+++ This bug was initially created as a clone of Bug #1740596 +++ Description of problem: Rolebinding patch is not working for "authorization.openshift.io/v1" apiservice # cat > rolebinding.yaml << EOL apiVersion: authorization.openshift.io/v1 kind: RoleBinding metadata: name: test-rolebinding roleRef: kind: Role name: view apiGroup: rbac.authorization.openshift.io subjects: - kind: User name: user1 apiGroup: rbac.authorization.openshift.io EOL # oc apply -f rolebinding.yaml rolebinding.authorization.openshift.io/test-rolebinding created # oc get rolebinding test-rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS test-rolebinding /view user1 Edited yaml file and added below line - kind: User name: user2 apiGroup: rbac.authorization.openshift.io # oc apply -f rolebinding.yaml rolebinding.authorization.openshift.io/test-rolebinding configured # oc get rolebinding test-rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS test-rolebinding /view user1 But when I use rbac.authorization.k8s.io/v1 apiversion it's working as expected.
This was originally reported in 3.11, but I can reproduce the same problem in 4.2. Making this a blocker bug until we know why this happen.
Mo, FYI (this looks like something is broken on the server side, I can see `oc` sending and receiving the correct data, however the data are not persisted).
https://bugzilla.redhat.com/show_bug.cgi?id=1740596#c1