Bug 1734326 - RoleBindingRestriction could not be created for resource validation failed
Summary: RoleBindingRestriction could not be created for resource validation failed
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.2.0
Assignee: Standa Laznicka
QA Contact: Wei Sun
Depends On:
TreeView+ depends on / blocked
Reported: 2019-07-30 09:04 UTC by Chuan Yu
Modified: 2019-10-16 06:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-10-16 06:33:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-config-operator pull 81 0 None None None 2019-07-30 10:17:29 UTC
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:34:02 UTC

Description Chuan Yu 2019-07-30 09:04:01 UTC
Description of problem:
rolebindingrestriction created failed for resource validation failed

Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.2.0-0.nightly-2019-07-24-233914   True        False         7h55m   Cluster version is 4.2.0-0.nightly-2019-07-24-233914

How reproducible:

Steps to Reproduce:
1. create a rolebinding with a resource file, such as:
$ oc create -f - <<EOF
> apiVersion: authorization.openshift.io/v1
> kind: RoleBindingRestriction
> metadata:
>   name: match-groups
> spec:
>   grouprestriction:
>     groups:
>     - groups-rolebindingrestriction


Actual results:
Failed to create such rolebindingrestriction, with validation error:
The RoleBindingRestriction "match-groups" is invalid: []: Invalid value: map[string]interface {}{"apiVersion":"authorization.openshift.io/v1", "kind":"RoleBindingRestriction", "metadata":map[string]interface {}{"creationTimestamp":"2019-07-25T10:03:18Z", "generation":1, "name":"match-groups", "namespace":"openshift-authentication", "uid":"6d10dee8-aec3-11e9-961e-029a6e1b3ab0"}, "spec":map[string]interface {}{"grouprestriction":map[string]interface {}{"groups":[]interface {}{"groups-rolebindingrestriction"}}}}: validation failure list:

scheng: See below logs:
spec.grouprestriction.labels in body is required
spec.serviceaccountrestriction in body is required
spec.userrestriction in body is required

Expected results:
rolebindingrestriction create successfully

Additional info:
In 4.1 with the same resource file, no such issue when create rolebindingrestriction.

Comment 2 Chuan Yu 2019-07-31 03:08:03 UTC
Verified on 4.2.0-0.nightly-2019-07-30-214012

Comment 4 errata-xmlrpc 2019-10-16 06:33:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.