Bug 1840809 - Developer Console should not default users to seeing the 'default' namespace
Summary: Developer Console should not default users to seeing the 'default' namespace
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.5.0
Assignee: cvogt
QA Contact: Gajanan More
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-27 16:17 UTC by Eric Rich
Modified: 2020-07-13 17:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: A new developer opening the dev perspective in the web console would get scoped to the `default` namespace even if they did not have access to this namespace. Consequence: Depending on the page the user visits, they would see errors because they don't have permission to access resources in the `default` namespace. Fix: New developers in the console are now scoped to the `all projects`. Result: The dev perspective will display a list of projects to choose from instead of a page containing errors.
Clone Of:
Environment:
Last Closed: 2020-07-13 17:42:22 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 5621 0 None closed Bug 1840809: set default namespace to ALL_NAMESPACES_KEY 2020-06-30 18:42:10 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:42:37 UTC

Description Eric Rich 2020-05-27 16:17:04 UTC
Description of problem: Users are directed to the topology view for the 'default' namespaces (on the developer console), vs being directed to a namespace they own, or some other 'overview'/'landing' page. 

Version-Release number of selected component (if applicable):

> Kubernetes Version: v1.16.2
> API Server: https://api.us-east-2.starter.openshift-online.com:6443

How reproducible: 100%

Steps to Reproduce:
1. Navigate to https://console-openshift-console.apps.CLUSTER.DOMAIN/
  - In this case OpenShift Starter 
2. I will take you to the '/topology/ns/default' context. 

Actual results:

> Restricted Access
> You don't have access to this section due to cluster policy.

> Danger alert:Error details
deploymentconfigs.apps.openshift.io is forbidden: User "USER" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "default"

Expected results:

The first thing a user sees, with the development console should not be an error (Restricted Access).

Additional info:

Comment 2 cvogt 2020-05-28 17:47:59 UTC
There is a change in 4.5 where the user will no longer encounter the error `deploymentconfigs.apps.openshift.io is forbidden: User "USER" cannot list resource "deploymentconfigs" in API group "apps.openshift.io" in the namespace "default"`

However the user is still redirected to the default namespace whether they have access or not.

Will look to change the default namespace to something else for 4.5 re-evaluate the first experience flows in 4.6.

Comment 6 cvogt 2020-05-29 14:51:29 UTC
A change was made to now default new users into `all projects` instead of the 'default' namespace which they may not have access to. A new user will no longer see an error the first time they visit the dev perspective.
In future releases we will continue to improve on the initial flows for new users.

Comment 7 Gajanan More 2020-06-02 08:37:58 UTC
I have validated the bugzilla on:
Build: 4.5.0-0.nightly-2020-06-01-165039
Browser: Google Chrome Version 81.0.4044.129
Marking this as verified.

Comment 8 errata-xmlrpc 2020-07-13 17:42:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.