build containing the cockpit fix.
@Yanping: The fix is in cockpit-kubernetes. You need version 167 or later, you have 155.
Checked on OCP v3.10.18, the bug still exists, and cockpit packages are still old versions. # oc rsh registry-console-1-45qmh rpm -qa|grep cockpit cockpit-ws-154-3.el7.x86_64 cockpit-dashboard-169-1.el7.x86_64 cockpit-system-154-3.el7.noarch cockpit-bridge-154-3.el7.x86_64 cockpit-kubernetes-155-1.el7.x86_64 Samuel, Could we remove this bug from advisory 33464? since no build contains the fix.
The 3.10.14 going to ship in 33464 don't include cockpit-kubernetes >=167, we can't verify it now and need drop this bug from the advisory
1. Create project "yapei-test" 2. Projects -> Add Member -> Add Pull role to serviceaccount system:serviceaccount:yapei-test:default 3. Check if rolebinding is added # oc get rolebinding -n yapei-test NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin yapei registry-admin /registry-admin yapei registry-viewer /registry-viewer system:serviceaccount:yapei-test:default role was added to serviceaccount successfully Verified on openshift v3.11.0-0.32.0 and cockpit 176 # oc rsh -n default registry-console-1-v5pqm sh-4.2$ rpm -qa | grep cockpit cockpit-bridge-176-2.el7.x86_64 cockpit-kubernetes-176-2.el7.x86_64 cockpit-ws-176-2.el7.x86_64 cockpit-dashboard-176-2.el7.x86_64 cockpit-system-176-2.el7.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:2660