Description of problem: The message of forbidden without assign permission to create templateinstance is urgly. Version-Release number of selected component (if applicable): oc v3.6.100 kubernetes v1.6.1+5115d708d7 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://***:443 openshift v3.6.100 kubernetes v1.6.1+5115d708d7 How reproducible: always Steps to Reproduce: 1.Enable template service broker by admin 2.Create a templateinstance with requester.username that is not the requester user Actual results: step2: Show below forbidden message: The TemplateInstance "instance1" is invalid: spec.requester.username: Forbidden: impersonation forbidden: templateinstances.template.openshift.io "" is forbidden: User "xiuwang" cannot "assign" "templateinstances.template.openshift.io" with name "" in project "xiu3" Expected results: The forbidden message should be more friendly Additional info:
https://github.com/openshift/origin/pull/14538
This issue has fixed in [1] The forbidden info is more friendly. The TemplateInstance "instance1" is invalid: spec.requester.username: Forbidden: you do not have permission to set username [1] Server https://***:8443 openshift v3.6.106 kubernetes v1.6.1+5115d708d7 Will move to verified after bug status change to on_qa
Test with oc version v3.6.135, this issue has been fixed, move this bug to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188