-
Bug
-
Resolution: Can't Do
-
Minor
-
None
-
ACM 2.14.0
-
None
-
Quality / Stability / Reliability
-
False
-
-
False
-
-
-
Low
-
None
Description of problem:
ClusterPermission creation fails when creating multiple roleBindings within the same namespace
Version-Release number of selected component (if applicable):
How reproducible:
apiVersion: rbac.open-cluster-management.io/v1alpha1 kind: ClusterPermission metadata: name: clusterpermission-existing-role-sample namespace: feng-mc spec: roleBindings: - namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argocd-application-controller-1 subject: kind: ServiceAccount name: sa-sample-existing namespace: openshift-gitops - namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: argocd-application-controller-2 subject: apiGroup: rbac.authorization.k8s.io kind: User name: user1
Steps to Reproduce:
- Create a ClusterPermission using the above YAML
- Look for the ManifestWork created by the ClusterPermission(mentioned in the status)
- You will see errors it can't create some of the roleBindings
message: 'Failed to apply manifest: RoleBinding.rbac.authorization.k8s.io "clusterpermission-existing-role-sample" is invalid: roleRef: Invalid value: rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"Role", Name:"argocd-application-controller-2"}: cannot change roleRef'
This is due to the roleBinding with the same name already created so when second roleBinding is creating it fails.
Actual results:
Expected results:
Additional info:
- is documented by
-
ACM-21323 Doc ClusterPermission known issue
-
- Closed
-