-
Bug
-
Resolution: Done
-
Normal
-
None
-
1
-
False
-
-
False
-
-
Bug Fix
-
Done
-
-
-
RHDH Plugins 3266, RHDH Plugins 3267, RHDH Plugins 3268, RHDH Plugins 3269, RHDH Plugins 3270, RHDH Plugins 3271, RHDH Plugins 3272, RHDH Plugins 3273
Description of problem:
When role name is updated using RBAC API
PUT </api/permission/roles/:kind/:namespace/:name>
it is correctly updated for users and groups, but it is not updated for any existing permissions which stay mapped to the old role name.
Metadata is also not updated correctly.
Prerequisites (if any, like setup, operators/versions):
Steps to Reproduce
1. Create role `viewer`:
curl -X POST "http://localhost:7007/api/permission/roles" -d '{ "memberReferences": [ "user:default/dzemanov" ], "name": "role:default/viewer" }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
2. Add permission to viewer
curl -X POST "http://localhost:7007/api/permission/policies" -d '[{"entityReference": "role:default/viewer", "permission": "catalog-entity", "policy": "read", "effect":"allow"}]' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
3. Rename role
curl -X PUT "http://localhost:7007/api/permission/roles/role/default/viewer" -d '{ "oldRole": { "memberReferences": [ "user:default/dzemanov" ], "name": "role:default/viewer" }, "newRole": { "memberReferences": [ "user:default/dzemanov" ], "name": "role:default/viewer2" } }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
Actual results:
Before role name update:
After role name update:
Expected results:
Permissions are updated as well.
Reproducibility (Always/Intermittent/Only Once):
Always