Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-21800

When changing role of ClusterPermission in UI, there is an error in ManifestWork

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • ACM 2.14.0
    • Server Foundation
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      Description of problem:

      A ClusterPermission is created in the UI with role X. If that same ClusterPermission is edited in UI and the role is changed to role Y, the ClusterPermission itself will show success. However the underlying ManifestWork will show this error:

       

      ubuntu@ubuntu2404:~/UbuntuSync$ kubectl -n jorge-sno-418 get ManifestWork jorge-sno-418-mshort777-mulinamespace-c4f6c -o yaml
      ...
      status:
        conditions:
        - lastTransitionTime: "2025-06-13T20:49:10Z"
          message: Failed to apply manifest work
          observedGeneration: 26
          reason: AppliedManifestWorkFailed
          status: "False"
          type: Applied
        - lastTransitionTime: "2025-06-13T20:42:38Z"
          message: All resources are available
          observedGeneration: 26
          reason: ResourcesAvailable
          status: "True"
          type: Available
        resourceStatus:
          manifests:
          - conditions:
            - lastTransitionTime: "2025-06-13T20:49:10Z"
              message: 'Failed to apply manifest: RoleBinding.rbac.authorization.k8s.io
                "jorge-sno-418-mshort777-mulinamespace-0" is invalid: roleRef: Invalid value:
                rbac.RoleRef{APIGroup:"rbac.authorization.k8s.io", Kind:"ClusterRole", Name:"kubevirt.io:admin"}:
                cannot change roleRef'
              reason: AppliedManifestFailed
              status: "False"
              type: Applied

      The issue is that ManifestWork does not support role change. We can either fix this in the UI, or this can be enhanced in the backend to support this change.

       

      Version-Release number of selected component (if applicable):

      How reproducible:

      Every time.

      Steps to Reproduce:

      1. Create ClusterPermission from UI
      2. Edit ClusterPermission and change role

      Actual results:

      Error in ManifestWork and rolebindings are not updated with new role.

      Expected results:

      Role should either update or UI should prevent this change.

      Additional info:

              asimonel August Simonelli
              rh-ee-mshort Matthew Short
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: