feat(server): Label workflows with creator. Closes argoproj#2437

api/openapi-spec/swagger.json

@@ -674,6 +674,22 @@
         }
       }
     },
+    "/api/v1/user": {
+      "get": {
+        "tags": [
+          "InfoService"
+        ],
+        "operationId": "WhoAmI",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/io.argoproj.workflow.v1alpha1.WhoAmIResponse"
+            }
+          }
+        }
+      }
+    },
     "/api/v1/version": {
       "get": {
         "tags": [
@@ -3673,6 +3689,14 @@
         }
       }
     },
+    "io.argoproj.workflow.v1alpha1.WhoAmIResponse": {
+      "type": "object",
+      "properties": {
+        "subject": {
+          "type": "string"
+        }
+      }
+    },
     "io.argoproj.workflow.v1alpha1.Workflow": {
       "description": "Workflow is the definition of a workflow resource",
       "type": "object",

docs/access-token.md

@@ -14,6 +14,9 @@ Create a service account for your service:
 kubectl create sa jenkins
 ```
 
+!! TIP
+    Create a unique service account for each client: (a) you'll be able to correctly secure your workflows and (b) [revoke the token](#token-revocation) without impacting other clients. 
+
 Bind the service account to the role (in this case in the `argo` namespace):
 
 ```sh

docs/workflow-creator.md

@@ -1,9 +1,20 @@
 # Workflow Creator
 
-Today, is not possible for Argo Workflows to determine who created a workflow. 
+![alpha](assets/alpha.svg)
 
-The recommended approach is to add a label to your workflow, e.g.
+> v2.9 and after
 
-```
-argo submit -l creator=alex
-``` 
+If you create your workflow via the CLI or UI, an attempt will be made to label it with the user who created it 
+
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Workflow
+metadata:
+  name: my-wf
+  labels:
+    workflows.argoproj.io/creator: admin
+``` 
+
+!!! NOTE
+    Labels only contain `[-_.0-9a-zA-Z]`, so any other characters will be turned into `-`.
+