Use dedicated rolebinding to store owner
The following discussion from !4 (merged) should be addressed:
-
@alossent started a discussion: Site owner may add other admins to the default
admin
rolebinding (e.g. by giving other users theadmin
role in the web console). So we cannot just replace theadmin
rolebinding on owner change, this will remove all other admins as well. I think the logic in current openshift-site-manager code is to remove the previous owner and add the new owner.A better solution could be to use another, dedicated rolebinding resource to store the owner and give it the
admin
role, which we clearly mark as being managed by us (set an appropriatedescription
annotation). Then it's OK to overwrite any user changes. Mayberolebinding/paas-site-owner
?This means we leave the default
admin
rolebinding untouched. (I think it's created automatically)