Bug 1843496 - Bad error message on project templates with cluster-scoped objects
Summary: Bad error message on project templates with cluster-scoped objects
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: openshift-apiserver
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.6.0
Assignee: Stefan Schimanski
QA Contact: Xingxing Xia
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-06-03 12:28 UTC by Sergio G.
Modified: 2023-10-06 20:23 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:04:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift openshift-apiserver pull 114 0 None closed Bug 1843496: project: improve error message on cluster-scoped template objects 2020-10-08 21:58:56 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:05:18 UTC

Description Sergio G. 2020-06-03 12:28:06 UTC 
Description of problem:
Creating a custom project request template with a group definition makes the new-project command fail.


Version-Release number of selected component (if applicable):
4.4.4


How reproducible:
Always


Steps to Reproduce:
1. Add the next YAML to the default project request template in order to create a new group for each project:
  - apiVersion: user.openshift.io/v1
    kind: Group
    metadata:
      name: ${PROJECT_NAME}
    users: []

2. Create a new project:
  $ oc new-project sgarcia-test5

Actual results:
- Error from "oc new-project" command with --loglevel 10
I0603 14:23:07.011760  137744 request.go:942] Request Body: {"kind":"ProjectRequest","apiVersion":"project.openshift.io/v1","metadata":{"name":"sgarcia-test5","creationTimestamp":null}}
I0603 14:23:07.011918  137744 round_trippers.go:419] curl -k -v -XPOST  -H "User-Agent: oc/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Authorization: Bearer xTV5RnJOj8sEeCJWfzCoAApvoUQPEc9PjQ_crDsI71g" -H "Accept: application/json, */*" -H "Content-Type: application/json" 'https://api.sgarcia-ocp444.aws.gmbros.net:6443/apis/project.openshift.io/v1/projectrequests'
I0603 14:23:07.411282  137744 round_trippers.go:438] POST https://api.sgarcia-ocp444.aws.gmbros.net:6443/apis/project.openshift.io/v1/projectrequests 500 Internal Server Error in 399 milliseconds
I0603 14:23:07.411353  137744 round_trippers.go:444] Response Headers:
I0603 14:23:07.411388  137744 round_trippers.go:447]     Date: Wed, 03 Jun 2020 12:23:07 GMT
I0603 14:23:07.411423  137744 round_trippers.go:447]     Content-Length: 277
I0603 14:23:07.411449  137744 round_trippers.go:447]     Audit-Id: 0521018d-1d47-45d2-8f45-7ba9a2dfec49
I0603 14:23:07.411475  137744 round_trippers.go:447]     Cache-Control: no-store
I0603 14:23:07.411505  137744 round_trippers.go:447]     Content-Type: application/json
I0603 14:23:07.411590  137744 request.go:942] Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Internal error occurred: the server could not find the requested resource","reason":"InternalError","details":{"causes":[{"message":"the server could not find the requested resource"}]},"code":500}
I0603 14:23:07.412078  137744 helpers.go:196] server response object: [{
  "metadata": {},
  "status": "Failure",
  "message": "Internal error occurred: the server could not find the requested resource",
  "reason": "InternalError",
  "details": {
    "causes": [
      {
        "message": "the server could not find the requested resource"
      }
    ]
  },
  "code": 500
}]
F0603 14:23:07.412169  137744 helpers.go:114] Error from server (InternalError): Internal error occurred: the server could not find the requested resource


- Error from apiserver pods:
E0603 12:23:00.213738       1 delegated.go:241] error creating items in requested project "sgarcia-test5": the server could not find the requested resource



Expected results:
- The project and a group with the same name is created.
Comment 1 Stefan Schimanski 2020-06-03 13:11:35 UTC 
Cluster-scoped objects are intentionally not supported in project templates, only those to be created in the new project/namespace. Admittedly, the error message is bad. Have retitled the BZ.
Comment 2 Sergio G. 2020-06-03 13:14:52 UTC 
Thanks for confirming Stefan.
If besides changing the message to be more clear we add a note in the documentation explaining it that would be awesome.
Comment 5 Xingxing Xia 2020-07-06 06:55:04 UTC 
Verified in 4.6.0-0.nightly-2020-07-05-234845:
$ oc adm create-bootstrap-project-template -o yaml > template.yaml
$ vi template.yaml # insert below before "parameters:"
- apiVersion: user.openshift.io/v1
  kind: Group
  metadata:
    name: ${PROJECT_NAME}
  users: []
- apiVersion: v1
  kind: ResourceQuota
  metadata:
    name: pre-defined-quota
  spec:
    hard:
      pods: "20"
$ oc create -f template.yaml -n openshift-config
$ oc edit project.config.openshift.io/cluster
spec:
  projectRequestTemplate:
    name: <template_name>
Wait OAS pods to be restarted. Then:
$ oc new-project sgarcia-test5 # the message is clearer now
Error from server (InternalError): Internal error occurred: user.openshift.io/v1, Kind=Group specified in project template is not namespace scoped
Comment 8 errata-xmlrpc 2020-10-27 16:04:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196
Note You need to log in before you can comment on or make changes to this bug.