Open
Description
Bug description
When I create ServiceBinding where:
- the workload is a Pod that exists
- I've provided the correct RBAC for reading service
- the service is a Secret that doesn't exist
I get Ready=True
Expected behaviour
I getReady=False, the service does not exist.
Steps to reproduce the bug
$ kubectl run nginx --image=nginx --restart=Never
$ kapply() { kaf <(echo "$1") } # func for convenience
$ kapply '# iterate-stk-secret-reader.yaml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: stk-secret-reader
labels:
servicebinding.io/controller: "true"
rules:
- apiGroups: [""]
resources: ["secrets", "pods" ]
verbs: ["get", "list", "watch"]'
$ kapply 'apiVersion: servicebinding.io/v1beta1
kind: ServiceBinding
metadata:
name: test-sb
spec:
name: database
service:
apiVersion: v1
kind: Secret
name: test
workload:
apiVersion: v1
kind: Pod
name: nginx'
$ kubectl get secrets
No resources found in default namespace.
$ kubectl get servicebinding
NAME READY REASON AGE
test-sb True Ready 6m55s
**Version (Tanzu Application Platform version, K8s version) **
Definitely in 0.7.2 of this, unsure what versions are affecred.
Environment where the bug was observed (cloud, OS, etc)
I observed it in Kind