Details
-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
4.11, 4.10.z
-
None
-
Proposed
-
False
-
Description
Description of problem:
Naming collision for RBAC policies with overlapping OperatorGroups targets
Version-Release number of selected component (if applicable):
Client Version: 4.10.30 Server Version: 4.10.46 Kubernetes Version: v1.23.12+8a6bfe4
How reproducible:
Everytime
Steps to Reproduce:
1. Checkout the manifests in https://github.com/MichaelWasher/OCPBUGS-5900 . This should allow for easy reproduction and description of what I believe is going on
Actual results:
The RBAC policies of one OperatorGroup+InstallPlan are affected by an install in a separate OperatorGroup+InstallPlan.
Expected results:
All RBAC policies associated with a CSV install are unique to that CSV/InstallPlan object.
Additional info:
I believe the RBAC policies are created here but I'm not familiar with the code-base so this might not be correct: [RBAC.go|https://github.com/operator-framework/operator-lifecycle-manager/blob/e7c2de358aca6f6a2ba94df64abfb19434d3e239/pkg/controller/registry/resolver/rbac.go/#L93-L125] From the link we can see that the naming conventions are based on the CSV name, which will be shared among namespaced installs.