Bug 1837739 - user creator label to identify workspace resource instead of annotation
Summary: user creator label to identify workspace resource instead of annotation
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.5.0
Assignee: Vikram Raj
QA Contact: Gajanan More
Depends On:
TreeView+ depends on / blocked
Reported: 2020-05-19 20:59 UTC by Vikram Raj
Modified: 2020-07-13 17:40 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2020-07-13 17:40:02 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift console pull 5497 0 None closed Bug 1837739: use user creator label to identify workspace resource instead of annotation 2020-06-24 03:08:35 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:40:22 UTC

Description Vikram Raj 2020-05-19 20:59:17 UTC
Description of problem:

The cloud shell controller manages a label on each workspace:
`org.eclipse.che.workspace/creator: <user UID>`

We need to identify ownership of cloud shell workspace resources to ensure we are loading the correct one in the UI. We do this today by looking at the `console.openshift.io/cloudshell-user: <username>` annotation. However this is a mutable annotation and others could "fake" out he resource for someone else.

By switching to the managed label we ensure that the resource is identified as owned by the user in the annotation always.

One caveat is that this value uses UID. which means system users like kubeadmin have a blank value.

Comment 3 spathak@redhat.com 2020-06-03 20:50:39 UTC
Verified on build version: 4.5.0-0.nightly-2020-06-03-105031
Browser version: firefox 73

Comment 4 errata-xmlrpc 2020-07-13 17:40:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.