Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1514333 - Adding the role to user mulitple time for same role and user.
Summary: Adding the role to user mulitple time for same role and user.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Auth
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Simo Sorce
QA Contact: Chuan Yu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-17 06:39 UTC by Bhavani CR
Modified: 2017-12-15 14:46 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-12-15 14:46:05 UTC


Attachments (Terms of Use)

Description Bhavani CR 2017-11-17 06:39:39 UTC
Description of problem:

Adding the role to user mulitple time for same role and user.
for example:- 
oadm policy add-role-to-user view user1
role "view" added: "user1"

oadm policy add-role-to-user view user1
role "view" added: "user1"


Version-Release number of selected component (if applicable):
atomic-openshift-utils-3.6.173.0.48-1.git.0.1609d30.el7.noarch

How reproducible:
Execution of command through CLI

Steps to Reproduce:
1.Login to openshift
2.oadm policy add-role-to-user view user1


Actual results:
It is successfully adding same role to group.

Expected results:
It should verify that the particular role is added to the user.
If the role is added again to same user , it must throw an error.

Additional info:

Comment 1 Simo Sorce 2017-12-15 14:46:05 UTC
I do not think this is something we want to do.

In general we prefer idempotency, so that if the result of the requested action is obtained we do not error, even if nothing was doen to obtain it.

This make declarative configuration (think Ansible) much easier as the result of operation (errors) depends on whether the desired outcome is achieved, and not how it is achieved.


Note You need to log in before you can comment on or make changes to this bug.