It seems like "The default cluster RBAC policy should have correct RBAC rules" e2e test is unstable and sometimes fails because extra permissions were found: [github.com/openshift/origin/test/extended/authorization/rbac/groups_default_rules.go:222]: Dec 16 20:20:11.119: system:authenticated has extra permissions in namespace "": {APIGroups:["servicecatalog.k8s.io"], Resources:["clusterserviceclasses"], Verbs:["list" "watch" "get"]} {APIGroups:["servicecatalog.k8s.io"], Resources:["clusterserviceplans"], Verbs:["list" "watch" "get"]} {NonResourceURLs:["/healthz/ready"], Verbs:["get"]} The test runs with the other tests and sometimes passes that indicates there must be a test or tests that add these additional permissions. I think we should chase down the tests that add extra permissions and based on that provide a fix for this test. See as an example of failure https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/24286/pull-ci-openshift-origin-master-e2e-gcp/4667
Moving to active development branch (4.4) for investigation.
*** Bug 1784822 has been marked as a duplicate of this bug. ***
bug 1784822 motivates the urgent severity.
*** Bug 1784837 has been marked as a duplicate of this bug. ***
https://github.com/openshift/origin/pull/24323#event-2895043767 merged an hour ago. Hopefully we'll see an improvement soon.
The problem no longer exist since it is removed from 4.4.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581