Bug 1886154 - System roles are not present while trying to create new role binding through web console
Summary: System roles are not present while trying to create new role binding through ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.7.0
Assignee: Cyril
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks: 1920530
TreeView+ depends on / blocked
 
Reported: 2020-10-07 18:44 UTC by Rejeeb
Modified: 2021-02-24 15:24 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: System roles are not present while trying to create new role binding through web console Reason: Users want to be able to select system role in the Role name dropdown while creating the role binding. Result: Working as expected.
Clone Of:
Environment:
Last Closed: 2021-02-24 15:23:52 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 7755 0 None closed Bug 1886154: - System roles are not present while trying to create new role binding through web console 2021-01-24 05:01:02 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:24:25 UTC

Description Rejeeb 2020-10-07 18:44:47 UTC
Description of problem:
While trying to create a new role-binding through the console, system roles are not present in the dropdown box.

Version-Release number of selected component (if applicable):
4.5

How reproducible:
100%

Steps to Reproduce:
1. Open the cluster webconsole, select "Role Bindings" sub-menu under the "User Management" menu.
2. Click the "Create Binding" button in the right corner.
3. Select the dropdown box under "Role Name" section.
4. We could see there are NO system roles (such as system:image-puller etc) present in the drop down menu.

Actual results:
NO system roles (such as system:image-puller etc) present in the drop down menu.

Expected results:
System roles should also be present in the list while creating the role binding.

Additional info:
Currently, the work around is as follows:
1. Open the cluster webconsole, select the "Role" sub-menu under "User Management" menu.
2. Click on the desired system role.
3. Click "Add Role Binding" option under the "Actions" dropdown box in the right corner.
3. Select the dropdown box under "Role Name" section.

Comment 2 Cyril 2020-11-09 13:15:12 UTC
Slack conversation: https://coreos.slack.com/archives/C6A3NV5J9/p1604338907029000

Comment 6 Cyril 2020-11-09 21:50:08 UTC
@rabdulra I don't know of any specific reason than what Sam mentioned in slack conversation - https://coreos.slack.com/archives/C6A3NV5J9/p1604338985029100?thread_ts=1604338907.029000&cid=C6A3NV5J9

Comment 7 Cyril 2020-11-09 21:54:25 UTC
@rabdulra Need to investigate further why Role name dropdown being empty

Comment 10 Yanping Zhang 2021-01-11 12:02:40 UTC
Checked on ocp 4.7 cluster with payload 4.7.0-0.nightly-2021-01-10-070949.
1. Open the cluster webconsole, select "Role Bindings" sub-menu under the "User Management" menu.
2. Click the "Create Binding" button in the right corner.
3. Select the dropdown box under "Role Name" section.
4. We could see there are system roles eg, system:image-puller, present in the drop down menu.
But all the system roles have "CR" in resource icon which represents ClusterRole, shouldn't they have "R" in resource icon? Same issue in the "User Management"->"Roles" list for system roles.
Pls correct me if I'm wrong.

Comment 11 Cyril 2021-01-14 15:21:31 UTC
@yanping I am not sure of the right resource icon. Let me check with @spadgett@redhat.com

Comment 12 Samuel Padgett 2021-01-14 18:37:51 UTC
It can have CR or R depending on whether it's a cluster role or namespaced role. I'd guess almost all of the system roles are cluster roles. The CR is expected.

Comment 13 Yadan Pei 2021-01-18 06:34:38 UTC
1. Open the cluster webconsole, select "Role Bindings" sub-menu under the "User Management" menu.
2. Click the "Create Binding" button in the right corner.
3. Select the dropdown box under "Role Name" section.
4. We can see system roles (such as system:image-puller/system:image-pusher etc) are present in the drop-down menu.



1. Open the cluster webconsole, select the "Role" sub-menu under "User Management" menu.
2. Click on the desired system role.
3. Click "Add Role Binding" option under the "Actions" dropdown box in the right corner.
3. "Role Name" is just shown with the role name we selected

Verified on 4.7.0-0.nightly-2021-01-17-153039

Comment 21 errata-xmlrpc 2021-02-24 15:23:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.