Description of problem:
When generate a build using build strategy with Docker, it should be failed due to build strategy Docker is not allowed.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a project named: test
2. Run the command to generated build:
oc new-build centos/ruby-22-centos7~https://github.com/openshift/ruby-hello-world.git --name=docker-bc --strategy=docker
error: buildconfigs "docker-bc" is forbidden: build strategy Docker is not allowed
Custom build can be created successfully in dev-preview-stg, but it should not be allowed.
The same behavior is for new user and existed user.
I assume this is an auth/role configuration issue in dev-preview-stg.
The custom roles that we have in Online seem to be configured correctly. Also, the project template seems to correctly link to the customer project admin role (openshift-online:admin). However, I believe the issue is that the "system:authenticated" group seems to have access to do a docker build. I am not sure if this is a recent change. If this is indeed the issue (need to run it past David/Jordan), then we just need to remove build access for docker and custom strategies from the system:authenticated group.
This is from Dev Preview STG.
$ oc policy who-can create builds/docker
$ oc policy who-can create builds/custom
David: Can you please take a quick look at the bug and see if my comment above does actually highlight the problem. If not, any pointers on what to consider would be helpful.
Roles were recently added to change the way that permission was assigned. Try removing system:authenticated from system:build-strategy-docker and system:build-strategy-custom.
Will be resolved with https://github.com/openshift/online/issues/144
Verified against dev-preview-stg