Commits on Mar 7, 2018

1. diagnostics: AggregatedLogging ClusterRoleBindings false negative fix …

   The clusterRoleBindings check can output false alarm even if `cluster-reader`
   role is assigned to fluentd service account and logging works as expected.
   
   The check used to query for `cluster-readers` CRB, but the common command
   `oc adm policy add-cluster-role-to-user cluster-reader system:serviceaccount:logging:aggregated-logging-fluentd`
   no longer appers to add the SA into `cluster-readers` group but instead
   creates cluster-reader-1 CRB.
   
   ```
   $ oc get clusterrolebindings cluster-readers -o yaml
   ...
   roleRef:
     name: cluster-reader
   ...
   userNames: null
   
   $ oc get clusterrolebindings
   NAME              ROLE            USERS  GROUPS                  SERVICE ACCOUNTS                   SUBJECTS
   ...
   cluster-reader    /cluster-reader                                management-infra/management-admin
   cluster-reader-0  /cluster-reader                                default/router
   cluster-reader-1  /cluster-reader                                logging/aggregated-logging-fluentd
   cluster-readers   /cluster-reader        system:cluster-readers
   ...
   ```
   
   This fix queries all clusterrolebindings, iterates over those, that have
   role `cluster-reader` and then validates there is a `cluster-reader` entry
   for `system:serviceaccount:logging:aggregated-logging-fluentd`

   Jan Wozniak authored and openshift-cherrypick-robot committed Mar 7, 2018
   Configuration menu

   • View commit details
   • Copy full SHA for 59a7133
   • Browse repository at this point

   Copy the full SHA

   59a7133 View commit details

   Browse the repository at this point in the history