Bug 1802719 - oc adm groups sync return code [NEEDINFO]
Summary: oc adm groups sync return code
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.5.0
Assignee: Sally
QA Contact: pmali
Depends On:
Blocks: 1838838
TreeView+ depends on / blocked
Reported: 2020-02-13 18:40 UTC by Jaspreet Kaur
Modified: 2020-10-13 18:47 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1838838 (view as bug list)
Last Closed: 2020-07-13 17:15:07 UTC
Target Upstream Version:
jkaur: needinfo? (somalley)

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift oc pull 405 0 None closed Bug 1802719: oc adm groups sync IsQueryOutOfBoundsError warning,not error 2020-10-13 08:58:07 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:15:44 UTC

Description Jaspreet Kaur 2020-02-13 18:40:17 UTC
Description of problem: When calling ' oc adm groups sync' it reports that some groups are outside the group base, which is true, but intended. However, the utility returns an error code '1' in this case, which will lead to failed cron jobs. 

when running the command, it returns an error code:

#  oc adm groups sync --sync-config=augmented_active_directory_config.yaml --confirm=false >sync_output 2>&1
# echo $?

When looking at the output, there is no other error then the on 'group outside the base dn'

# grep Error sync_output  | grep -c -v 'outside of the base'

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results: It returns a postive error code

Expected results: Should not return any errors

Additional info:

Comment 2 Maciej Szulik 2020-02-18 11:28:00 UTC
This seems like minor annoyance that will be fixed in the next release. 

Sally, we should identify the place where this error happens and make it not error.

Comment 3 Standa Laznicka 2020-05-11 13:32:49 UTC
Your use-case looks wrong. Why don't you broaden the DN of the group tree if you want groups that are outside your current tree? If it's because there's more groups than you'd like to sync, use whitelisting/blacklisting.

Comment 4 Standa Laznicka 2020-05-12 07:55:51 UTC
You don't want to do that, you just want that the sync to pass, I misunderstood.

Comment 7 Sally 2020-05-21 14:23:14 UTC
The openshift/oc pull 405 does not fully resolve this issue, I'm moving back to modified while I open a follow-up PR.

Comment 8 Sally 2020-05-21 20:57:56 UTC
Actually, @pmali@redhat.com the PR linked to this report (https://github.com/openshift/oc/pull/405) resolves this bug, please move back to ON_QA and verify.  I'll clone/open a new bz for follow-up work - The follow-up is for RFC 2307 instead of Active Directory. Thanks

Comment 12 errata-xmlrpc 2020-07-13 17:15:07 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.