Description of problem: Running a oc cert deny yields a ‘appoved’ msg on the command line (this doesn’t make sense) but shows denied on the cert listing [root@ocp4-001 191101-cnv]# bash 191101-useful03-cert-deep-inspection |grep 006 csr-2l88b | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-7zcxk | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-cqg8d | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-fcr79 | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-gkknt | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-hc7pg | Subject: O=system:nodes, CN=system:node:ocp4-006 csr-l9nqb | Subject: O=system:nodes, CN=system:node:ocp4-006 [root@ocp4-001 191101-cnv]# oc adm certificate deny csr-2l88b certificatesigningrequest.certificates.k8s.io/csr-2l88b approved Version-Release number of selected component (if applicable): 4.2.0 GA How reproducible: Always Steps to Reproduce: 1. Run oc deny for an outstanding CSR 2. See the "approved" message from above. Actual results: It indicates it is approved Expected results: It should say denied Additional info: N/A
Should be solved when https://github.com/openshift/oc/pull/144 merges
confirmed with latest oc client, the issue has fixed: [root@dhcp-140-138 ~]# oc version Client Version: v4.3.0 Server Version: 4.3.0-0.nightly-2019-11-07-172437 Kubernetes Version: v1.16.2 [root@dhcp-140-138 ~]# oc adm certificate deny csr-test-fed8d184 certificatesigningrequest.certificates.k8s.io/csr-test-fed8d184 denied [root@dhcp-140-138 ~]# oc get csr csr-test-fed8d184 NAME AGE REQUESTOR CONDITION csr-test-fed8d184 59s system:admin Denied [root@dhcp-140-138 ~]# oc describe csr csr-test-fed8d184 Name: csr-test-fed8d184 Labels: <none> Annotations: <none> CreationTimestamp: Fri, 08 Nov 2019 14:51:27 +0800 Requesting User: system:admin Status: Denied Subject: Common Name: system:node:qe-jhou-ckg5s-worker-68rcv Serial Number: Organization: system:nodes Subject Alternative Names: DNS Names: qe-jhou-ckg5s-worker-68rcv IP Addresses: 192.168.0.23 Events: <none>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0062