Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-65727

Security context constraint pod admission is reporting wrong field path for spec.hostUsers errors

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • Done
    • Bug Fix
    • Hide
      * Before this update, there was an incorrect error field path for `hostUsers` when validating a security context constraint. It was shown as `.spec.securityContext.hostUsers`, but `hostUsers` is not in the security context. With this release, the error field path is now `.spec.hostUsers` (link:https://issues.redhat.com/browse/OCPBUGS-65727[OCPBUGS-65727])
      _____________
      Fix wrong fields paths in user-facing pod admission error messages
      Show
      * Before this update, there was an incorrect error field path for `hostUsers` when validating a security context constraint. It was shown as `.spec.securityContext.hostUsers`, but `hostUsers` is not in the security context. With this release, the error field path is now `.spec.hostUsers` (link: https://issues.redhat.com/browse/OCPBUGS-65727 [ OCPBUGS-65727 ]) _____________ Fix wrong fields paths in user-facing pod admission error messages
    • None
    • None
    • None
    • None

      Description of problem:

          When applying for restricted-v3 scc and failing, the associated error message mentions wrong field path for hostUsers. It's not places in .spec.securityContext, just in .spec:

E1104 08:33:35.763522       1 task.go:128] "Unhandled Error" err="error running apply for deployment \"openshift-controller-manager-operator/openshift-controller-manager-operator\" (491 of 958): deployment openshift-controller-manager-operator/openshift-controller-manager-operator has a replica failure FailedCreate: pods \"openshift-controller-manager-operator-b445854f4-\" is forbidden: unable to validate against any security context constraint: provider restricted-v3: .spec.securityContext.hostUsers: Invalid value: null: Host Users must be set to false" logger="UnhandledError"

      Version-Release number of selected component (if applicable):

      How reproducible:

          Always

      Steps to Reproduce:

          1. Create a deployment requiring restricted-v3 and not setting hostUsers: false
    2. See the deployment rollout error message

      Actual results:

      unable to validate against any security context constraint: provider restricted-v3: .spec.securityContext.hostUsers: Invalid value: null: Host Users must be set to false

      Expected results:

      unable to validate against any security context constraint: provider restricted-v3: .spec.hostUsers: Invalid value: null: Host Users must be set to false  

      Additional info:

              rh-ee-okupka Ondřej Kupka
              rh-ee-okupka Ondřej Kupka
              None
              None
              Rohit Patil Rohit Patil
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: