Bug 1837739

Summary: user creator label to identify workspace resource instead of annotation
Product: OpenShift Container Platform Reporter: Vikram Raj <viraj>
Component: Dev ConsoleAssignee: Vikram Raj <viraj>
Status: CLOSED ERRATA QA Contact: Gajanan More <gamore>
Severity: medium Docs Contact:
Priority: high    
Version: 4.5CC: aos-bugs, nmukherj, spathak
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:40:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Vikram Raj 2020-05-19 20:59:17 UTC
Description of problem:

The cloud shell controller manages a label on each workspace:
`org.eclipse.che.workspace/creator: <user UID>`

We need to identify ownership of cloud shell workspace resources to ensure we are loading the correct one in the UI. We do this today by looking at the `console.openshift.io/cloudshell-user: <username>` annotation. However this is a mutable annotation and others could "fake" out he resource for someone else.

By switching to the managed label we ensure that the resource is identified as owned by the user in the annotation always.

One caveat is that this value uses UID. which means system users like kubeadmin have a blank value.

Comment 3 spathak@redhat.com 2020-06-03 20:50:39 UTC
Verified on build version: 4.5.0-0.nightly-2020-06-03-105031
Browser version: firefox 73

Comment 4 errata-xmlrpc 2020-07-13 17:40:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.