Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-32321

Add a username/uid label for the user setting ConfigMap, Role and RoleBinding


    • Low
    • No
    • ODC Sprint 3255
    • 1
    • Rejected
    • False
    • Hide



      Description of problem:
      To support different auth providers (SSO via OIDC), we needed to remove the ownerReference from the ConfigMap, Role, and Rolebinding we create for each user to store the user settings.

      Keeping these resources also when the user is deleted might decrease the overall cluster performance, esp. on Dev Sandbox where users are automatically removed every month.

      We should make it easier to understand which user created these resources. This will help the Dev Sandbox team and maybe other customers in the future.

      Version-Release number of selected component (if applicable):

      How reproducible:
      Always when a user is deleted

      Steps to Reproduce:

      1. Create a cluster with some developer user accounts
      2. Log in as one of the users
      3. Login again as kubeadmin and delete the User CR in the openshift-console-user-settings namespace

      Actual results:
      The user settings ConfigMap, Role, and RoleBinding in the same namespace aren't deleted and can only be found via the user uid. Which we might not know anymore since the User CR is already deleted.

      Expected results:
      The user settings ConfigMap, Role, and RoleBinding should also have a label or annotation referencing the user who created these resources.

      See also https://github.com/openshift/console/issues/13696

      For example:

          console.openshift.io/user-settings: "true"
          console.openshift.io/user-settings-username: "" # escaped if the username contains characters that are not valid as label-value
          console.openshift.io/user-settings-uid: "..." # only if available

      Additional info:

            cjerolim Christoph Jerolimov
            cjerolim Christoph Jerolimov
            Sanket Pathak Sanket Pathak
            0 Vote for this issue
            7 Start watching this issue