Uploaded image for project: 'Red Hat Container Development Kit'
  1. Red Hat Container Development Kit
  2. CDK-83

Unable to add multiple serviceaccounts for different projects with the same role in the GUI

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Out of Date
    • Affects Version/s: 2.3.0.GA
    • Fix Version/s: None
    • Component/s: openshift
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Create 3 projects (e.g. Dev, Test, Prod)

      • Go to Dev and membership
      • Add image puller for default user from Test project (succeeds)
      • Add image puller for default user from Prod project (fails)

      Use
      oc policy add-role-to-user system:image-puller system:serviceaccount:production:default -n development

      Refresh development membership page and it will work.

      Show
      Create 3 projects (e.g. Dev, Test, Prod) Go to Dev and membership Add image puller for default user from Test project (succeeds) Add image puller for default user from Prod project (fails) Use oc policy add-role-to-user system:image-puller system:serviceaccount:production:default -n development Refresh development membership page and it will work.

      Description

      I want to allow multiple project to be able to pull image (image-puller) from a single project (i.e. test and production to pull same image from development).

      In development project under Resources->Membership->Service Account I can add a test/default and role system:image-puller without problems. However, when I try to add another for production/default I get the error "The role "system:image-puller" has already been granted to "default" - however it hasn't for that project.

      You can work around this by using the following command:
      oc policy add-role-to-user system:image-puller system:serviceaccount:production:default -n development

      But the User Interface for some reason doesn't allow this. Once you use the command above the correct membership service accounts are visible.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            mmusaji Mustafa Musaji
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: