-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.20
-
None
-
None
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When running a gatewayAPI test to check if gateway creation can be succcessfully blocked if a non cluster-admin attempts to create the resource, the test fails because the test-user is able to successfully create a gateway
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Create a gatewayClass
2. attempt to create a gateway as any user that is not a cluster or kubeadmin
3.
Actual results:
User is not blocked and can create a gateway
Test expects an error to occur, but no error occurs:
[FAILED] Expected an error to have occurred. Got:
<nil>: nil
Expected results:
Test-User should get error message like below
Additional info:
When testing on a standalone hypershift-hosted cluster, we get as expected:
Error from server (Forbidden): error when creating "/tmp/e2e-test-gatewayapi-8m7k4-ap2tidh9-temp-resource.json": gateways.gateway.networking.k8s.io is forbidden: User "e2e-test-gatewayapi-8m7k4-user" cannot create resource "gateways" in API group "gateway.networking.k8s.io" in the namespace "openshift-ingress"