Bug 1684036 - secret name and clusterrole name for asb are not the same with v3.11
Summary: secret name and clusterrole name for asb are not the same with v3.11
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.1.0
Assignee: Shawn Hurley
QA Contact: Zhang Cheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-28 09:59 UTC by Zihan Tang
Modified: 2019-03-12 14:25 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-04 21:29:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Zihan Tang 2019-02-28 09:59:29 UTC 
Description of problem:
Using operator to install ASB, the secret name and ASB access clusterrole are different from v3.11.
secret should be name with asb* prefix like
asb-client                 
asb-client-dockercfg*

clusterrole should be named with asb* prefix like:
asb-access
asb-user-access


Version-Release number of selected component (if applicable):
ASB operator: 
docker.io/automationbroker/automation-broker-operator:v4.0
ASB version : 1.4.4

How reproducible:
awlays

Steps to Reproduce:
1. install asb from markertplace&OLM
2. check secret in ASB namespace
3. check asb clusterrole

Actual results:
2.
in 4.0
$ oc get secret
NAME                                            TYPE                                  DATA   AGE
ansible-service-broker-client                   kubernetes.io/service-account-token   3      27h
ansible-service-broker-client-dockercfg-785jq   kubernetes.io/dockercfg               1      27h
ansible-service-broker-client-token-n7f9c       kubernetes.io/service-account-token   3      27h
ansible-service-broker-client-token-qxmxp       kubernetes.io/service-account-token   3      27h
ansible-service-broker-dockercfg-wg6h5          kubernetes.io/dockercfg               1      27h
ansible-service-broker-tls                      kubernetes.io/tls                     2      27h
ansible-service-broker-token-7tmvf              kubernetes.io/service-account-token   3      27h
ansible-service-broker-token-j2bzh              kubernetes.io/service-account-token   3      27h

3. 
in 4.0
oc get clusterrole | grep ansible
access-ansible-service-broker-openshift-ansible-service-broker-role    27h
ansible-service-broker-openshift-ansible-service-broker                27h
ansible-service-broker-openshift-ansible-service-broker-user-auth      27h

Expected results:
in 3.11 secret are named with asb* prefix. should be keep the same in v4.0
# oc get secret
NAME                         TYPE                                  DATA      AGE
asb-client                   kubernetes.io/service-account-token   4         1h
asb-client-dockercfg-l95cq   kubernetes.io/dockercfg               1         1h
asb-client-token-7ndmj       kubernetes.io/service-account-token   4         1h
asb-client-token-ml9w2       kubernetes.io/service-account-token   4         1h
asb-dockercfg-kw6x2          kubernetes.io/dockercfg               1         1h
asb-registry-auth            Opaque                                2         1h

clusterrole should be named with asb* prefix
in 3.11
# oc get clusterrole | grep asb
asb-access
asb-auth
asb-user-access

Additional info:
Comment 1 Shawn Hurley 2019-03-04 21:29:22 UTC 
The Operator had to change the names of how this was installed because the operator can install more than one broker. The name has to be namespaced and named with the name of the CR to ensure successful reconcile's. This is a change that was by design and was needed for the operator to behave correctly.
Note You need to log in before you can comment on or make changes to this bug.