This makes tests that assert isProjectClean() fail unexpectedly.
Note: it has been suggested that the issue wouldn't be hit in case the xtf.openshift.namespace and the xtf.bm.namespace properties are set to two different values. In such a case the case when those are not should be handled.
When being instantiated,
BuildManager
wants for the authenticated users group to be able and access images it stores, see describe rolebinding.rbacThis is described by the docs, see https://docs.openshift.com/container-platform/4.12/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-across-projects_using-image-pull-secrets but in some cases it clashes with downstream business logic, e.g.: when calling OpenShiftWaiters.isProjectClean(), a list of removable resources is collected and the an unexpected role binding - named
system:image-puller
is found, holding the connection between thesystem:image-puller
role itself and the authenticated users group.This makes tests that assert
isProjectClean()
fail unexpectedly.Note: it has been suggested that the issue wouldn't be hit in case the
xtf.openshift.namespace
and thextf.bm.namespace
properties are set to two different values. In such a case the case when those are not should be handled.