Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1840809

Summary: Developer Console should not default users to seeing the 'default' namespace
Product: OpenShift Container Platform Reporter: Eric Rich <erich>
Component: Dev ConsoleAssignee: cvogt
Status: CLOSED ERRATA QA Contact: Gajanan More <gamore>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.5CC: akyathan, aos-bugs, nmukherj
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: A new developer opening the dev perspective in the web console would get scoped to the `default` namespace even if they did not have access to this namespace. Consequence: Depending on the page the user visits, they would see errors because they don't have permission to access resources in the `default` namespace. Fix: New developers in the console are now scoped to the `all projects`. Result: The dev perspective will display a list of projects to choose from instead of a page containing errors.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:42:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Eric Rich 2020-05-27 16:17:04 UTC 
Description of problem: Users are directed to the topology view for the 'default' namespaces (on the developer console), vs being directed to a namespace they own, or some other 'overview'/'landing' page. 

Version-Release number of selected component (if applicable):

> Kubernetes Version: v1.16.2
> API Server: https://api.us-east-2.starter.openshift-online.com:6443

How reproducible: 100%

Steps to Reproduce:
1. Navigate to https://console-openshift-console.apps.CLUSTER.DOMAIN/
  - In this case OpenShift Starter 
2. I will take you to the '/topology/ns/default' context. 

Actual results:

> Restricted Access
> You don't have access to this section due to cluster policy.

> Danger alert:Error details
deploymentconfigs.apps.openshift.io is forbidden: User "USER" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "default"

Expected results:

The first thing a user sees, with the development console should not be an error (Restricted Access).

Additional info:
Comment 2 cvogt 2020-05-28 17:47:59 UTC 
There is a change in 4.5 where the user will no longer encounter the error `deploymentconfigs.apps.openshift.io is forbidden: User "USER" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "default"`

However the user is still redirected to the default namespace whether they have access or not.

Will look to change the default namespace to something else for 4.5 re-evaluate the first experience flows in 4.6.
Comment 6 cvogt 2020-05-29 14:51:29 UTC 
A change was made to now default new users into `all projects` instead of the 'default' namespace which they may not have access to. A new user will no longer see an error the first time they visit the dev perspective.
In future releases we will continue to improve on the initial flows for new users.
Comment 7 Gajanan More 2020-06-02 08:37:58 UTC 
I have validated the bugzilla on:
Build: 4.5.0-0.nightly-2020-06-01-165039
Browser: Google Chrome Version 81.0.4044.129
Marking this as verified.
Comment 8 errata-xmlrpc 2020-07-13 17:42:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409