Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Namespace normalization does not work with namespace.allow_user_defined=false #18178

Closed
5 tasks done
sparkoo opened this issue Oct 22, 2020 · 0 comments
Closed
5 tasks done

Namespace normalization does not work with namespace.allow_user_defined=false #18178

sparkoo opened this issue Oct 22, 2020 · 0 comments
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.

Comments

@sparkoo
Copy link
Member

sparkoo commented Oct 22, 2020
edited
Loading

Describe the bug

having che.infra.kubernetes.namespace.allow_user_defined=false, which is default, breaks workspace creation when we need to normalize the namespace name. We do so when for example username contains invalid characters, like an email address.

Issue is in this condition https://github.com/eclipse/che/blob/master/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesNamespaceFactory.java#L180 where we're checking if already normalized namespace is matching with only placeholder evaluated namespace. It of course does not. To match this, we would need to normalize it again, which is not possible as we're doing some randomization there.

Proposed solution

I believe we should be able to store the normalized namespace in every normalization process to user's properties rather than do it only when we actually create it. It should not consume much time, because next time, we only get it from user properties. In condition mentioned above, we then check if proposed namespace is stored in user properties and if yes, we allow that, regardless allow_user_defined=false.

❗ I think it's quite possible we will need to backport this to 7.20.

Che version

  • latest

Steps to reproduce

❗ there's another issue that fails sooner than this - #18176. It was introduced by PR #18090. If it is isn't already fixed, use some version before that, like 7.20. Or use this nasty patch on latest master https://gist.githubusercontent.com/sparkoo/a1d67817a9847a3f5919e18a187d3486/raw/e78897f9be4bb2e35b2a6cdbf69789c437099ee5/fix.diff

  1. have username with non-DNS character, like an email
    1. I did that with openshift user, then using openshift oauth and manually added my user into keycloak
  2. go to create custom workspace, you can see the normalized namespace
  3. create a workspace fails with User defined namespaces are not allowed. Only the default namespace 'che-ws-' is available.

Expected behavior

normalized namespace must work with namespace.allow_user_defined=false

Runtime

  • Openshift (include output of oc version)

Screenshots

20201022_165416_1437x894_scrot

Installation method

  • chectl

Environment

  • my computer
    • Linux

Eclipse Che Logs

Additional context

#17841
#17892
#18090
@sparkoo sparkoo added kind/bug Outline of a bug - must adhere to the bug report template. area/che-server labels Oct 22, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Oct 22, 2020
@rhopp rhopp added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Oct 22, 2020
This was referenced Oct 26, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sparkoo @rhopp @mshaposhnik @che-bot