Description of problem: When the TemplateServiceBroker resource is deleted, cluster role bindings, cluster roles, and cluster service brokers are left behind by the template service broker operator. Version-Release number of selected component (if applicable): How reproducible: 100% Steps to Reproduce: 1. Create TSB resource 2. Delete TSB resource 3. Look at Cluster service brokers Actual results: cluster service broker still exists Expected results: cluster service broker should no longer exist after some time (service catalog needs to clean it up which takes a minute or two). Additional info:
PR: https://github.com/openshift/template-service-broker-operator/pull/49
Verification blocked by bug https://bugzilla.redhat.com/show_bug.cgi?id=1733464
Verify failed. templateservicebroker and clusterservicebroker are deleted, but some clusterrole and clusterrolebinding does not. cluster version:4.2.0-0.nightly-2019-08-21-235427 image-registry.openshift-image-registry.svc:5000/openshift/ose-template-service-broker-operator:v4.2.0 1. Create TSB resource $ oc get clusterservicebroker NAME URL STATUS AGE ansible-service-broker https://asb.openshift-ansible-service-broker.svc:1338/osb/ Ready 1d template-service-broker https://apiserver.openshift-template-service-broker.svc:443/brokers/template.openshift.io Ready 1d $ oc get templateservicebroker NAME AGE template-service-broker 25h $ oc get clusterrole | grep template openshift-template-service-broker-pwnwh-admin 25h openshift-template-service-broker-pwnwh-edit 25h openshift-template-service-broker-pwnwh-view 25h openshifttemplateservicebrokeroperator.4.2.0-6xffn 25h openshifttemplateservicebrokeroperator.4.2.0-pxdvk 26h system:openshift:controller:template-instance-controller 28h system:openshift:controller:template-instance-finalizer-controller 28h system:openshift:controller:template-service-broker 28h system:openshift:templateservicebroker-client 28h template-service-broker-openshift-template-service-broker 25h template-service-broker-openshift-template-service-broker-client 25h templateservicebrokers.osb.openshift.io-v1-admin 25h templateservicebrokers.osb.openshift.io-v1-crdview 25h templateservicebrokers.osb.openshift.io-v1-edit 25h templateservicebrokers.osb.openshift.io-v1-view 25h $ oc get clusterrolebinding | grep template openshifttemplateservicebrokeroperator.4.2.0-6xffn-openshixw5vk 25h openshifttemplateservicebrokeroperator.4.2.0-pxdvk-openshi24278 26h system:openshift:controller:template-instance-controller 29h system:openshift:controller:template-instance-controller:admin 29h system:openshift:controller:template-instance-finalizer-controller 29h system:openshift:controller:template-instance-finalizer-controller:admin 29h system:openshift:controller:template-service-broker 29h template-service-broker-openshift-template-service-broker 25h template-service-broker-openshift-template-service-broker-client 25h 2. Delete TSB resource $ oc delete templateservicebroker template-service-broker templateservicebroker.osb.openshift.io "template-service-broker" deleted 3. Look at Cluster service brokers $ oc get templateservicebroker No resources found. $ oc get clusterservicebroker NAME URL STATUS AGE ansible-service-broker https://asb.openshift-ansible-service-broker.svc:1338/osb/ Ready 1d $ oc get po NAME READY STATUS RESTARTS AGE openshift-template-service-broker-operator-57bc8799d7-v54f6 1/1 Running 0 25h $ oc get clusterrole | grep template openshift-template-service-broker-pwnwh-admin 26h openshift-template-service-broker-pwnwh-edit 26h openshift-template-service-broker-pwnwh-view 26h openshifttemplateservicebrokeroperator.4.2.0-6xffn 26h openshifttemplateservicebrokeroperator.4.2.0-pxdvk 27h system:openshift:controller:template-instance-controller 29h system:openshift:controller:template-instance-finalizer-controller 29h system:openshift:controller:template-service-broker 29h system:openshift:templateservicebroker-client 29h templateservicebrokers.osb.openshift.io-v1-admin 26h templateservicebrokers.osb.openshift.io-v1-crdview 26h templateservicebrokers.osb.openshift.io-v1-edit 26h templateservicebrokers.osb.openshift.io-v1-view 26h $ oc get clusterrolebinding | grep template openshifttemplateservicebrokeroperator.4.2.0-6xffn-openshixw5vk 26h openshifttemplateservicebrokeroperator.4.2.0-pxdvk-openshi24278 27h system:openshift:controller:template-instance-controller 29h system:openshift:controller:template-instance-controller:admin 29h system:openshift:controller:template-instance-finalizer-controller 29h system:openshift:controller:template-instance-finalizer-controller:admin 29h system:openshift:controller:template-service-broker 29h
Fixed by PR from Comment #5 and blocked by Bug 1733464.
