Chapter 7. Known issues
7.1. Dashboard is not available when using the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property
There is a known issue affecting workspaces using Microsoft Azure DevOps/Bitbucket/GitHub git providers in connection with the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property. Every time you start a workspace, a new personal access token (PAT) is added to the previous PATs which are not removed. When the number of existing PATs exceeds five, you can not run the workspace, and the Dashboard is not available.
Additional resources
7.2. Previous personal tokens not removed after using the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property
There is a known issue with using the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property. After using the property, the previous Microsoft Azure DevOps/Bitbucket/GitHub personal tokens are not removed. This can also cause issues with accessing the Dashboard.
Additional resources
7.3. "Untrusted Repository" pop-up re-appears after applying Refused OAuth authorization.
There is currently a known issue with applying Refused OAuth authorization. When you launch a factory with OAuth setup and if and apply the Refused OAuth authorization, the "Untrusted Repository" pop-up appears again.
Additional resources
7.4. Issues with starting a new workspace from a URL that points to a branch of a repository that doesn’t have a devfile
There is a known issue affecting repositories without a devfile.yaml
file. If you start a new workspace from a branch of such repository, the default branch (e.g. 'main') is used for project cloning instead of the expected branch.
Additional resources
7.5. Refresh token mode causes cyclic reload of the workspace start page
There is a known issue when experimental refresh token mode is applied using the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property for the GitHub and Microsoft Azure DevOps OAuth providers. This causes the workspace starts to reload the dashboard cyclically, creating a new personal access token on each page restart. The refresh token mode works correctly for 'GitLab' and 'BitBucket' OAuth providers.
Additional resources
7.6. FIPS compliance update
There’s a known issue with FIPS compliance that results in certain cryptographic modules not being FIPS-validated. Below is a list of requirements and limitations for using FIPS with OpenShift Dev Spaces:
Required cluster and operator updates
Update your Red Hat OpenShift Container Platform installation to the latest z-stream update for 4.11, 4.12, or 4.13 as appropriate. If you do not already have FIPS enabled, you will need to uninstall and reinstall.
Once the cluster is up and running, install OpenShift Dev Spaces 3.7.1 (3.7-264) and verify that the latest DevWorkspace operator bundle 0.21.2 (0.21-7) or newer is also installed and updated. See https://catalog.redhat.com/software/containers/devworkspace/devworkspace-operator-bundle/60ec9f48744684587e2186a3
Golang compiler in UDI image
The Universal Developer Image (UDI) container includes a golang compiler, which was built without the CGO_ENABLED=1
flag. The check-payload scanner ( https://github.com/openshift/check-payload ) will throw an error, but this can be safely ignored provided that anything you build with this compiler sets the correct flag CGO_ENABLED=1
and does NOT use extldflags -static
or -tags no_openssl
.
The resulting binaries can be scanned and should pass without error.
Statically linked binaries
You can find statically linked binaries not related to cryptography in these two containers:
- code-rhel8
- idea-rhel8.
As they are not related to cryptography, they do not affect FIPS compliance.
Helm support for FIPS
The UDI container includes the helm
binary, which was not compiled with FIPS support. If you are in a FIPS environment do not use helm
.
Additional resources
7.7. Debugger does not work in the .NET sample
Currently, the debugger in Microsoft Visual Studio Code - Open Source does not work in the .NET sample.
Workaround
Use a different image from the following sources:
Additional resources