This makes tests that assert isProjectClean() fail unexpectedly.
Note: it has been suggested that the issue wouldn't be hit in case the xtf.openshift.namespace and the xtf.bm.namespace properties are set to two different values. In such a case the case when those are not should be handled.
When being instantiated,
BuildManagerwants for the authenticated users group to be able and access images it stores, see describe rolebinding.rbacThis is described by the docs, see https://docs.openshift.com/container-platform/4.12/openshift_images/managing_images/using-image-pull-secrets.html#images-allow-pods-to-reference-images-across-projects_using-image-pull-secrets but in some cases it clashes with downstream business logic, e.g.: when calling OpenShiftWaiters.isProjectClean(), a list of removable resources is collected and the an unexpected role binding - named
system:image-pulleris found, holding the connection between thesystem:image-pullerrole itself and the authenticated users group.This makes tests that assert
isProjectClean()fail unexpectedly.Note: it has been suggested that the issue wouldn't be hit in case the
xtf.openshift.namespaceand thextf.bm.namespaceproperties are set to two different values. In such a case the case when those are not should be handled.