Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1597334

Summary: all RBAC manifests must be at v1
Product: OpenShift Container Platform Reporter: David Eads <deads>
Component: InstallerAssignee: Scott Dodson <sdodson>
Status: CLOSED ERRATA QA Contact: Johnny Liu <jialiu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: 3.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-11 07:21:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Eads 2018-07-02 15:39:41 UTC 
Description of problem:
`oc auth reconcile` only supports v1.  Older resources are not reconciled.

Version-Release number of selected component (if applicable):


How reproducible:
100%


Steps to Reproduce:
0. revert https://github.com/openshift/origin/commit/979704ac34b42f25827c8fbaf9040904bca82eb1
1. reconcile a manifest with v1beta1 resources
2. resources are skipped
3.

Actual results:


Expected results:


Additional info:
We need to revert that patch to stay up to date with kube.



Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag
Comment 1 Scott Dodson 2018-07-02 15:48:25 UTC 
https://github.com/openshift/openshift-ansible/pull/9045
Comment 2 Scott Dodson 2018-08-02 12:43:52 UTC 
In openshift-ansible-3.11.0-0.5.0
Comment 3 Johnny Liu 2018-08-03 09:03:35 UTC 
Re-test this bug with openshift-ansible-playbooks-3.11.0-0.10.0.git.0.91bb588None.noarch:


Most are updated.

# oc get RoleBinding system:deployers -o yaml -n default
apiVersion: authorization.openshift.io/v1
groupNames: null
kind: RoleBinding
<--snip-->

# oc get ClusterRole system:router -o yaml -n default
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
<--snip-->

# oc get Role templateservicebroker-auth-reader -o yaml -n openshift-template-service-broker
apiVersion: authorization.openshift.io/v1
kind: Role
<--snip-->

# oc get ClusterRoleBinding system:registry -o yaml -n openshift-ansible-service-broker
apiVersion: authorization.openshift.io/v1
groupNames: null
kind: ClusterRoleBinding
<--snip-->

After grab keyword in openshift-ansible, only left the following files are not updated.
# grep -r "v1beta1" *|grep rbac.authorization
roles/openshift_metering/files/operator/metering-helm-operator-role.yaml:apiVersion: rbac.authorization.k8s.io/v1beta1
roles/openshift_metering/files/operator/metering-helm-operator-rolebinding.yaml:apiVersion: rbac.authorization.k8s.io/v1beta1
Comment 4 Scott Dodson 2018-08-03 14:40:13 UTC 
https://github.com/openshift/openshift-ansible/pull/9426/files to followup
Comment 5 Scott Dodson 2018-08-09 13:42:45 UTC 
In openshift-ansible-3.11.0-0.12.0
Comment 6 Johnny Liu 2018-08-13 09:34:36 UTC 
Verified the left issue in comment 3 with openshift-ansible-3.11.0-0.13.0.git.0.16dc599None.noarch, and PASS.


[root@preserve-jialiu-ansible ~]# cd /usr/share/ansible/openshift-ansible
[root@preserve-jialiu-ansible openshift-ansible]# grep -r "v1beta1" *|grep rbac.authorization
<--empty-->
Comment 8 errata-xmlrpc 2018-10-11 07:21:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652