Bug 1936904 - Wrong output YAML when syncing groups without --confirm
Summary: Wrong output YAML when syncing groups without --confirm
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.7
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.8.0
Assignee: Mike Dame
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-09 13:08 UTC by Sergio G.
Modified: 2021-07-27 22:52 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 22:51:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 759 0 None open Bug 1936904: Insert apiVersion and Kind into `oc adm groups sync` list output 2021-03-09 19:00:58 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 22:52:20 UTC

Description Sergio G. 2021-03-09 13:08:27 UTC
Description of problem:
When syncing groups, the list of groups is not properly created. Each group lacks of apiVersion and Kind fields.


How reproducible:
Always


Actual results:
After running a sync, the output YAML is like this one:
----
apiVersion: v1
items:
- metadata:
    annotations:
      openshift.io/ldap.sync-time: 2021-03-08T07:11:2100100
      openshift.io/ldap.uid: gsrlappl_openshift_admin
      openshift.io/ldap.url: ldapserver.example.local:636
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: ldapserver.example.local
    name: GSRLAPPL_Openshift_ADMIN
  users:
  - B0640354
  - B0640353
  - B0638438
  - B0638436
kind: List
metadata: {}

This output is not valid as it lacks of apiVersion and Kind each group, therefore it can't be used with "oc apply -f -". The next error is received:
unable to get type info from the object "*unstructured.Unstructured": Object 'Kind' is missing in 'object has no kind field '


But adding the missing fields does the job:
$ oc adm groups sync GSRLAPPL_Openshift_ADMIN \
     --sync-config=ldap_sync_pl.yml \
     -o yaml \
     | sed -r -e 's/- metadata:/- kind: Group\n  apiVersion: user.openshift.io\/v1\n  metadata:/g' \
     | oc apply -f -
group/GSRLAPPL_Openshift_ADMIN created.


Expected results:
A valid YAML which can be used with "oc apply -f -":
----
apiVersion: v1
items:
- apiVersion: user.openshift.io/v1
  kind: Group
  metadata:
    annotations:
      openshift.io/ldap.sync-time: 2021-03-08T07:11:2100100
      openshift.io/ldap.uid: gsrlappl_openshift_admin
      openshift.io/ldap.url: ldapserver.example.local:636
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: ldapserver.example.local
    name: GSRLAPPL_Openshift_ADMIN
  users:
  - B0640354
  - B0640353
  - B0638438
  - B0638436
kind: List
metadata: {}

Comment 1 Sergio G. 2021-03-09 13:11:07 UTC
Related https://github.com/openshift/oc/blob/release-4.7/pkg/cli/admin/groups/sync/sync.go#L420. The group is created as Unstructured.

Comment 2 Mike Dame 2021-03-09 19:00:37 UTC
I opened a PR to work on this here: https://github.com/openshift/oc/pull/759
Still need some feedback on an appropriate way to address this, but it is being investigated

Comment 4 zhou ying 2021-06-11 02:44:17 UTC
Follow the case: OCP-40053, can't reproduce the issue now:

[root@localhost ~]# oc adm groups sync --sync-config=/tmp/ssss.yaml -o yaml
apiVersion: user.openshift.io/v1
items:
- metadata:
    creationTimestamp: null
  users: null
- metadata:
    creationTimestamp: null
  users: null
- metadata:
    creationTimestamp: null
  users: null
- apiVersion: user.openshift.io/v1
  kind: Group
  metadata:
    annotations:
      openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800
      openshift.io/ldap.uid: cn=group1,ou=groups,ou=rfc2307,dc=example,dc=com
      openshift.io/ldap.url: 127.0.0.1:59738
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: 127.0.0.1
    name: tc509128group1
  users:
  - person1smith@example.com
  - person2smith@example.com
  - person3smith@example.com
  - person4smith@example.com
  - person5smith@example.com
- apiVersion: user.openshift.io/v1
  kind: Group
  metadata:
    annotations:
      openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800
      openshift.io/ldap.uid: cn=group2,ou=groups,ou=rfc2307,dc=example,dc=com
      openshift.io/ldap.url: 127.0.0.1:59738
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: 127.0.0.1
    name: tc509128group2
  users:
  - person1smith@example.com
  - person2smith@example.com
  - person3smith@example.com
- apiVersion: user.openshift.io/v1
  kind: Group
  metadata:
    annotations:
      openshift.io/ldap.sync-time: 2021-06-11T10:37:3700800
      openshift.io/ldap.uid: cn=group3,ou=groups,ou=rfc2307,dc=example,dc=com
      openshift.io/ldap.url: 127.0.0.1:59738
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: 127.0.0.1
    name: tc509128group3
  users:
  - person1smith@example.com
  - person5smith@example.com
kind: GroupList
metadata: {}

[root@localhost ~]# oc apply -f /tmp/group.yaml 
group.user.openshift.io/tc509128group1 created
group.user.openshift.io/tc509128group2 created
group.user.openshift.io/tc509128group3 created
resource name may not be empty
resource name may not be empty
resource name may not be empty
[root@localhost ~]# oc get groups 
NAME             USERS
tc509128group1   person1smith@example.com, person2smith@example.com, person3smith@example.com, person4smith@example.com, person5smith@example.com
tc509128group2   person1smith@example.com, person2smith@example.com, person3smith@example.com
tc509128group3   person1smith@example.com, person5smith@example.com

Comment 7 errata-xmlrpc 2021-07-27 22:51:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.