Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-37560

Console user settings resources misses ownerRef, removing a user results in remaining data

XMLWordPrintable

    • None
    • Yes
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, resources created when a new user is created was not removed automatically when the user was deleted. This caused clutter on the cluster with configuration maps, roles, and role-bindings. With this update, `ownerRefs` was added to the resources, so they are cleared once the user is deleted and the cluster no longer clutters with users. (link:https://issues.redhat.com/browse/OCPBUGS-37560[(*OCPBUGS-37560*)]
      Show
      * Previously, resources created when a new user is created was not removed automatically when the user was deleted. This caused clutter on the cluster with configuration maps, roles, and role-bindings. With this update, `ownerRefs` was added to the resources, so they are cleared once the user is deleted and the cluster no longer clutters with users. (link: https://issues.redhat.com/browse/OCPBUGS-37560 [(* OCPBUGS-37560 *)]
    • Bug Fix
    • Done

      Description of problem:
      Console user settings are saved in a ConfigMap for each user in the namespace openshift-console-user-settings.

      The console frontend uses the k8s API to read and write that ConfigMap. The console backend creates a ConfigMap with a Role and RoleBinding for each user, giving that single user read and write access to his/her own ConfigMap.

      The number of Role and RoleBindings might decrease a cluster performance. This has happened in the past, esp. on the Developer Sandbox, where a long-living cluster creates new users that is then automatically removed after a month. Keeping the Role and RoleBinding results in performance issues.

      The resources had an ownerReference before 4.15 so that the 3 resources (1 ConfigMap, 1 Role, 1 RoleBinding) was automatically removed when the User resource was deleted. This ownerReference was removed with 4.15 to support external OIDC providers.

      The ask in this issue is to restore that ownerReference for the OpenShift auth provider.

      History:

      • User setting feature was introduced 2020 with 4.7 (ODC-4370) without a ownerReference for these resources.
      • After noticing performance issues on Dev Sandbox 2022 (BZ 2019564) we added an ownerReference in 4.11 (PR 11130) and backported this change 4.10 and 4.9.
      • The ownerReference was removed in 4.15 with CONSOLE-3829/OCPBUGS-16814/PR 13321. This is a regression.

      See also:

      Version-Release number of selected component (if applicable):
      4.15+

      How reproducible:
      Always

      Steps to Reproduce:

      1. Create a new user
      2. Login into the console
      3. Check for the user settings ConfigMap, Role and RoleBinding for that deleted user.
      4. Delete the user
      5. The resources should now be removed...

      Actual results:
      The three resources weren't deleted after the user was deleted.

      Expected results:
      The three resources should be deleted after the user is deleted.

      Additional info:

            [OCPBUGS-37560] Console user settings resources misses ownerRef, removing a user results in remaining data

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2024:6122

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Important: OpenShift Container Platform 4.18.1 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:6122

            Avik Kundu added a comment -

            Verified on 4.18.0-0.nightly-2024-09-12-073027

            Avik Kundu added a comment - Verified on 4.18.0-0.nightly-2024-09-12-073027

            OpenShift Jira Bot added a comment -

            Hi avik6028,

            Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

            OpenShift Jira Bot added a comment - Hi avik6028 , Bugs should not be moved to Verified without first providing a Release Note Type("Bug Fix" or "No Doc Update") and for type "Bug Fix" the Release Note Text must also be provided. Please populate the necessary fields before moving the Bug to Verified.

            Samuel Padgett added a comment -

            Thanks cjerolim. We should also make sure we understand when external OIDC can be enabled or disabled after cluster creation and handle these use cases.

            Samuel Padgett added a comment - Thanks cjerolim . We should also make sure we understand when external OIDC can be enabled or disabled after cluster creation and handle these use cases.

              avik6028 Avik Kundu
              cjerolim Christoph Jerolimov
              Sanket Pathak Sanket Pathak
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: