Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-834

RBAC API: updating role name doesn't update it in policies

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • 1.7.0
    • None
    • RBAC Plugin
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      = Fixed role name updates via API to correctly propagate to permissions, metadata, and conditions

      Previously, when a role name was updated using the RBAC API, existing permissions, conditions, and metadata were not updated and remained mapped to the old role name.
      With this update, role name changes are now correctly updated.
      Show
      = Fixed role name updates via API to correctly propagate to permissions, metadata, and conditions Previously, when a role name was updated using the RBAC API, existing permissions, conditions, and metadata were not updated and remained mapped to the old role name. With this update, role name changes are now correctly updated.
    • Bug Fix
    • Done
    • RHDH Plugins 3266, RHDH Plugins 3267, RHDH Plugins 3268, RHDH Plugins 3269, RHDH Plugins 3270, RHDH Plugins 3271, RHDH Plugins 3272, RHDH Plugins 3273

      Description of problem:

      When role name is updated using RBAC API

      PUT </api/permission/roles/:kind/:namespace/:name>
      

      it is correctly updated for users and groups, but it is not updated for any existing permissions which stay mapped to the old role name.

      Metadata is also not updated correctly.

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

      1. Create role `viewer`:

      curl -X POST "http://localhost:7007/api/permission/roles" -d '{ "memberReferences":  [ "user:default/dzemanov" ], "name": "role:default/viewer" }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
      

      2. Add permission to viewer

      curl -X POST "http://localhost:7007/api/permission/policies" -d '[{"entityReference": "role:default/viewer", "permission": "catalog-entity", "policy": "read", "effect":"allow"}]' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
      

      3. Rename role

      curl -X PUT "http://localhost:7007/api/permission/roles/role/default/viewer" -d '{ "oldRole": { "memberReferences":  [ "user:default/dzemanov" ], "name": "role:default/viewer" }, "newRole": { "memberReferences": [ "user:default/dzemanov" ], "name": "role:default/viewer2" } }' -H "Content-Type: application/json" -H "Authorization: Bearer $token" -v
      

      Actual results:

      Before role name update:

       

      After role name update:

      Expected results:

      Permissions are updated as well.

      Reproducibility (Always/Intermittent/Only Once):

      Always

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

        1. end.png
          end.png
          170 kB
        2. start.png
          start.png
          168 kB

              rh-ee-dzemanov Dominika Zemanovicova
              rh-ee-dzemanov Dominika Zemanovicova
              RHIDP - Plugins
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: