error message is not easily readable

[mcada]

When playing with the script I end up with following error:

$ bash install_ocp.sh --setup --grant noadmin --cluster
/FUSE/fuse-online-install /FUSE/fuse-online-install
/FUSE/fuse-online-install
Installing Syndesis CRD
shared resources were previously installed
Grant permission to create Syndesis to user noadmin
error: Object:
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    labels:
      app: syndesis
      syndesis.io/app: syndesis
      syndesis.io/component: syndesis-operator
      syndesis.io/type: operator
    name: syndesis-installer
    namespace: default
  rules:
  - apiGroups:
    - ""
    resources:
    - serviceaccounts
    verbs:
    - impersonate
  - apiGroups:
    - ""
    resources:
    - namespaces
    verbs:
    - get
  - apiGroups:
    - ""
    - project.openshift.io
    resources:
    - projects
    verbs:
    - get
  - apiGroups:
    - ""
    resources:
    - serviceaccounts
    verbs:
    - impersonate
  - apiGroups:
    - ""
    resources:
    - pods
    - pods/exec
    - services
    - endpoints
    - persistentvolumeclaims
    - configmaps
    - secrets
    - serviceaccounts
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    resources:
    - replicationcontrollers
    - replicationcontrollers/scale
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - apps
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - replicasets
    - replicasets/scale
    - statefulsets
    - statefulsets/scale
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - extensions
    resources:
    - daemonsets
    - deployments
    - deployments/scale
    - ingresses
    - networkpolicies
    - replicasets
    - replicasets/scale
    - replicationcontrollers/scale
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    resources:
    - bindings
    - events
    - limitranges
    - namespaces/status
    - pods/log
    - pods/status
    - replicationcontrollers/status
    - resourcequotas
    - resourcequotas/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - buildconfigs
    - buildconfigs/webhooks
    - builds
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - buildconfigs/instantiate
    - buildconfigs/instantiatebinary
    - builds/clone
    verbs:
    - create
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - builds/details
    verbs:
    - update
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - builds/log
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigs
    - deploymentconfigs/scale
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigrollbacks
    - deploymentconfigs/instantiate
    - deploymentconfigs/rollback
    verbs:
    - create
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigs/log
    - deploymentconfigs/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - image.openshift.io
    resources:
    - imagestreams
    - imagestreamimages
    - imagestreammappings
    - imagestreams/secrets
    - imagestreamtags
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - image.openshift.io
    resources:
    - imagestreamimports
    verbs:
    - create
  - apiGroups:
    - ""
    - image.openshift.io
    resources:
    - imagestreams/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - route.openshift.io
    resources:
    - routes
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - template.openshift.io
    resources:
    - processedtemplates
    - templateconfigs
    - templateinstances
    - templates
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - buildlogs
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - syndesis.io
    resources:
    - '*'
    - '*/finalizers'
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    resources:
    - pods
    - services
    - endpoints
    - persistentvolumeclaims
    - configmaps
    - secrets
    - serviceaccounts
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    resources:
    - pods/log
    verbs:
    - get
  - apiGroups:
    - ""
    resources:
    - replicationcontrollers
    - replicationcontrollers/scale
    - replicationcontrollers/status
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    - build.openshift.io
    resources:
    - builds
    - buildconfigs
    - builds/details
    - buildconfigs/webhooks
    - buildconfigs/instantiatebinary
    - builds/log
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigs
    - deploymentconfigs/scale
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigrollbacks
    - deploymentconfigs/instantiate
    - deploymentconfigs/rollback
    verbs:
    - create
  - apiGroups:
    - ""
    - apps.openshift.io
    resources:
    - deploymentconfigs/log
    - deploymentconfigs/status
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    - image.openshift.io
    resources:
    - imagestreams
    - imagestreamimages
    - imagestreammappings
    - imagestreams/secrets
    - imagestreamtags
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - ""
    - image.openshift.io
    resources:
    - imagestreams/status
    - imagestreamimports
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - ""
    resources:
    - events
    verbs:
    - get
    - list
  - apiGroups:
    - rbac.authorization.k8s.io
    resources:
    - roles
    - rolebindings
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - ""
    - template.openshift.io
    resources:
    - processedtemplates
    - templateconfigs
    - templateinstances
    - templates
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - authorization.openshift.io
    resources:
    - rolebindings
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - route.openshift.io
    resources:
    - routes
    - routes/custom-host
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
    - patch
  - apiGroups:
    - camel.apache.org
    resources:
    - '*'
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - monitoring.coreos.com
    resources:
    - alertmanagers
    - prometheuses
    - servicemonitors
    - prometheusrules
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - integreatly.org
    resources:
    - grafanadashboards
    verbs:
    - get
    - list
    - create
    - update
    - delete
    - deletecollection
    - watch
  - apiGroups:
    - serving.knative.dev
    resources:
    - services
    verbs:
    - get
    - list
    - watch
  - apiGroups:
    - eventing.knative.dev
    resources:
    - channels
    verbs:
    - get
    - list
    - watch
: ReconcileFn cannot mutate objects namespace

We may consider a different approach to error handling but yeah it works as is.

EDIT: Or maybe it does not work? So I created another user in minishift and tried to add him rights to install syndesis with bash install_ocp.sh --setup --grant noadmin --cluster (run from admin user). This ends with mentioned error and user noadmin is not able to install syndesis. Maybe I did something wrong?

[heiko-braun]

@mcada Would you mind to create an ENTESB instead?

[mcada]

I deleted and re-created minishift to have clean environment, repeated the same procedure with admin setting rights and noadmin running syndesis and now it works :/ so either I did something wrong for the first time or it was some minishift magic. Anyway this issue is about error message so I will leave it open. Sure I can create Jira issue, just thought that this error message format is minor community work :)

[heiko-braun]

Fair enough, thanks for double checkin. @nicolaferraro does that error message above ring a bell?

[phantomjinx]

Issue has been marked as stale and closed. If it is really required then please reopen and request with justification accordingly.