Description of problem: When syncing groups, the list of groups is not properly created. Each group lacks of apiVersion and Kind fields. How reproducible: Always Actual results: After running a sync, the output YAML is like this one: ---- apiVersion: v1 items: - metadata: annotations: openshift.io/ldap.sync-time: 2021-03-08T07:11:2100100 openshift.io/ldap.uid: gsrlappl_openshift_admin openshift.io/ldap.url: ldapserver.example.local:636 creationTimestamp: null labels: openshift.io/ldap.host: ldapserver.example.local name: GSRLAPPL_Openshift_ADMIN users: - B0640354 - B0640353 - B0638438 - B0638436 kind: List metadata: {} This output is not valid as it lacks of apiVersion and Kind each group, therefore it can't be used with "oc apply -f -". The next error is received: unable to get type info from the object "*unstructured.Unstructured": Object 'Kind' is missing in 'object has no kind field ' But adding the missing fields does the job: $ oc adm groups sync GSRLAPPL_Openshift_ADMIN \ --sync-config=ldap_sync_pl.yml \ -o yaml \ | sed -r -e 's/- metadata:/- kind: Group\n apiVersion: user.openshift.io\/v1\n metadata:/g' \ | oc apply -f - group/GSRLAPPL_Openshift_ADMIN created. Expected results: A valid YAML which can be used with "oc apply -f -": ---- apiVersion: v1 items: - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-03-08T07:11:2100100 openshift.io/ldap.uid: gsrlappl_openshift_admin openshift.io/ldap.url: ldapserver.example.local:636 creationTimestamp: null labels: openshift.io/ldap.host: ldapserver.example.local name: GSRLAPPL_Openshift_ADMIN users: - B0640354 - B0640353 - B0638438 - B0638436 kind: List metadata: {}
Related https://github.com/openshift/oc/blob/release-4.7/pkg/cli/admin/groups/sync/sync.go#L420. The group is created as Unstructured.
I opened a PR to work on this here: https://github.com/openshift/oc/pull/759 Still need some feedback on an appropriate way to address this, but it is being investigated
Follow the case: OCP-40053, can't reproduce the issue now: [root@localhost ~]# oc adm groups sync --sync-config=/tmp/ssss.yaml -o yaml apiVersion: user.openshift.io/v1 items: - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - metadata: creationTimestamp: null users: null - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800 openshift.io/ldap.uid: cn=group1,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:59738 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group1 users: - person1smith - person2smith - person3smith - person4smith - person5smith - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800 openshift.io/ldap.uid: cn=group2,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:59738 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group2 users: - person1smith - person2smith - person3smith - apiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800 openshift.io/ldap.uid: cn=group3,ou=groups,ou=rfc2307,dc=example,dc=com openshift.io/ldap.url: 127.0.0.1:59738 creationTimestamp: null labels: openshift.io/ldap.host: 127.0.0.1 name: tc509128group3 users: - person1smith - person5smith kind: GroupList metadata: {} [root@localhost ~]# oc apply -f /tmp/group.yaml group.user.openshift.io/tc509128group1 created group.user.openshift.io/tc509128group2 created group.user.openshift.io/tc509128group3 created resource name may not be empty resource name may not be empty resource name may not be empty [root@localhost ~]# oc get groups NAME USERS tc509128group1 person1smith, person2smith, person3smith, person4smith, person5smith tc509128group2 person1smith, person2smith, person3smith tc509128group3 person1smith, person5smith
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438