Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 1514333

Summary: Adding the role to user mulitple time for same role and user.
Product: OpenShift Container Platform Reporter: Bhavani CR <bhavani.r>
Component: AuthAssignee: Simo Sorce <ssorce>
Status: CLOSED NOTABUG QA Contact: Chuan Yu <chuyu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: aos-bugs
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-15 14:46:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Bhavani CR 2017-11-17 06:39:39 UTC
Description of problem:

Adding the role to user mulitple time for same role and user.
for example:- 
oadm policy add-role-to-user view user1
role "view" added: "user1"

oadm policy add-role-to-user view user1
role "view" added: "user1"


Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.6.173.0.48-1.git.0.1609d30.el7.noarch

How reproducible:
Execution of command through CLI

Steps to Reproduce:
1.Login to openshift
2.oadm policy add-role-to-user view user1


Actual results:
It is successfully adding same role to group.

Expected results:
It should verify that the particular role is added to the user.
If the role is added again to same user , it must throw an error.

Additional info:

Comment 1 Simo Sorce 2017-12-15 14:46:05 UTC
I do not think this is something we want to do.

In general we prefer idempotency, so that if the result of the requested action is obtained we do not error, even if nothing was doen to obtain it.

This make declarative configuration (think Ansible) much easier as the result of operation (errors) depends on whether the desired outcome is achieved, and not how it is achieved.