Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating #11292

Merged
merged 1 commit into from
May 17, 2022
Merged

Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating #11292

merged 1 commit into from
May 17, 2022

Conversation

debsmita1
Copy link
Contributor

@debsmita1 debsmita1 commented Apr 6, 2022
edited
Loading

Fixes:
https://bugzilla.redhat.com/show_bug.cgi?id=2076553
https://bugzilla.redhat.com/show_bug.cgi?id=2067064

Solution description:

  • saving the whole subject instead of the subject name
  • handling the roles with multiple subjects properly
  • added tests

Test coverage:
Screenshot from 2022-05-05 00-17-33

/kind bug

@debsmita1 debsmita1 changed the title fix rolebinding in DevConsole dropping all subjects when updating [WIP] fix rolebinding in DevConsole dropping all subjects when updating Apr 6, 2022
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 6, 2022
@openshift-ci openshift-ci bot added the component/dev-console Related to dev-console label Apr 6, 2022
@debsmita1 debsmita1 force-pushed the projectaccess-update-subjects branch from 4d1301c to 92e514e Compare April 6, 2022 19:03
@openshift-ci openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 23, 2022
@debsmita1 debsmita1 force-pushed the projectaccess-update-subjects branch from 92e514e to 2781a8a Compare April 28, 2022 18:24
@openshift-ci openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Apr 28, 2022
@debsmita1 debsmita1 force-pushed the projectaccess-update-subjects branch 5 times, most recently from 50e67e1 to 2a9eefe Compare May 4, 2022 18:42
@debsmita1 debsmita1 changed the title [WIP] fix rolebinding in DevConsole dropping all subjects when updating Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating May 4, 2022
@openshift-ci openshift-ci bot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels May 4, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 4, 2022

@debsmita1: This pull request references Bugzilla bug 2076553, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.11.0) matches configured target release for branch (4.11.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @sanketpathak

In response to this:

Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@debsmita1
Copy link
Contributor Author

/assign @jerolimov

@openshift-ci openshift-ci bot requested review from sanketpathak and removed request for nemesis09 May 4, 2022 18:49
@jerolimov
Copy link
Member

/retest

jerolimov
jerolimov suggested changes May 9, 2022
View reviewed changes
Copy link
Member

@jerolimov jerolimov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all these new tests! Need to take a deeper look tomorrow, here a small suggestion:

frontend/packages/dev-console/src/components/project-access/ProjectAccess.tsx Outdated
Comment on lines 92 to 101
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Patch, updateRoles, roleBinding));
roleBindingRequests.push(
...sendRoleBindingRequest(Verb.Patch, updateRoles, _.clone(roleBinding)),
);
}
if (!_.isEmpty(removeRoles)) {
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Remove, removeRoles, roleBinding));
roleBindingRequests.push(
...sendRoleBindingRequest(Verb.Remove, removeRoles, _.clone(roleBinding)),
);
}
if (!_.isEmpty(newRoles)) {
roleBindingRequests.push(...sendRoleBindingRequest(Verb.Create, newRoles, roleBinding));
roleBindingRequests.push(
...sendRoleBindingRequest(Verb.Create, newRoles, _.clone(roleBinding)),
);
Copy link
Member

@jerolimov jerolimov May 9, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The caller should not know that sendRoleBindingRequest implementation and that it changes the parameter internally. This should be an implementation detail.

When it's easier to mutate the roleBinding parameter instead of using a spread operator in sendRoleBindingRequest you clone it inside instead, or?

jerolimov
jerolimov suggested changes May 10, 2022
View reviewed changes
Copy link
Member

@jerolimov jerolimov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@debsmita1, for me it doesn't fix the bug https://bugzilla.redhat.com/show_bug.cgi?id=2076553

I imported this YAML:

apiVersion: user.openshift.io/v1
kind: Group
metadata:
  name: a-group
users:
  - user1
  - user2
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  generateName: a-group-binding
subjects:
  - kind: Group
    apiGroup: rbac.authorization.k8s.io
    name: a-group
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view

Change the role from the group "a-group" from View to Edit

Search for the newly created RoleBinding "a-group-edit....":

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: a-group-edit-185ab3d55b1625a8
subjects:
  - kind: User                                                # <-- Should be Group
    apiGroup: rbac.authorization.k8s.io
    name: a-group
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: edit

@debsmita1 debsmita1 force-pushed the projectaccess-update-subjects branch from 2a9eefe to 11fad84 Compare May 11, 2022 10:12
@debsmita1 debsmita1 requested a review from jerolimov May 11, 2022 10:14
jerolimov
jerolimov approved these changes May 17, 2022
View reviewed changes
Copy link
Member

@jerolimov jerolimov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested both bugs and works fine 👍

/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 17, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 17, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: debsmita1, jerolimov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 17, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 17, 2022

@debsmita1: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit fcae345 into openshift:master May 17, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 17, 2022

@debsmita1: All pull requests linked via external trackers have merged:

Bugzilla bug 2076553 has been moved to the MODIFIED state.

In response to this:

Bug 2076553: fix rolebinding in DevConsole dropping all subjects when updating

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@debsmita1
Copy link
Contributor Author

/cherry-pick release-4.10

@openshift-cherrypick-robot
Copy link

@debsmita1: #11292 failed to apply on top of branch "release-4.10":

Applying: fix rolebinding in DevConsole dropping all subjects when updating
Using index info to reconstruct a base tree...
M	frontend/packages/dev-console/src/components/project-access/ProjectAccess.tsx
M	frontend/packages/dev-console/src/components/project-access/ProjectAccessForm.tsx
M	frontend/packages/dev-console/src/components/project-access/project-access-form-validation-utils.ts
Falling back to patching base and 3-way merge...
Auto-merging frontend/packages/dev-console/src/components/project-access/project-access-form-validation-utils.ts
CONFLICT (content): Merge conflict in frontend/packages/dev-console/src/components/project-access/project-access-form-validation-utils.ts
Auto-merging frontend/packages/dev-console/src/components/project-access/ProjectAccessForm.tsx
Auto-merging frontend/packages/dev-console/src/components/project-access/ProjectAccess.tsx
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 fix rolebinding in DevConsole dropping all subjects when updating
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-4.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@debsmita1 debsmita1 mentioned this pull request May 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jerolimov jerolimov jerolimov approved these changes

@rohitkrai03 rohitkrai03 Awaiting requested review from rohitkrai03

@sanketpathak sanketpathak Awaiting requested review from sanketpathak

Assignees

@jerolimov jerolimov

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. component/dev-console Related to dev-console lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@debsmita1 @jerolimov @openshift-cherrypick-robot @openshift-merge-robot