Description of problem: When user tries to check existing Binding information on RoleBindings tab on 'User details' page, 'No RoleBindins found' is always returned even there are some rolebindings subjected to the user Version-Release number of selected component (if applicable): 4.10.0-0.nightly-2021-11-04-001635 How reproducible: Always Steps to Reproduce: 1. Login OCP as administrator 2. Create a Cluster RoleBindings, and add basic-user role to a user (testuser-3) $oc adm policy add-role-to-user basic-user testuser-3 $oc describe rolebindings basic-user Name: basic-user Labels: <none> Annotations: <none> Role: Kind: ClusterRole Name: basic-user Subjects: Kind Name Namespace ---- ---- --------- User testuser-3 $oc create -f testrole.yaml $cat testrole.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: testrole subjects: - kind: User apiGroup: rbac.authorization.k8s.io name: testuser-3 roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: admin $oc describe clusterrolebindings testrole Name: testrole Labels: <none> Annotations: <none> Role: Kind: ClusterRole Name: admin Subjects: Kind Name Namespace ---- ---- --------- User testuser-3 3. Re-login OCP as testuser-3, navigate to User-management - RoleBindings page on administrator perspective 4. Verify if user is able to check Roblebindins details 5. Re-login OCP as administrator, navigate User-Management -> Users page 6. Check the user details of testuser-3, navigate to Rolebindings page 7. Verify if the created test role is listed on RoleBindings page Actual results: 4. An Error message "clusterrolebindings.rbac.authorization.k8s.io "testrole" is forbidden: User "testuser-3" cannot get resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope" is shown on the page 7. The created role bindings 'testrole' cannot be found on the Rolebindings tab on 'User details' page. An error message would be found on Console of developer tools of browse as below shown: main-chunk-8ed6d19deafe22537a06.min.js:1 Error fetching bindable services TypeError: Object(...) is not a function at main-chunk-8ed6d19deafe22537a06.min.js:1 at Generator.next (<anonymous>) at main-chunk-8ed6d19deafe22537a06.min.js:1 at new Promise (<anonymous>) at o (main-chunk-8ed6d19deafe22537a06.min.js:1) at s (main-chunk-8ed6d19deafe22537a06.min.js:1) at Object.<anonymous> (main-chunk-8ed6d19deafe22537a06.min.js:1) at r (runtime~main-bundle-d51c0941a313cde24f50.min.js:1) at Module.<anonymous> (main-chunk-8ed6d19deafe22537a06.min.js:1) at r (runtime~main-bundle-d51c0941a313cde24f50.min.js:1) (anonymous) @ main-chunk-8ed6d19deafe22537a06.min.js:1 32WebSocket connection to '<URL>' failed: WebSocket is closed before the connection is established. main-chunk-8ed6d19deafe22537a06.min.js:1 Attempting to get Kubernetes object model using string kind: RoleBinding, which is not guaranteed to be unique! l @ main-chunk-8ed6d19deafe22537a06.min.js:1 main-chunk-8ed6d19deafe22537a06.min.js:1 Attempting to get Kubernetes object model using string kind: ServiceAccount, which is not guaranteed to be unique! l @ main-chunk-8ed6d19deafe22537a06.min.js:1Attempting to get Kubernetes object model using string kind: ClusterRoleBinding, which is not guaranteed to be unique! Expected results: 4,7. User is able to check the subject of Rolebindings correctly Additional info: This bug request to backport to OCP4.9
Setting for Version 4.9 since a backport for that version will be required.
xiyuzhao This bug is fixed in PR - https://github.com/openshift/console/pull/10587 . Marking as duplicate. Please test in the latest Cluster version and let me know if you have any concerns. *** This bug has been marked as a duplicate of bug 2025903 ***