Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1726198

Summary: Resources which are defined as "List" items can bypass quota on Web console
Product: OpenShift Container Platform Reporter: Daein Park <dapark>
Component: Management ConsoleAssignee: Samuel Padgett <spadgett>
Status: CLOSED DUPLICATE QA Contact: Yadan Pei <yapei>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.11.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-02 13:53:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Daein Park 2019-07-02 10:22:55 UTC 
Description of problem:

In web console, defining resource as "List" items using "Import YAML" menu can bypass quota limitation.
Even though the resource is limited by quota, it can created without no limitations.
This behaviour is different with CLI. If the limited resource created with "oc create -f", the resource did not created it.

Version-Release number of selected component (if applicable):

# oc version
oc v3.11.98
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

openshift v3.11.98
kubernetes v1.11.0+d4cacc0

How reproducible:

1>
# oc new-project bypass-test

2>
# oc create quota dc-quota --hard=count/deploymentconfigs.apps.openshift.io=0

3>
# oc describe quota
Name:                                      dc-quota
Namespace:                                 bypass-test
Resource                                   Used  Hard
--------                                   ----  ----
count/deploymentconfigs.apps.openshift.io  0     0

4>
# oc create -f - <<EOF
apiVersion: v1
kind: List
items:
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    name: test
  spec:
    replicas: 0  
    selector:
      deployment-config.name: test
    template:
      metadata:
        labels:
          deployment-config.name: test
      spec:
        containers:
        - name: test
          image: httpd
EOF
Error from server (Forbidden): deploymentconfigs.apps.openshift.io "test" is forbidden: exceeded quota: nodeploy, requested: count/deploymentconfigs.apps.openshift.io=1, used: count/deploymentconfigs.apps.openshift.io=0, limited: count/deploymentconfigs.apps.openshift.io=0

5> Copy and paste the following YAML into "Import YAML/JSON" menu on Web console 
~~~
apiVersion: v1
kind: List
items:
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    name: test
  spec:
    replicas: 0  
    selector:
      deployment-config.name: test
    template:
      metadata:
        labels:
          deployment-config.name: test
      spec:
        containers:
        - name: test
          image: httpd
~~~

It will result in success of creating test deploymentconfig.

Steps to Reproduce:
1.
2.
3.

Actual results:

Limited resource by quota can create on Web console.

Expected results:

Limited resource by quota can not create on Web console with error messages like "exceeded quota: ...".

Additional info:
Comment 1 Samuel Padgett 2019-07-02 13:53:33 UTC 
This is actually unrelated to using List. It's because console is creating the resource without adding the API group, whereas the CLI adds the `apps.openshift.io` API group. This is the same underlying problem as Bug 1678267.

*** This bug has been marked as a duplicate of bug 1678267 ***