Description of problem: The broker will return with a 400 status code when an originating user does not have the correct permissions to complete the APB action. The correct return would be a 403 status code Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Deploy broker, make sure that auto_escalate is false 2. Create a project with user1 3. login to cluster as user2 and attempt to provision APB into project that was created by user1 Actual results: Error with the description saying user2 does not have the permissions, with a 400 status code. Expected results: Error with the description saying user2 does not have the permissions, with a 403 status code. Additional info:
PR that has fixed this issue: https://github.com/openshift/ansible-service-broker/pull/586
The current version is 1.0.19, but the fixed PR will be released in 1.1.3. So, waiting for the image ready and then to verify. [root@host-172-16-120-75 ~]# docker run --rm --entrypoint=asbd registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker:v3.9 --version Unable to find image 'registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker:v3.9' locally Trying to pull repository registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker ... v3.9: Pulling from registry.reg-aws.openshift.com:443/openshift3/ose-ansible-service-broker 9cadd93b16ff: Already exists 4aa565ad8b7a: Already exists ab577ec3df40: Pull complete Digest: sha256:f8561500eacbb305d1314657ccffca2a11963d2542d8a58ff01f4ec07eb8be56 1.0.19
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489