Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19855

Watching singular namespaced resources should fail when no namespace is provided

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Minor Minor
    • None
    • 4.15.0
    • Management Console
    • None
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, in some edge cases, the wrong resource could be fetched when using websockets to watch a namespaced resource without providing a namespace. With this update, a validation to the resource watch logic was added to prevent the websocket request, and log an error under this condition. (link:https://issues.redhat.com/browse/OCPBUGS-19855[*OCPBUGS-19855*])
      Show
      Previously, in some edge cases, the wrong resource could be fetched when using websockets to watch a namespaced resource without providing a namespace. With this update, a validation to the resource watch logic was added to prevent the websocket request, and log an error under this condition. (link: https://issues.redhat.com/browse/OCPBUGS-19855 [* OCPBUGS-19855 *])
    • Bug Fix
    • Done

      Description of problem:

      It is currently possible to watch a singular namespaced resource without providing a namespace. This is inconsistent with one-off requests for these resources and could also return unexpected results, since namespaced resource names do not need to be unique at the cluster scope.

      Version-Release number of selected component (if applicable):

      4.15

      How reproducible:

      Always

      Steps to Reproduce:

      1. Visit the details page of a namespaced resource
2. Replace the 'ns/<namespace>' segment of the URL with 'cluster'

      Actual results:

      Details for the resource are rendered momentarily, then a 404 after a few seconds.

      Expected results:

      We should show a 404 error when the page loads.

      Additional info:

      There is also probably a case where we could visit a resource details page of a namespaced resource that has an identically named resource in another namespace, then change the URL to a cluster-scoped path, and we'll see the details for the other resource.

      See watchK8sObject for the root cause. We should probably only start the websocket if we have a successful initial poll request. We also should probably terminate the websocket if the poll request fails at any point.

              rh-ee-jonjacks Jon Jackson
              rh-ee-jonjacks Jon Jackson
              Yanping Zhang Yanping Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: