Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1835066

Summary: Normal user can't create job from exist cronjob
Product: OpenShift Container Platform Reporter: zhou ying <yinzhou>
Component: kube-controller-managerAssignee: Maciej Szulik <maszulik>
Status: CLOSED ERRATA QA Contact: RamaKasturi <knarra>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.5CC: aos-bugs, erich, knarra, maszulik, mfojtik, mzali, sparpate
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1884569 1884580 (view as bug list) Environment:
Last Closed: 2020-10-27 15:58:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1884580    

Description zhou ying 2020-05-13 03:08:33 UTC 
Description of problem:
Normal user can't create job with '--from'

Version-Release number of selected component (if applicable):
[root@dhcp-140-138 tmp]# oc version 
Client Version: 4.5.0-202005072157-f415627
Server Version: 4.5.0-0.nightly-2020-05-12-191228
Kubernetes Version: v1.18.2


How reproducible:
always

Steps to Reproduce:
1. Login OpenShift and create project:
2. Create cronjob:
   `oc create cronjob my-job --image=openshift/hello-openshift --schedule=\*\ 5\ \*\ \*\ \?`
3. Create job with '--from'
   `oc create job hello-job --from=cronjob/my-job`

Actual results:
3. Failed with error: 
[root@localhost ~]# oc create job hello-job --from=cronjob/my-job 
error: failed to create job: jobs.batch "hello-job" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>

Expected results:
3. Should succeed:

Additional info:
[root@localhost ~]# oc create job hello-job1 --from=cronjob/my-job   --loglevel=9
I0513 10:55:18.917799   49584 loader.go:375] Config loaded from file:  /root/.kube/config
.....

I0513 10:55:21.676738   49584 round_trippers.go:443] POST https://api.yinzhou13.qe.devcluster.openshift.com:6443/apis/batch/v1/namespaces/zhouyt/jobs 403 Forbidden in 394 milliseconds
I0513 10:55:21.676824   49584 round_trippers.go:449] Response Headers:
I0513 10:55:21.676847   49584 round_trippers.go:452]     Audit-Id: 18bceecc-48a0-46b2-a54b-49035bc7e32a
I0513 10:55:21.676871   49584 round_trippers.go:452]     Content-Type: application/json
I0513 10:55:21.676907   49584 round_trippers.go:452]     X-Kubernetes-Pf-Flowschema-Uid: ed68c64e-b5fe-4a6e-9df7-adac27c599e0
I0513 10:55:21.676934   49584 round_trippers.go:452]     X-Kubernetes-Pf-Prioritylevel-Uid: 41304d83-ce4e-4f6d-b14f-212062b1e813
I0513 10:55:21.676959   49584 round_trippers.go:452]     Content-Length: 334
I0513 10:55:21.676986   49584 round_trippers.go:452]     Date: Wed, 13 May 2020 02:55:21 GMT
I0513 10:55:21.677057   49584 request.go:1068] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"jobs.batch \"hello-job1\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , \u003cnil\u003e","reason":"Forbidden","details":{"name":"hello-job1","group":"batch","kind":"jobs"},"code":403}
F0513 10:55:21.678106   49584 helpers.go:115] error: failed to create job: jobs.batch "hello-job1" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
Comment 1 Maciej Szulik 2020-05-13 11:08:52 UTC 
Will be fixed during next k8s bump https://github.com/kubernetes/kubernetes/pull/91053
Comment 4 Maciej Szulik 2020-06-18 10:10:51 UTC 
Waiting for k8s bump.
Comment 5 Maciej Szulik 2020-07-09 11:05:46 UTC 
Waiting for next k8s bump.
Comment 6 Maciej Szulik 2020-08-11 11:25:49 UTC 
Bump was in https://github.com/openshift/oc/pull/491
Comment 16 Maciej Szulik 2020-09-10 13:43:39 UTC 
*** Bug 1877673 has been marked as a duplicate of this bug. ***
Comment 22 errata-xmlrpc 2020-10-27 15:58:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196