Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-164

Use of OAuth means only a cluster admin can start a workspace

XMLWordPrintable

    • Hide

      Install CRW 1.0 GA with '--enable-oauth'
      Try to have a user (that is not a cluster admin) try to start a workspace.

      Show
      Install CRW 1.0 GA with '--enable-oauth' Try to have a user (that is not a cluster admin) try to start a workspace.

      CRW was installed with the ' --enable-oauth ' option.

      It seems to start a workspace, the user must be a cluster (not project) admin.

      • Per [1] at line 54, " * <p>Note that `view` role is used from cluster scope and `exec` role is created in the current namespace if does not exist."
      • We see createExecRoleBinding() specifies a namespace, but createViewRoleBinding() does not.

      It's not realistic to ask our users to allow everyone that wants to start a workspace to be a cluster admin. Please fix this.

      [1] https://github.com/eclipse/che/blob/7b6cd44e36e94d40f366b5dcd2fe46074e8a7bad/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftWorkspaceServiceAccount.java

        1. Screenshot from 2019-03-22 17-30-31.png
          183 kB
          Dmytro Nochevnov
        2. Screenshot from 2019-03-22 17-31-14.png
          236 kB
          Dmytro Nochevnov
        3. simplescreenrecorder-2019-03-22_17.26.15.mp4
          4.70 MB
          Dmytro Nochevnov

            dnochevn Dmytro Nochevnov
            rhn-support-rick Rick Wagner
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: