Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
4.10.z
-
Important
-
No
-
Rejected
-
False
-
-
Description
Description of problem:
Observed inconsistency between Project and Namespace. Label added for the project when entered empty string. However the label or annotate with a string value to a Namespace or project doesn't work.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Create a project : `$ oc create namespace testproject` 2. Assign admin access to user : `$ oc adm policy add-role-to-user admin testuser -n testproject` 3. Login with the user : `$ oc login -u testuser` 4. Label ns : `$ oc label ns testproject test1=label1` 5. Annotate ns : `$ oc annotate ns testproject openshift.io/node-selector=test2=test2` 6. Label project : `$ oc label project testproject test1=label1` 7. Annotate project : `$ oc annotate project testproject openshift.io/node-selector=test2=test2` 8. Label project (this specific label worked): `$ oc label project testproject policy-group.network.openshift.io/ingress=""`
Actual results:
When a new label with non-empty string is added to a project, validation error will occur . And when a new label with empty string is added to a project, the project is labeled : ~~~ $ oc label project testproject policy-group.network.openshift.io/ingress=""` project.project.openshift.io/testproject labeled ~~~
Expected results:
Additional info:
The project Admin does not have access to modify the project/namespace resource itself. Label ns : `$ oc label ns testproject test1=label1` ~~~ Error from server (Forbidden): namespaces "testproject" is forbidden: User "testuser" cannot patch resource "namespaces" in API group "" in the namespace "testproject" ~~~ Annotate ns : `$ oc annotate ns testproject openshift.io/node-selector=test2=test2` ~~~ Error from server (Forbidden): namespaces "testproject" is forbidden: User "testuser" cannot patch resource "namespaces" in API group "" in the namespace "testproject" ~~~ Label project : `$ oc label project testproject test1=label1` ~~~ The Project "testproject" is invalid: metadata.labels[test1]: Invalid value: "label1": field is immutable, , try updating the namespace ~~~ Annotate project : `$ oc annotate project testproject openshift.io/node-selector=test2=test2` ~~~ The Project "testproject" is invalid: metadata.annotations[openshift.io/node-selector]: Invalid value: "test2=test2": field is immutable, try updating the namespace ~~~ However when tried with empty string : It worked : ~~~ $ oc label project testproject policy-group.network.openshift.io/ingress="" project.project.openshift.io/testproject labeled ~~~
