Bug 1212744

Summary: The project admin can not create endpoints of external service
Product: OKD Reporter: zhou ying <yinzhou>
Component: ContainersAssignee: David Eads <deads>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.xCC: mmccomas, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-07 23:45:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description zhou ying 2015-04-17 09:19:52 UTC 
Description of problem:
When user as project admin can not create  endpoints of external service.

Version-Release number of selected component (if applicable):
openshift v0.4.3.2-65-gceb2b12
kubernetes v0.14.1-582-gb12d75d
osc v0.4.3-168-g120e84a


How reproducible:
always


Steps to Reproduce:
1.Create a project:
openshift ex new-project zhouy --display-name="OpenShift 3 Sample" --description="This is an example project to demonstrate OpenShift v3" --admin=zhouy
2.Use the user login,and use the project:
osc login -u zhouy -p pass
osc project zhouy
3. Create an external service:
osc create -f  external-service.json
{
    "kind": "Config",
    "apiVersion": "v1beta1",
    "metadata": {
        "creationTimestamp": null
    },
    "items": [
        {
            "kind": "Service",
            "id": "external-database",
            "creationTimestamp": null,
            "apiVersion": "v1beta3",
            "protocol": "TCP",
            "sessionAffinity": "None",
            "metadata":{
            "name":"example-mysql-service"
            },
            "spec":{
            "ports":[{"port":36971 }]  }
        },
        {
            "kind": "Endpoints",
            "apiVersion": "v1beta3",
            "metadata": {
            "name": "example-mysql-service"
            },
            "endpoints": [
                {"ip": "10.14.6.112",
                   "port":36971}
            ]
        }
    ]
}


Actual results:
Prompt:Error: "/api/v1beta1/endpoints?namespace=zhouy" is forbidden because zhouy cannot create on endpoints in zhouy

Expected results:
The external service and endpoints create successfully, no error occur.

Additional info:
When account as 'cluster-admin' can create service and endpoints successfully.
Comment 1 David Eads 2015-04-20 20:10:07 UTC 
See https://github.com/openshift/origin/pull/1819
Comment 2 zhou ying 2015-04-21 09:47:13 UTC 
Confirmed , working now.
openshift v0.4.3-255-gc4eb472
kubernetes v0.14.1-582-gb12d75d