Description of problem: project admins should create and delete networkpolicies in their own project, and this is allow from OCP 3.6, but it failed in latest OCP 3.9 build. Version-Release number of selected component (if applicable): openshift v3.9.0-0.23.0 kubernetes v1.9.1+a0ce1bc657 etcd 3.2.8 How reproducible: always Steps to Reproduce: 1. oc login -u hongli 2. oc new-project lha 3. oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/networkpolicy/defaultdeny-v1-semantic.yaml Actual results: Error from server (Forbidden): error when creating "https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/networking/networkpolicy/defaultdeny-v1-semantic.yaml": networkpolicies.extensions is forbidden: User "hongli" cannot create networkpolicies.extensions in the namespace "lha": User "hongli" cannot create networkpolicies.extensions in project "lha" Expected results: should succeed Additional info:
https://github.com/openshift/origin/pull/18372
verified in openshift v3.9.0-0.36.0 and issue has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0489