Che doesn't sanitize usernames when creating per-user namespaces/projects

[johnmcollier]

Describe the bug

I've deployed Eclipse Che on OpenShift 3.11 on IBM Cloud, with openShiftoAuth: true. The accounts on my cluster are of the form: iam#<users-email-address> (e.g. iam#john@ibm.com).

When I go to create a workspace, I get the following error in Che:

Error: Failed to get the workspace: "Workspace with id 'iam' doesn't exist"

If I try to manually run the failed workspace, the following error will show in my browser:

Failure executing: POST at: https://172.21.0.1/apis/project.openshift.io/v1/projectrequests.
Message: ProjectRequest.project.openshift.io "iam#some-name@email.com-che" is invalid:
metadata.name: Invalid value: "iam#some-name@email.com-che": a DNS-1123 label must consist
of lower case alphanumeric characters or '-', and must start and end with an alphanumeric
character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a
z0-9])?'). Received status: Status(apiVersion=v1, code=422, details=StatusDetails(causes
[StatusCause(field=metadata.name, message=Invalid value: "iam#some-name@email.com-che":
a DNS-1123 label must consist of lower case alphanumeric characters or '-', and must start and
end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a
z0-9]([-a-z0-9]*[a-z0-9])?'), reason=FieldValueInvalid, additionalProperties={})],
group=project.openshift.io, kind=ProjectRequest, name=iam#some-name@email.com-che,
retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status,
message=ProjectRequest.project.openshift.io "iam#some-name@email.com-che" is invalid:
metadata.name: Invalid value: "iam#some-name@email.com-che": a DNS-1123 label must consist
of lower case alphanumeric characters or '-', and must start and end with an alphanumeric
character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a
z0-9])?'), metadata=ListMeta(_continue=null, resourceVersion=null, selfLink=null,
additionalProperties={}), reason=Invalid, status=Failure, additionalProperties={}).

It looks like the ProjectRequest resource is complaining about the invalid characters in my cluster account's username. Would it be possible to sanitize the username before creating the per-user namespace/project?

Che version

• latest
• nightly
• other: please specify

Steps to reproduce

1. Deploy Che on OpenShift on IBM Cloud, with Che configured to use OpenShift oAuth
   • Alternatively, just deploy Che on a cluster where the usernames contain characters like # or @
2. Try to create a workspace.
3. Workspace start will fail due to the errors I posted above

Expected behavior

Workspace start succeeds regardless of what my username is

Runtime

• kubernetes (include output of kubectl version)
• Openshift (include output of oc version)
• minikube (include output of minikube version and kubectl version)
• minishift (include output of minishift version and oc version)
• docker-desktop + K8S (include output of docker version and kubectl version)
• other: (please specify)

Screenshots

Installation method

• chectl
• che-operator
• minishift-addon
• I don't know

[skabashnyuk]

Hello @johnmcollier . Thanks for this report. This issue probably duplicate #15323

[johnmcollier]

@skabashnyuk Yup, you're right! Let me close this issue then.