Open AObuchow opened 6 months ago
https://github.com/openshift/console/commit/e87dc6fc852d23e8fca211cd0d3862b07cefa79e cannot be reverted. We'll need to see what else we can do.
@AObuchow which values do you set the controller.devfile.io/creator
label to in a world where none of the users of the cluster have any UID, yet they are each different (different usernames)?
@stlaz could you clarify why it can not be reverted and why it was implemented that way. another topic is e2e tests - why https://github.com/openshift/console/pull/12922 has not been merged since mid 2023 that should have caught that problem earlier before the release cc: @musienko-maxim
https://github.com/openshift/console/pull/13719#pullrequestreview-1976329813 has the clarification. I don't know anything about any e2e tests, I'm not a member of the console team.
/assign @musienko-maxim @jerolimov @vikram-raj
I've been working on resolving this issue on the DevWorkspace Operator side, and have made a few findings:
controller.devfile.io/creator
value to a plain-text username can result in an invalid Kubernetes label that does not comply with the RFCs used. This is problematic for the case of kube:admin
, where the :
is not accepted as a Kubernetes label value.
controller.devfile.io/creator
, perhaps through some agreed-upon encoding process.controller.devfile.io/creator
label to be an empty string ""
when kubeadmin creates a web terminal.
controller.devfile.io/creator
value when a username (instead of a UID) is used. kube:admin
as the label selector. If anyone has any input on my proposal, please share your thoughts.
Issues go stale after 90d of inactivity.
Mark the issue as fresh by commenting /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen
.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
/remove-lifecycle stale
This issue will be resolved once https://github.com/openshift/console/pull/14114 is merged.
Prior to OCP 4.15, the OpenShift console expected the devworkspace's
controller.devfile.io/creator
label to be set to an empty string when logged in to the cluster as kubeadmin due to https://github.com/openshift/origin/issues/24950. In essence, the kubeadmin user does not have a uid, and thus DevWorkspace-Operator sets thecontroller.devfile.io/creator
label to an empty string when logged in as kubeadmin.However, due to a recent change made to the OpenShift Console for 4.15, the OpenShift console is now expecting the
controller.devfile.io/creator
label to be set to kubeadmin's username, instead of its (empty string) uid, resulting in users not being able to access their web terminal instances when logged in as kubeadmin: "Error Loading OpenShift command line terminal: User is not a owner of the requested workspace".Would it be possible to revert https://github.com/openshift/console/commit/e87dc6fc852d23e8fca211cd0d3862b07cefa79e? And how quickly (if at all) would this change land in OCP 4.15?
Here is the related Web Terminal Operator bug.
Thank you :)