Bug 1550394

Summary: Provisioned Service should raise error instead of saving the change when edited invalid field
Product: OpenShift Container Platform Reporter: XiaochuanWang <xiaocwan>
Component: Service CatalogAssignee: Jay Boyd <jaboyd>
Status: CLOSED ERRATA QA Contact: XiaochuanWang <xiaocwan>
Severity: low Docs Contact:
Priority: medium    
Version: 3.9.0CC: aos-bugs, chezhang, jaboyd, jmatthew, jokerman, mmccomas, pmorie, spadgett
Target Milestone: ---   
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
undefined
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-07-30 19:10:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description XiaochuanWang 2018-03-01 07:56:47 UTC 
Description of problem:
Both edit provisioned service (serviceinstance) on web-console or on cli should raise error and fail to save the change.

Version-Release number of selected component (if applicable):
openshift/oc v3.9.1

How reproducible:
Always

Steps to Reproduce:
1. Create app by such as https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/templates/application-template-stibuild.json

2. Create provisioned service instance such as MongoDB

3. Edit the provisioned service instance by web-console or by oc client:

3.1 On overview page, when the service instance successfully provisioned, go to Provisioned Service page, edit yaml
(Update/Delete/Add spec.userInfo.groups and save)

3.2 $ oc edit ServiceInstance mongodb-persistent-5pggb
(Update/Delete/Add spec.userInfo.groups and save)

Actual results:
3.1 for web-console:
Provisioned Service mongodb-persistent-5pggb was successfully updated.
3.2 for cli: 
serviceinstance "mongodb-persistent-5pggb" edited

Expected results:
The spec.userInfo.groups can not be update by user, both web-console and cli should raise an alert for the error and not saving the change.

Additional info:
Add metadata.labels could save the change correctly.
Comment 2 Paul Morie 2018-04-18 14:52:33 UTC 
Editing the spec.userInfo.* fields should not result in a validation error because these fields are overridden in the API server to have the values that come from the authenticator. So, you could put completely invalid data into these fields, and that data should not be persisted.

Jay, would you see if you could recreate this?
Comment 3 Jay Boyd 2018-04-18 14:58:41 UTC 
Validated that after an edit the spec.userInfo.groups is reset.   Looks to be working as designed.
Comment 4 XiaochuanWang 2018-04-27 06:13:40 UTC 
Verified as it's working as designed by Comment 3.
Comment 6 errata-xmlrpc 2018-07-30 19:10:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1816