Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.15.0
Affects Version/s: 4.15
Component/s: apiserver-auth
Labels:
- UpdateRecommendationsBlocked
- UpgradeBlocker

Severity:
Critical
Regression:
No
Sprint:
Auth - Sprint 245
sprint_count:
1
Release Blocker:
Approved
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.15.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

We shouldn't enforce PSa in 4.15, neither by label sync, neither by global cluster config.

Version-Release number of selected component (if applicable):

4.15

How reproducible:

100%

Steps to Reproduce:

As a cluster admin:
1. create two new namespaces/projects: pokus, openshift-pokus
2. as a cluster-admin, attempt to create a privileged pod in both the namespaces from 1.

Actual results:

pod creation is blocked by pod security admission

Expected results:

only a warning about pod violating the namespace pod security level should be emitted

Additional info:

clones

OCPBUGS-16726 [4.14] don't enforce PSa in 4.14

Closed

depends on

OCPBUGS-26466 [4.16] don't enforce PSa in 4.16

Closed

is cloned by

OCPBUGS-26466 [4.16] don't enforce PSa in 4.16

Closed

links to

openshift/api#1717: OCPBUGS-26441: disable psa

openshift/client-go#271: OCPBUGS-26441: Bump api 4.15

RHSA-2023:7198 OpenShift Container Platform 4.15 security update

Verification reference for "OCPBUGS-16726 don't enforce PSa in 4.14"

(2 links to)

Assignee:: Krzysztof Ostrowski

Reporter:: Stanislav Láznička (Inactive)

QA Contact:: Deepak Punia (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2024/01/08 2:15 PM

Updated:: 2024/04/29 5:03 PM

Resolved:: 2024/02/27 9:07 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates