Origin: RBAC diagnostics output is not useful under cluster role aggregation

Created on 10 Apr 2018  路  4Comments  路  Source: openshift/origin

oc adm diagnostics is clearly based off of the "default" rules of the bootstrap cluster roles. However, since we aggregate into admin, edit and view, there are no "default" rules for these cluster roles anymore. Thus the command thinks every rule is "new", making the diagnostic useless.

See output in #19163

@openshift/sig-security

@php-coder @adelton Either of you have cycles to pick this up? We can discuss specifics on IRC.

aretechdebt help wanted sisecurity
Source
picture enj

Most helpful comment

oc adm diagnostics was removed by https://github.com/openshift/origin/pull/20814 I think this issue should be closed.

picture nak3 on 27 Sep 2018
👍2

All 4 comments

cc @juanvallejo @sosiouxme

enj picture enj on 12 Apr 2018

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot picture openshift-bot on 11 Jul 2018

/remove-lifecycle stale

simo5 picture simo5 on 11 Jul 2018

oc adm diagnostics was removed by https://github.com/openshift/origin/pull/20814 I think this issue should be closed.

nak3 picture nak3 on 27 Sep 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rhcarvalho picture rhcarvalho  路  51Comments
quintesse picture quintesse  路  49Comments
kargakis picture kargakis  路  43Comments
jeremyeder picture jeremyeder  路  59Comments
smarterclayton picture smarterclayton  路  72Comments