Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.1.0.GA
Affects Version/s: 1.0.0.GA
Component/s: controller: dashboard, factory/dashboard, ts-workspace-client
Labels:
None

Steps to Reproduce:

Hide

Install CRW 1.0 GA with '--enable-oauth'
Try to have a user (that is not a cluster admin) try to start a workspace.

Show
Install CRW 1.0 GA with '--enable-oauth' Try to have a user (that is not a cluster admin) try to start a workspace.

SFDC Cases Counter:
SFDC Cases Links:

Description

CRW was installed with the ' --enable-oauth ' option.

It seems to start a workspace, the user must be a cluster (not project) admin.

Per [1] at line 54, " * <p>Note that `view` role is used from cluster scope and `exec` role is created in the current namespace if does not exist."

We see createExecRoleBinding() specifies a namespace, but createViewRoleBinding() does not.

It's not realistic to ask our users to allow everyone that wants to start a workspace to be a cluster admin. Please fix this.

[1] https://github.com/eclipse/che/blob/7b6cd44e36e94d40f366b5dcd2fe46074e8a7bad/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftWorkspaceServiceAccount.java

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screenshot from 2019-03-22 17-30-31.png
183 kB
2019/03/22 11:31 AM
Screenshot from 2019-03-22 17-31-14.png
236 kB
2019/03/22 11:31 AM
simplescreenrecorder-2019-03-22_17.26.15.mp4
4.70 MB
2019/03/22 11:31 AM

Issue Links

blocks

CRW-174 Update CRW to Che 6.19.2

Closed

Activity

People

Assignee:: Dmytro Nochevnov

Reporter:: Rick Wagner

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2019/02/27 12:05 PM

Updated:: 2021/10/24 6:53 AM

Resolved:: 2019/04/10 4:20 PM