search

kcp-dev / kcp

Kubernetes-like control planes for form-factors and use-cases beyond Kubernetes and container workloads.
https://kcp.io
Apache License 2.0
2.35k stars 381 forks source link

Possible to use a "non-existent" workspace #1412

Closed fgiloux closed 2 years ago

fgiloux commented 2 years ago

Describe the bug It is possible to use and create objects in a workspace that "does not exist".

To Reproduce Steps to reproduce the behavior:

  1. Check the workspaces that exist

    kubectl kcp workspace list
NAME   TYPE                            PHASE   URL
aaaa   map[name:Universal path:root]   Ready   https://192.168.0.149:6443/clusters/root:pipelines-service:aaaa

  2. Use a workspace that does not exist

    kubectl kcp workspace use root:pipelines-service:bbbb
Current workspace is "root:pipelines-service:bbbb" (type "\"\" in workspace \"\"").

  3. Create a resource in the workspace

    kubectl  create -f gitops/pac/manifests/ci-runner-ns.yaml 
namespace/ci-runner created`

  4. Check the resource and see clusterName: root:pipelines-service:bbbb

    kubectl get ns -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: Namespace
metadata:
clusterName: root:pipelines-service:bbbb
creationTimestamp: "2022-06-30T09:51:56Z"
labels:
  app.kubernetes.io/name: ci-runner
  kubernetes.io/metadata.name: ci-runner
name: ci-runner
resourceVersion: "259"
uid: 23aeb0ec-51fb-46ec-9913-090f50391a2c
spec:
finalizers:
- kubernetes
status:
phase: Active

  5. go one level above and check the workspaces. No bbbb workspace.

    kubectl kcp workspace ..
kubectl kcp workspace list
NAME   TYPE                            PHASE   URL
aaaa   map[name:Universal path:root]   Ready   https://192.168.0.149:6443/clusters/root:pipelines-service:aaaa

Expected behavior Ideally it would not be possible to switch to a workspace that has not been created. At least it should not be possible to create resources in such a worksapce.

Additional context

kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v0.23.0", GitCommit:"6de42bda13eab9625daa5ce18008f9fca1f7ca0f", GitTreeState:"clean", BuildDate:"2022-03-17T09:53:55Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5+kcp-v0.3.0-beta.1-464-g651e84580d9f8d", GitCommit:"651e8458", GitTreeState:"clean", BuildDate:"2022-06-30T09:22:16Z", GoVersion:"go1.17.1", Compiler:"gc", Platform:"linux/amd64"}
ncdc commented 2 years ago

/assign @s-urbaniak

ncdc commented 2 years ago

Step 2 was fixed by #1278.

Are you running this as the admin user?

fgiloux commented 2 years ago

I downloaded the latest version (main branch) and tested again and it worked as expected:

$ kubectl kcp workspace list
NAME   TYPE        PHASE   URL
aaaa   Universal   Ready   https://192.168.0.149:6443/clusters/root:pipelines-service:aaaa
$ kubectl kcp workspace use root:pipelines-service:bbbb
error: workspaces.tenancy.kcp.dev "bbbb" not found
fgiloux commented 2 years ago

Are you running this as the admin user?

Yes I was testing with the admin user