Horiodino
commented
1 month ago Hey @AObuchow, is anyone currently working on this issue? If not, I’d like to take it on. I’m not sure about the difficulty level, so I might need your guidance. Thank you!
Open AObuchow opened 1 year ago
Horiodino
commented
1 month ago Hey @AObuchow, is anyone currently working on this issue? If not, I’d like to take it on. I’m not sure about the difficulty level, so I might need your guidance. Thank you!
Description
There is currently logic for checking if ServiceAccount tokens provided in the DevWorkspace Operator Configuration (DWOC) will have a file patch collision (i.e. they have the same volume path and mount path). However, this check occurs during the DWO controller reconciliation.
We could move (or duplicate) file-path-collision-checking logic to a webhook that validates the DWOC and rejects creation or edit requests that would result in ServiceAccount token file path collisions.
Additional context
Something to keep in mind when working on this: how will Che-Operator behave with this DWOC validating webhook? I believe Che-Operator will simply log that the update/creation request has failed if the ServiceAccount tokens configured in the Che Cluster CR have file path collisions. Thus, it might be worth adding this ServiceAccount token file path collision checking webhook logic for the Che Cluster CR as well.