Merge pull request #19404 from deads2k/server-24-admission

don't block creation on lack of delete powers

Author: openshift-merge-robot

test/integration/ownerrefs_test.go

@@ -34,7 +34,7 @@ func TestOwnerRefRestriction(t *testing.T) {
 			Name: "create-svc",
 		},
 		Rules: []authorizationapi.PolicyRule{
-			authorizationapi.NewRule("create").Groups(kapi.GroupName).Resources("services").RuleOrDie(),
+			authorizationapi.NewRule("create", "update").Groups(kapi.GroupName).Resources("services").RuleOrDie(),
 		},
 	})
 	if err != nil {
@@ -63,24 +63,28 @@ func TestOwnerRefRestriction(t *testing.T) {
 		t.Fatalf("unexpected error: %v", err)
 	}
 
-	_, err = creatorClient.Core().Services("foo").Create(&kapi.Service{
+	actual, err := creatorClient.Core().Services("foo").Create(&kapi.Service{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "my-service",
-			OwnerReferences: []metav1.OwnerReference{{
-				APIVersion: "foo",
-				Kind:       "bar",
-				Name:       "baz",
-				UID:        types.UID("baq"),
-			}},
 		},
 		Spec: kapi.ServiceSpec{
 			Ports: []kapi.ServicePort{
 				{Port: 80},
 			},
 		},
 	})
+	if err != nil {
+		t.Fatal(err)
+	}
+	actual.OwnerReferences = []metav1.OwnerReference{{
+		APIVersion: "foo",
+		Kind:       "bar",
+		Name:       "baz",
+		UID:        types.UID("baq"),
+	}}
+	actual, err = creatorClient.Core().Services("foo").Update(actual)
 	if err == nil {
-		t.Fatalf("missing err")
+		t.Fatalf("missing error")
 	}
 	if !kapierrors.IsForbidden(err) || !strings.Contains(err.Error(), "cannot set an ownerRef on a resource you can't delete") {
 		t.Fatalf("expecting cannot set an ownerRef on a resource you can't delete, got %v", err)