Verify Failed. Clusterrole:templateservicebrokers.osb.openshift.io-v1-admin templateservicebrokers.osb.openshift.io-v1-crdview templateservicebrokers.osb.openshift.io-v1-edit templateservicebrokers.osb.openshift.io-v1-view are not deleted. cluster version: 4.2.0-0.nightly-2019-09-10-014843 openshifttemplateservicebrokeroperator.4.2.0-201909081401 1. Create TSB resource $ oc get templateservicebroker -n openshift-template-service-broker NAME AGE template-service-broker 4m45s $ oc get clusterservicebroker NAME URL STATUS AGE ansible-service-broker https://asb.openshift-ansible-service-broker.svc:1338/osb/ Ready 23h template-service-broker https://apiserver.openshift-template-service-broker.svc:443/brokers/template.openshift.io Ready 4m $ oc get clusterrole | grep template openshift-template-service-broker-kj9bk-admin 27h openshift-template-service-broker-kj9bk-edit 27h openshift-template-service-broker-kj9bk-view 27h openshifttemplateservicebrokeroperator.4.2.0-201909081401-s8jz2 5m4s system:openshift:controller:template-instance-controller 28h system:openshift:controller:template-instance-finalizer-controller 28h system:openshift:controller:template-service-broker 28h system:openshift:templateservicebroker-client 28h template-service-broker-openshift-template-service-broker 95s template-service-broker-openshift-template-service-broker-client 89s templateservicebrokers.osb.openshift.io-v1-admin 2m36s templateservicebrokers.osb.openshift.io-v1-crdview 2m36s templateservicebrokers.osb.openshift.io-v1-edit 2m36s templateservicebrokers.osb.openshift.io-v1-view 2m36s $ oc get clusterrolebinding | grep template openshifttemplateservicebrokeroperator.4.2.0-201909081401-2b6fk 7m18s system:openshift:controller:template-instance-controller 28h system:openshift:controller:template-instance-controller:admin 28h system:openshift:controller:template-instance-finalizer-controller 28h system:openshift:controller:template-instance-finalizer-controller:admin 28h system:openshift:controller:template-service-broker 28h template-service-broker-openshift-template-service-broker 3m48s template-service-broker-openshift-template-service-broker-client 3m42s 2. Delete TSB resource $ oc delete templateservicebroker template-service-broker -n openshift-template-service-broker templateservicebroker.osb.openshift.io "template-service-broker" deleted $ oc get clusterservicebroker NAME URL STATUS AGE ansible-service-broker https://asb.openshift-ansible-service-broker.svc:1338/osb/ Ready 23h $ oc get clusterrole | grep template openshift-template-service-broker-kj9bk-admin 28h openshift-template-service-broker-kj9bk-edit 28h openshift-template-service-broker-kj9bk-view 28h openshifttemplateservicebrokeroperator.4.2.0-201909081401-s8jz2 10m system:openshift:controller:template-instance-controller 28h system:openshift:controller:template-instance-finalizer-controller 28h system:openshift:controller:template-service-broker 28h system:openshift:templateservicebroker-client 28h templateservicebrokers.osb.openshift.io-v1-admin 7m36s templateservicebrokers.osb.openshift.io-v1-crdview 7m36s templateservicebrokers.osb.openshift.io-v1-edit 7m36s templateservicebrokers.osb.openshift.io-v1-view 7m36s $ oc get clusterrolebinding | grep template openshifttemplateservicebrokeroperator.4.2.0-201909081401-2b6fk 9m50s system:openshift:controller:template-instance-controller 28h system:openshift:controller:template-instance-controller:admin 28h system:openshift:controller:template-instance-finalizer-controller 28h system:openshift:controller:template-instance-finalizer-controller:admin 28h system:openshift:controller:template-service-broker 28h
Created attachment 1614522 [details] Collection of data from the system While debugging this issue I captures the namespace, the clusterservicebroker, the cluster roles, etc to see when things were being created or removed.
The following files in the attached tarball are created by OLM. * clusterrole-admin * clusterrole-edit * clusterrole-view
test env: template-service-broker: ose-template-service-broker-operator:v4.2.0-201909151553 ose-template-service-broker:v4.2.0-201909151553
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922