Created
April 7, 2020 18:14
-
-
Save yiqigao217/d142f8e6a5f5a9c9c3e1bd09f218b7c5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---------------------------------------------------- | |
| Trying to clean up from last run (this may fail, and that's fine) | |
| Error from server (NotFound): namespaces "parent-605" not found | |
| Error from server (NotFound): namespaces "child-605" not found | |
| Error from server (NotFound): namespaces "grandchild-605" not found | |
| Error from server (NotFound): namespaces "greatgrandchild-605" not found | |
| ---------------------------------------------------- | |
| Setting up hierarchy with rolebinding that HNC doesn't have permission to copy | |
| namespace/parent-605 created | |
| namespace/child-605 created | |
| namespace/grandchild-605 created | |
| namespace/greatgrandchild-605 created | |
| Setting the parent of child-605 to parent-605 | |
| child-605 allowCascadingDelete is already false; unchanged | |
| Succesfully updated 1 property of the hierarchical configuration of child-605 | |
| Setting the parent of grandchild-605 to child-605 | |
| grandchild-605 allowCascadingDelete is already false; unchanged | |
| Succesfully updated 1 property of the hierarchical configuration of grandchild-605 | |
| Setting the parent of greatgrandchild-605 to grandchild-605 | |
| greatgrandchild-605 allowCascadingDelete is already false; unchanged | |
| Succesfully updated 1 property of the hierarchical configuration of greatgrandchild-605 | |
| rolebinding.rbac.authorization.k8s.io/cluster-admin-rb created | |
| Waiting 2s... | |
| ---------------------------------------------------- | |
| Tree should show CannotPropagateObject in 'parent-605' and CannotUpdateObject in 'child-605' and 'grandchild-605' | |
| parent-605 (1) | |
| └── child-605 (2) | |
| └── grandchild-605 (2) | |
| └── greatgrandchild-605 (2) | |
| Conditions: | |
| 1) CannotPropagateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
| {APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
| {NonResourceURLs:["*"], Verbs:["*"]} | |
| 2) CannotUpdateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
| {APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
| {NonResourceURLs:["*"], Verbs:["*"]} | |
| ---------------------------------------------------- | |
| Removing the grandchild and verifying that the condition is gone in grandchild and greatgrandchild. Parent and child should still have the conditions. | |
| Unsetting the parent of grandchild-605 (was previously child-605) | |
| grandchild-605 allowCascadingDelete is already false; unchanged | |
| Succesfully updated 1 property of the hierarchical configuration of grandchild-605 | |
| ---------------------------------------------------- | |
| There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
| grandchild-605 | |
| └── greatgrandchild-605 (1) | |
| Conditions: | |
| 1) CannotUpdateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
| {APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
| {NonResourceURLs:["*"], Verbs:["*"]} | |
| Waiting 1s.. | |
| ---------------------------------------------------- | |
| There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
| grandchild-605 | |
| └── greatgrandchild-605 | |
| Waiting 1s.. | |
| ---------------------------------------------------- | |
| There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
| grandchild-605 | |
| └── greatgrandchild-605 | |
| Waiting 1s.. | |
| ---------------------------------------------------- | |
| There should no longer be any conditions in 'grandchild-605' and 'greatgrandchild-605' | |
| grandchild-605 | |
| └── greatgrandchild-605 | |
| Waiting 1s.. | |
| ---------------------------------------------------- | |
| There should still be CannotPropagate condition in 'parent-605' and CannotUpdate condition in 'child-605' | |
| parent-605 (1) | |
| └── child-605 (2) | |
| Conditions: | |
| 1) CannotPropagateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
| {APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
| {NonResourceURLs:["*"], Verbs:["*"]} | |
| 2) CannotUpdateObject: Could not write: rolebindings.rbac.authorization.k8s.io "cluster-admin-rb" is forbidden: user "system:serviceaccount:hnc-system:default" (groups=["system:serviceaccounts" "system:serviceaccounts:hnc-system" "system:authenticated"]) is attempting to grant RBAC permissions not currently held: | |
| {APIGroups:["*"], Resources:["*"], Verbs:["*"]} | |
| {NonResourceURLs:["*"], Verbs:["*"]} | |
| ---------------------------------------------------- | |
| Cleaning up | |
| namespace "parent-605" deleted | |
| namespace "child-605" deleted | |
| namespace "grandchild-605" deleted | |
| namespace "greatgrandchild-605" deleted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment