Bug 1386401

Summary:	Editing project/namesace annotations; 'oc edit project' vs 'oc edit ns'
Product:	OpenShift Container Platform	Reporter:	Matt Woodson <mwoodson>
Component:	oc	Assignee:	Nobody <nobody>
oc sub component:	oc	QA Contact:	zhou ying <yinzhou>
Status:	CLOSED WONTFIX	Docs Contact:
Severity:	medium
Priority:	medium	CC:	ads.kuknus, albertdeesilva, AmandaOralie812, aos-bugs, berrange, dma, emmabrown0900, householdelsewhere, jokerman, mfojtik, mmccomas, Prind1932, pweil, valenzuelaferguson4560359, xxia
Version:	3.3.0	Keywords:	TestCaseNeeded
Target Milestone:	---
Target Release:	3.7.0
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-04-08 02:56:51 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Matt Woodson 2016-10-18 20:23:40 UTC

Description of problem:

I am trying to edit a project's annotation, namely "openshift.io/node-selector". 

If I do "oc edit project openshift-infra" and change the "openshift.io/node-selector" to "type=infra", and save it gives me the following error:

 Invalid value: "": field is immutable, try updating the namespace

If I try oc annotate, the same thing happens:

[root@ip-172-31-56-156 ~]# oc annotate project openshift-infra openshift.io/node-selector=type=infra --overwrite
The Project "openshift-infra" is invalid.
metadata.annotations[openshift.io/node-selector]: Invalid value: "type=infra": field is immutable, try updating the namespace
[root@ip-172-31-56-156 ~]#


Now, if I use "namespace" instead of "project" things work as expected.

oc edit namespace openshift-infra

OR

[root@ip-172-31-56-156 ~]# oc annotate namespace openshift-infra openshift.io/node-selector=type=infra --overwrite
namespace "openshift-infra" annotated

Things work as expected.


Version-Release number of selected component (if applicable):

I have seen this in 3.2.1.15 and 3.3.0.32


How reproducible:

Very

Steps to Reproduce:
1.  Install Openshift cluster
2.  oc edit project openshift-infra
3.  change/update the openshift.io/node-selector
4.  attempt to save

Actual results:

Error on saving. 

Expected results:

I would expect it to save the annotation as requested.

Additional info:

I don't understand why this works in ns and not project.  What is the difference?  If there a reason it works with one but not the other?

Comment 1 David Eads 2016-10-20 14:36:57 UTC

This could be enabled with a secondary authz check inside the RESTStorage backing the projects endpoint.  If you can update the namespace, you can update anything in the project.  You could also issue an impersonating request directly to the namespace which might be more reliable.

Comment 2 Mo 2016-11-01 13:23:24 UTC

WIP PR: https://github.com/openshift/origin/pull/11647

Comment 3 Mo 2017-04-08 02:56:51 UTC

Project is meant to be a limited permission view with specific constraints.  Changing that adds far too much complexity for no real gains.

Comment 4 RobertJones 2020-12-31 06:38:29 UTC Comment hidden (spam)

It is a website that has a bug with the status of the alias. They have an editing project with the namespace annotations for whiteboards. You must check https://uk.bestessays.com/research_proposal_service.html and get ideas to write a thesis. You can also attach your file status with test cases. Join them for more information.

Comment 7 valenzuela 2022-10-13 06:27:41 UTC Comment hidden (spam)

This article has been covered for a long time.(https://geometry-dash.co) I don't know if the website is still in use or not.

Comment 8 Albert Paterno 2022-10-26 10:50:12 UTC Comment hidden (spam)

(In reply to RobertJones from comment #4)
> It is a website that has a bug with the status of the alias. They have an
> editing project with the namespace annotations for whiteboards. You must
> check https://uk.bestessays.com/research_proposal_service.html and get ideas
> to write a thesis. You can also attach your file status with test cases.
> Join them for more information.

What I don't seriously have any idea what it technically means like to be as with that said I am on the edge of my seats with no idea being developed to overcome the problem I face for https://www.diplomaassignments.com/sdsu-open-university-assignment-help . I see it no way around being spoken of

Comment 9 Emma Brown 2022-11-24 12:46:19 UTC Comment hidden (spam)

A supplementary authz check within the RESTStorage supporting the project endpoint could enable this. Everything in the project can be updated if you can change the namespace. Another option, possibly more dependable, is to send an impersonating request directly to the namespace and if you get more information about this so visit this website https://www.canadawritings.ca/buy-essay/

Comment 13 zehenna 2023-05-27 04:21:35 UTC Comment hidden (spam)

This comment was flagged a spam, view the edit history to see the original text if required.