-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
4.15.z
-
None
-
Moderate
-
Yes
-
False
-
Description of problem:
volumesnapshot admission webhook should block some invalid creatation like if volumeSnapshotClassName is "" $ more storage/snapshot/invalid-volumesnapshot-snapshotclass-nil.yaml apiVersion: snapshot.storage.k8s.io/v1 kind: VolumeSnapshot metadata: name: mysnapshot spec: volumeSnapshotClassName: "" source: persistentVolumeClaimName: mypvc-ori In 4.16, it will be rejected as expected as below: $ oc create -f storage/snapshot/invalid-volumesnapshot-snapshotclass-nil.yaml Error from server: error when creating "storage/snapshot/invalid-volumesnapshot-snapshotclass-nil.yaml": admission webhook "volumesnapshotclasses.snapshot.storage.k8s.io" denied the request: Spec.VolumeSnapshotClassName must not be the empty string. But in 4.15, it passed: $ oc create -f storage/snapshot/invalid-volumesnapshot-snapshotclass-nil.yaml volumesnapshot.snapshot.storage.k8s.io/mysnapshot created And in the snapshot-webhook log, I did not see any log about mysnapshot: $ oc -n openshift-cluster-storage-operator logs csi-snapshot-webhook-f996557d-c92rl | grep mysnapshot $ oc -n openshift-cluster-storage-operator logs csi-snapshot-webhook-f996557d-nsnfg | grep mysnapshot
Version-Release number of selected component (if applicable):
4.15.0-0.nightly-2024-03-24-023440
How reproducible:
always
Steps to Reproduce:
See description
Actual results:
The invalid creation is not rejected in 4.15.
Expected results:
The invalid creation should be rejected like in 4.16.
Additional info:
- duplicates
-
-
- Closed
-