Description of problem: When we add a hook to a migration plan, and this hook is configured to use a service account that does not exist, the migration is stuck forever, without failing. Version-Release number of selected component (if applicable): KONVEYOR 1.2 How reproducible: Always Steps to Reproduce: 1. Create a migration plan and add a hook (no matter the playbook) that uses a service account that does not exist. 2. Run a migration. Actual results: The migration will remain stuck forever. The job created by the hook, cannot create the pods to execute the hook, since the pod will use the configured service account and it does not exist. We find this information describing the job $ oc describe job noservicaacc-prebackup-lb44r Type Reason Age From Message ---- ------ ---- ---- ------- Warning FailedCreate <invalid> (x5 over <invalid>) job-controller Error creating: pods "noservicaacc-prebackup-lb44r-" is forbidden: error looking up service account robot-source/fakename: serviceaccount "fakename" not found An the pod is never created. Expected results: The service account should have been rejected in the hook's UI, or the migration should fail telling that the configured service account cannot be used because it does not exist. Additional info:
I believe this was fixed for a prior release with https://github.com/konveyor/mig-controller/pull/518
Verified using MTC 1.3 Verified running the testcase "OCP-33423 - Hook using a non existent service account" Moved to VERIFIED status.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Migration Toolkit for Containers (MTC) Tool image release advisory 1.3.0), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4148