Uploaded image for project: 'Cluster Observability Operator'
  1. Cluster Observability Operator
  2. COO-300

Fine grained access roles created by UIPlugin are not reconciled by COO on deletion

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • 0.4.0, 0.3.2
    • logging-uiplugin
    • None
    • 3
    • MON Sprint 260
    • None

      Description:
      Currently, when we provision the UIPlugin CR the operator creates 3 cluster roles cluster-logging-audit-view, cluster-logging-infrastructure-view and cluster-logging-application-view which are required under the fine grained logs access feature for Loki. If a clusterrole is deleted manually, the operator does not reconcile the deleted role. 

      UIPlugin CR:

      apiVersion: observability.openshift.io/v1alpha1
kind: UIPlugin
metadata:
  name: logging
spec:
  logging:
    logsLimit: 10
    lokiStack:
      name: lokistack-dev
    timeout: 6m
  type: Logging
status:
  conditions:
    - lastTransitionTime: '2024-09-02T06:42:22Z'
      message: Plugin reconciled successfully
      observedGeneration: 1
      reason: UIPluginReconciled
      status: 'True'
      type: Reconciled
    - lastTransitionTime: '2024-09-02T06:42:22Z'
      message: ''
      observedGeneration: 1
      reason: UIPluginAvailable
      status: 'True'
      type: Available

      $ oc get clusterrole | grep cluster-logging
cluster-logging-application-view                                                       2024-09-02T06:42:21Z
cluster-logging-audit-view                                                             2024-09-02T06:42:22Z
cluster-logging-infrastructure-view                                                    2024-09-02T06:42:22Z
      $ oc delete clusterrole cluster-logging-application-view 
clusterrole.rbac.authorization.k8s.io "cluster-logging-application-view" deleted

      Check after sometime, deleted cluster role is unavailable.

      $ oc get clusterrole | grep cluster-logging
cluster-logging-audit-view                                                             2024-09-02T06:42:22Z
cluster-logging-infrastructure-view                                                    2024-09-02T06:42:22Z
cluster-logging.v6.0.0-9DbNYRH9zEMq8oztRE0nvzAeX4i6FKQ3hgLLfM                          2024-09-02T06:37:03Z

      Steps to reproduce:
      1) Deploy COO and provision a UI plugin manifest.
      2) Validate that cluster-logging-audit-view, cluster-logging-infrastructure-view and cluster-logging-application-view are created.
      3) Delete a cluster role manually from the above list
      4) Observe the cluster role status

      How reproducible: always

      Expected Result: COO should reconcile the deleted role

      Actual Result: COO does not reconcile the deleted role

      Additional Info:

      $ oc get csv
NAME                                   DISPLAY                          VERSION   REPLACES                               PHASE
cluster-logging.v6.0.0                 Red Hat OpenShift Logging        6.0.0                                            Succeeded
cluster-observability-operator.0.3.2   Cluster Observability Operator   0.3.2     cluster-observability-operator.0.2.0   Succeeded
loki-operator.v6.0.0                   Loki Operator                    6.0.0                                            Succeeded

            prasriva@redhat.com Pranshu Srivastava
            rhn-support-kbharti Kabir Bharti
            Simon Pasquier
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: