fix: API requests with single RM and recover from panic during unauthorized autocreate

[amandavialva01]

Ticket

DET-10385, DET-10386

Description

This PR fixes the following issues:

• API requests for single RM only work when the cluster name is specified in the request
• Autocreate panic is not handled when attempted with OSS
• Some lint issues after feature branch rebase with main
• Autocreating namespace fails given workspace whose name doesn't match the accepted namespace regex pattern.

Test Plan

Spin up a single RM kubernetes EE cluster to execute the test plan.
To test API requests for single RM, run the following commands and make sure that they work:

• det w create ws1 --auto-create-namespace
• det w create ws2 && det w bindings set ws2 --namespace default
• det w create ws3 --namespace default
• det w create ws4 && det w bindings set ws4 --auto-create-namespace

To test auto-create panic handled gracefully with an intuitive error message:

• Kill your Kubernetes cluster (if it's EE) and spin up an OSS Kubernetes cluster (remove license.txt and public.txt from your determined directory).
• Run det w create ws10 --auto-create-namespace and verify that we get an error saying that auto create is an EE-only feature
• Run det w create ws11 && det w bindings set ws11 --auto-create-namespace and verify that we get an error saying that auto create is an EE-only feature

To test namespace auto-creation with workspaces whose names don't match the accepted namespace regex pattern, run
det w create name,of_workspacE --auto-create-namespace and verify that a Kubernetes namespace is successfully created

• Run det w create ANOTHER,name,of_workspacE && det w bindings set ANOTHER,name,of_workspacE --auto-create-namespace and verify that a Kubernetes namespace is successfully created

Checklist

• Changes have been manually QA'd
• New features have been approved by the corresponding PM
• User-facing API changes have the "User-facing API Change" label
• Release notes have been added as a separate file under docs/release-notes/
  See Release Note for details.
• Licenses have been included for new code which was copied and/or modified from any external code

[netlify]

✅ Deploy Preview for determined-ui ready!

Name	Link
🔨 Latest commit	82011dc
🔍 Latest deploy log	https://app.netlify.com/sites/determined-ui/deploys/667c323121ae3f0008b78e4b
😎 Deploy Preview	https://deploy-preview-9573--determined-ui.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 41.66667% with 14 lines in your changes missing coverage. Please review.

Project coverage is 51.75%. Comparing base (86214e5) to head (95a68f0).

Additional details and impacted files

@@                    Coverage Diff                     @@
##           wksp-namespace-binding    #9573      +/-   ##
==========================================================
- Coverage                   51.75%   51.75%   -0.01%     
==========================================================
  Files                        1255     1255              
  Lines                      154074   154076       +2     
  Branches                     3120     3120              
==========================================================
- Hits                        79747    79746       -1     
- Misses                      74172    74175       +3     
  Partials                      155      155              

Flag	Coverage Δ
backend	43.82% <69.23%> (-0.01%)	⬇️
harness	72.61% <9.09%> (-0.01%)	⬇️
web	49.15% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
master/internal/api_workspace.go	59.07% <69.23%> (+0.25%)	⬆️
harness/determined/cli/workspace.py	16.50% <9.09%> (-0.32%)	⬇️

... and 1 file with indirect coverage changes

[tara-det-ai]

LGTM

[kkunapuli]

I love this change; I think it's really easy to follow!

[jgongd]

Nice work. It's easier to understand the intention!

[kkunapuli]

I'm just curious - does this give master permission to create the resources in the list?

[amandavialva01]

Yea! The pods in the master deployment running the master service are authorized as the specified service account when accessing the Kubernetes API and have the permissions granted to the service account in the helm release, among those permissions being the ability to CRUD the listed resources!

[kkunapuli]

Oh, awesome - thanks!!

[kkunapuli]

Should this be newClusterName instead of clusterName here? I guess I'm a little confused that there's a map where the key is newClusterName but the value has a field where ClusterName = clusterName.

[amandavialva01]

Awesome catch! Yea it should be newClusterName. Thankss

[kkunapuli]

LGTM!

Minor suggestion: this PR fixes a couple bugs right? Are there any tests we could add to help confirm the issues are fixed and to ensure they don't pop up again? (If not, that's fine. You know the work better than I do!)

[amandavialva01]

LGTM!

Minor suggestion: this PR fixes a couple bugs right? Are there any tests we could add to help confirm the issues are fixed and to ensure they don't pop up again? (If not, that's fine. You know the work better than I do!)
We are planning to do automated testing that covers the bugs fixed here in separate PRs since there are a lot of features to test! I have manually tested everything following the description instructions!