-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating #11292
Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating #11292
Conversation
4d1301c
to
92e514e
Compare
92e514e
to
2781a8a
Compare
50e67e1
to
2a9eefe
Compare
@debsmita1: This pull request references Bugzilla bug 2076553, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @jerolimov |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all these new tests! Need to take a deeper look tomorrow, here a small suggestion:
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Patch, updateRoles, roleBinding)); | ||
roleBindingRequests.push( | ||
...sendRoleBindingRequest(Verb.Patch, updateRoles, _.clone(roleBinding)), | ||
); | ||
} | ||
if (!_.isEmpty(removeRoles)) { | ||
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Remove, removeRoles, roleBinding)); | ||
roleBindingRequests.push( | ||
...sendRoleBindingRequest(Verb.Remove, removeRoles, _.clone(roleBinding)), | ||
); | ||
} | ||
if (!_.isEmpty(newRoles)) { | ||
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Create, newRoles, roleBinding)); | ||
roleBindingRequests.push( | ||
...sendRoleBindingRequest(Verb.Create, newRoles, _.clone(roleBinding)), | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The caller should not know that sendRoleBindingRequest
implementation and that it changes the parameter internally. This should be an implementation detail.
When it's easier to mutate the roleBinding parameter instead of using a spread operator in sendRoleBindingRequest
you clone it inside instead, or?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@debsmita1, for me it doesn't fix the bug https://bugzilla.redhat.com/show_bug.cgi?id=2076553
I imported this YAML:
apiVersion: user.openshift.io/v1
kind: Group
metadata:
name: a-group
users:
- user1
- user2
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
generateName: a-group-binding
subjects:
- kind: Group
apiGroup: rbac.authorization.k8s.io
name: a-group
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
Change the role from the group "a-group" from View to Edit
Search for the newly created RoleBinding "a-group-edit....":
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: a-group-edit-185ab3d55b1625a8
subjects:
- kind: User # <-- Should be Group
apiGroup: rbac.authorization.k8s.io
name: a-group
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: edit
2a9eefe
to
11fad84
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested both bugs and works fine 👍
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: debsmita1, jerolimov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@debsmita1: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
@debsmita1: All pull requests linked via external trackers have merged: Bugzilla bug 2076553 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.10 |
@debsmita1: #11292 failed to apply on top of branch "release-4.10":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=2076553
https://bugzilla.redhat.com/show_bug.cgi?id=2067064
Solution description:
Test coverage:
/kind bug