Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-39601

Console user settings resources misses ownerRef, removing a user results in remaining data

XMLWordPrintable

    • None
    • Yes
    • ODC Sprint 3262, ODC Sprint 3263
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previosuly, resources for a new user account were not removed when the account was deleted. This caused unnecessary information in config maps, roles, and role-bindings. With this release, an `ownerRef` tag is added to these resources, so that when you delete a user account the resources are also deleted from all cluster resources. (link:https://issues.redhat.com/browse/OCPBUGS-39601[*OCPBUGS-39601*])
      Show
      * Previosuly, resources for a new user account were not removed when the account was deleted. This caused unnecessary information in config maps, roles, and role-bindings. With this release, an `ownerRef` tag is added to these resources, so that when you delete a user account the resources are also deleted from all cluster resources. (link: https://issues.redhat.com/browse/OCPBUGS-39601 [* OCPBUGS-39601 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-37560. The following is the description of the original issue:

      Description of problem:
      Console user settings are saved in a ConfigMap for each user in the namespace openshift-console-user-settings.

      The console frontend uses the k8s API to read and write that ConfigMap. The console backend creates a ConfigMap with a Role and RoleBinding for each user, giving that single user read and write access to his/her own ConfigMap.

      The number of Role and RoleBindings might decrease a cluster performance. This has happened in the past, esp. on the Developer Sandbox, where a long-living cluster creates new users that is then automatically removed after a month. Keeping the Role and RoleBinding results in performance issues.

      The resources had an ownerReference before 4.15 so that the 3 resources (1 ConfigMap, 1 Role, 1 RoleBinding) was automatically removed when the User resource was deleted. This ownerReference was removed with 4.15 to support external OIDC providers.

      The ask in this issue is to restore that ownerReference for the OpenShift auth provider.

      History:

      • User setting feature was introduced 2020 with 4.7 (ODC-4370) without a ownerReference for these resources.
      • After noticing performance issues on Dev Sandbox 2022 (BZ 2019564) we added an ownerReference in 4.11 (PR 11130) and backported this change 4.10 and 4.9.
      • The ownerReference was removed in 4.15 with CONSOLE-3829/OCPBUGS-16814/PR 13321. This is a regression.

      See also:

      Version-Release number of selected component (if applicable):
      4.15+

      How reproducible:
      Always

      Steps to Reproduce:

      1. Create a new user
      2. Login into the console
      3. Check for the user settings ConfigMap, Role and RoleBinding for that deleted user.
      4. Delete the user
      5. The resources should now be removed...

      Actual results:
      The three resources weren't deleted after the user was deleted.

      Expected results:
      The three resources should be deleted after the user is deleted.

      Additional info:

            avik6028 Avik Kundu
            openshift-crt-jira-prow OpenShift Prow Bot
            Sanket Pathak Sanket Pathak
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: