From c97e62aa01e401fc264ab49cd3c16f0924513022 Mon Sep 17 00:00:00 2001
From: Gong Yongjie <yong-jie.gong@microfocus.com>
Date: Mon, 8 Apr 2024 00:35:05 -0400
Subject: [PATCH] skip IngressClassName validation when no permission on
 IngressClass

---
 internal/ingress/controller/store/store.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/internal/ingress/controller/store/store.go b/internal/ingress/controller/store/store.go
index 1da4598f4..46822f467 100644
--- a/internal/ingress/controller/store/store.go
+++ b/internal/ingress/controller/store/store.go
@@ -1050,8 +1050,12 @@ func (s *k8sStore) GetService(key string) (*corev1.Service, error) {
 func (s *k8sStore) GetIngressClass(ing *networkingv1.Ingress, icConfig *ingressclass.Configuration) (string, error) {
 	// First we try ingressClassName
 	if ing.Spec.IngressClassName != nil {
-		if icConfig.IgnoreIngressClass && icConfig.AnnotationValue == *ing.Spec.IngressClassName {
-			return *ing.Spec.IngressClassName, nil
+		if icConfig.IgnoreIngressClass {
+			if icConfig.AnnotationValue == *ing.Spec.IngressClassName {
+				return *ing.Spec.IngressClassName, nil
+			} else {
+				return "", errors.Errorf("Cannot validate ing.Spec.IngressClassName: %s due to lack of permission on cluter resource IngressClass", *ing.Spec.IngressClassName)
+			}
 		}
 		iclass, err := s.listers.IngressClass.ByKey(*ing.Spec.IngressClassName)
 		if err != nil {