Description of problem:
On registry console, add role to service account, e.g. system:serviceaccount:xxia-proj:default, it will prompt 'member name contains invalid characters'. It should support service account.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. On registry console, create project. Click nav menu 'Projects', select the project, click 'Add Member'.
2. In the dialogue, input system:serviceaccount:xxia-proj-2:default and select role Pull, click 'Add'
2. It prompts:
The member name contains invalid characters. Only letters, numbers, spaces and the following symbols are allowed: , = @ . _
2. It should support adding service account
Upstream PR to fix this: https://github.com/cockpit-project/cockpit/pull/9033
Setting a tentative target release. Xingxing or anyone else, please adjust as you see fit.
Checked the latest registry console in OCP 3.10 env, issue still exists.
The env uses below image as registry console:
registry.reg...com:443/openshift3/registry-console v3.10 eaca67e14beb 11 hours ago 243 MB
# oc rsh registry-console-1-phbmc rpm -qa | grep "cockpit"
Martin, looks like the fix does not yet land in latest registry-console image, which version will it land in?
@Xingxing: The fix is in upstream release 167.
Checked on OCP v3.10.12, the bug still exists.
Here are the related info about registry console:
# docker images|grep registry-console
registry.reg-aws.openshift.com:443/openshift3/registry-console v3.10 21a0d79b97e6 9 hours ago 255 MB
# oc rsh registry-console-1-v9c5f rpm -qa|grep cockpit
# rpm -qa|grep cockpit
@Martin, the packages versions vary from 155 to 169, which cockpit package exactly has relation to the bug? If non of above packages contains the fix, could you pls ask someone to prepare an ocp build containing the cockpit fix.
@Yanping: The fix is in cockpit-kubernetes. You need version 167 or later, you have 155.
Checked on OCP v3.10.18, the bug still exists, and cockpit packages are still old versions.
# oc rsh registry-console-1-45qmh rpm -qa|grep cockpit
Could we remove this bug from advisory 33464? since no build contains the fix.
The 3.10.14 going to ship in 33464 don't include cockpit-kubernetes >=167, we can't verify it now and need drop this bug from the advisory
1. Create project "yapei-test"
2. Projects -> Add Member -> Add Pull role to serviceaccount system:serviceaccount:yapei-test:default
3. Check if rolebinding is added
# oc get rolebinding -n yapei-test
NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS
admin /admin yapei
registry-admin /registry-admin yapei
registry-viewer /registry-viewer system:serviceaccount:yapei-test:default
role was added to serviceaccount successfully
Verified on openshift v3.11.0-0.32.0 and cockpit 176
# oc rsh -n default registry-console-1-v5pqm
sh-4.2$ rpm -qa | grep cockpit
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.