Bug 1597334 – all RBAC manifests must be at v1

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1597334 - all RBAC manifests must be at v1

Summary:	all RBAC manifests must be at v1

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer (Show other bugs)
Sub Component:
Version:	3.11.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	---
Target Release:	3.11.0
Assigned To:	Scott Dodson
QA Contact:	Johnny Liu
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2018-07-02 11:39 EDT by David Eads
Modified:	2018-10-11 03:21 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-10-11 03:21:36 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2018:2652	None	None	None	2018-10-11 03:21 EDT

Groups: None (edit)

Description David Eads 2018-07-02 11:39:41 EDT

Description of problem:
`oc auth reconcile` only supports v1.  Older resources are not reconciled.

Version-Release number of selected component (if applicable):


How reproducible:
100%


Steps to Reproduce:
0. revert https://github.com/openshift/origin/commit/979704ac34b42f25827c8fbaf9040904bca82eb1
1. reconcile a manifest with v1beta1 resources
2. resources are skipped
3.

Actual results:


Expected results:


Additional info:
We need to revert that patch to stay up to date with kube.



Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Comment 1 Scott Dodson 2018-07-02 11:48:25 EDT

https://github.com/openshift/openshift-ansible/pull/9045

Comment 2 Scott Dodson 2018-08-02 08:43:52 EDT

In openshift-ansible-3.11.0-0.5.0

Comment 3 Johnny Liu 2018-08-03 05:03:35 EDT

Re-test this bug with openshift-ansible-playbooks-3.11.0-0.10.0.git.0.91bb588None.noarch:


Most are updated.

# oc get RoleBinding system:deployers -o yaml -n default
apiVersion: authorization.openshift.io/v1
groupNames: null
kind: RoleBinding
<--snip-->

# oc get ClusterRole system:router -o yaml -n default
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
<--snip-->

# oc get Role templateservicebroker-auth-reader -o yaml -n openshift-template-service-broker
apiVersion: authorization.openshift.io/v1
kind: Role
<--snip-->

# oc get ClusterRoleBinding system:registry -o yaml -n openshift-ansible-service-broker
apiVersion: authorization.openshift.io/v1
groupNames: null
kind: ClusterRoleBinding
<--snip-->

After grab keyword in openshift-ansible, only left the following files are not updated.
# grep -r "v1beta1" *|grep rbac.authorization
roles/openshift_metering/files/operator/metering-helm-operator-role.yaml:apiVersion: rbac.authorization.k8s.io/v1beta1
roles/openshift_metering/files/operator/metering-helm-operator-rolebinding.yaml:apiVersion: rbac.authorization.k8s.io/v1beta1

Comment 4 Scott Dodson 2018-08-03 10:40:13 EDT

https://github.com/openshift/openshift-ansible/pull/9426/files to followup

Comment 5 Scott Dodson 2018-08-09 09:42:45 EDT

In openshift-ansible-3.11.0-0.12.0

Comment 6 Johnny Liu 2018-08-13 05:34:36 EDT

Verified the left issue in comment 3 with openshift-ansible-3.11.0-0.13.0.git.0.16dc599None.noarch, and PASS.


[root@preserve-jialiu-ansible ~]# cd /usr/share/ansible/openshift-ansible
[root@preserve-jialiu-ansible openshift-ansible]# grep -r "v1beta1" *|grep rbac.authorization
<--empty-->

Comment 8 errata-xmlrpc 2018-10-11 03:21:36 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652

Note You need to log in before you can comment on or make changes to this bug.