Bug 1996534

Summary: idling the service and got error: endpoints is forbidden: User cannot patch resource "endpoints" in API group "" in the namespace
Product: OpenShift Container Platform Reporter: Hongan Li <hongli>
Component: NetworkingAssignee: aos-network-edge-staff <aos-network-edge-staff>
Networking sub component: router QA Contact: Hongan Li <hongli>
Status: CLOSED DUPLICATE Docs Contact:
Severity: high    
Priority: medium CC: aos-bugs, mmasters
Version: 4.9   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-08-26 21:37:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hongan Li 2021-08-23 07:18:36 UTC 
Description of problem:
when idling the service, got below error message:
error: unable to mark service "hongli/service-unsecure" as idled: endpoints "service-unsecure" is forbidden: User "testuser-33" cannot patch resource "endpoints" in API group "" in the namespace "hongli"ReplicationController "hongli/web-server-rc" has been idled

OpenShift release version:
4.9.0-0.nightly-2021-08-22-070405

Cluster Platform:
AWS

How reproducible:
100%

Steps to Reproduce (in detail):
1. create a 4.9 OCP cluster
2. oc login -u testuser-33 -p password
3. create ReplicationController/web-server-rc
   oc create -f https://raw.githubusercontent.com/openshift/verification-tests/master/testdata/routing/web-server-rc.yaml
4. oc expose svc service-unsecure
5. oc idle service-unsecure

Actual results:
$ oc idle service-unsecure
error: unable to mark service "hongli/service-unsecure" as idled: endpoints "service-unsecure" is forbidden: User "testuser-33" cannot patch resource "endpoints" in API group "" in the namespace "hongli"ReplicationController "hongli/web-server-rc" has been idled 

Expected results:
no error message

Impact of the problem:
the ReplicationController is idled but this command return false that caused the test cases failed

Additional info:



** Please do not disregard the report template; filling the template out as much as possible will allow us to help you. Please consider attaching a must-gather archive (via `oc adm must-gather`). Please review must-gather contents for sensitive information before attaching any must-gathers to a bugzilla report.  You may also mark the bug private if you wish.
Comment 2 Miciah Dashiel Butler Masters 2021-08-24 15:11:50 UTC 
This report is related to bug 1996160.  Depending on how we solve bug 1996160, we may solve this bug with the same solution.
Comment 3 Miciah Dashiel Butler Masters 2021-08-26 21:37:44 UTC 

*** This bug has been marked as a duplicate of bug 1995505 ***