Created attachment 1867696 [details] View of RoleBinding when starting (same view as shown in the initial state via oc command) Description of problem: Having a `RoleBinding` within a project like the one below. > $ oc get rolebinding admin -o json > { > "apiVersion": "rbac.authorization.k8s.io/v1", > "kind": "RoleBinding", > "metadata": { > "creationTimestamp": "2022-03-14T07:44:51Z", > "name": "admin", > "namespace": "project-200", > "resourceVersion": "42748833", > "uid": "1bf265f5-3499-40b3-93f0-1e2794874633" > }, > "roleRef": { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "ClusterRole", > "name": "admin" > }, > "subjects": [ > { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "User", > "name": "system:admin" > }, > { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "User", > "name": "user1" > }, > { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "User", > "name": "user2" > }, > { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "User", > "name": "user3" > } > ] > } When editing this in https://<openshift-console-url>/project-details/ns/project-200/access and replacing `user3` with `user4` it drops all `subjects` except the one that has been edited (meaning `user4` will remain available and the rest is removed). So after modification is done, the `RoleBinding` looks as following: > $ oc get rolebinding admin -o json > { > "apiVersion": "rbac.authorization.k8s.io/v1", > "kind": "RoleBinding", > "metadata": { > "creationTimestamp": "2022-03-14T07:44:51Z", > "name": "admin", > "namespace": "project-200", > "resourceVersion": "42751278", > "uid": "1bf265f5-3499-40b3-93f0-1e2794874633" > }, > "roleRef": { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "ClusterRole", > "name": "admin" > }, > "subjects": [ > { > "apiGroup": "rbac.authorization.k8s.io", > "kind": "User", > "name": "user4" > } > ] > } Attached are the ScreenShot taken from the Console, showing the changes done that lead to the above outcome. Version-Release number of selected component (if applicable): - OpenShift Container Platform 4.9.23 How reproducible: - Always Steps to Reproduce: 1. Create a `RoleBinding` with multiple `subjects` 2. Edit the `RoleBinding` in the Developer Console 3. Validate the `RoleBinding` that shows all `subjects` dropped expected the one modified Actual results: All `subjects` in the `RoleBinding` are dropped expected for the one that was modified Expected results: All `subjects` to remain in place and only the `subject` modified to be changed Additional info:
Created attachment 1867697 [details] Showing the change being done on the RoleBinding in the Developer Console
Created attachment 1867698 [details] Showing the change effectively done and showing the broken RoleBinding as most subjects have gone missing
@sreber I am looking into this
@sreber I am working on it
Verified on 4.11.0-0.nightly-2022-05-20-213928
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069