Better support for non-admin RBAC roles

2026-02-14 17:49:55 +00:00 · 2019-05-14 21:11:18 -05:00
parent 25f31d5766
commit 269314f914
9 changed files with 27 additions and 20 deletions
--- a/client/src/components/saveButton.js
+++ b/client/src/components/saveButton.js
@@ -4,7 +4,7 @@ import Button from './button';
 import EditorModal from '../views/editorModal';
 import EditSvg from '../art/editSvg';

-export default class DeleteButton extends Base {
+export default class SaveButton extends Base {
    render() {
        const {onSave, item} = this.props;
        const {showEditor} = this.state || {};
--- a/client/src/services/api.js
+++ b/client/src/services/api.js
@@ -41,8 +41,8 @@ const apis = {
 };

 async function testAuth() {
-    const spec = {resourceAttributes: {}};
-    return post('apis/authorization.k8s.io/v1/selfsubjectaccessreviews', {spec}, false);
+    const spec = {namespace: 'default'};
+    await post('apis/authorization.k8s.io/v1/selfsubjectrulesreviews', {spec}, false);
 }

 async function apply(body) {
@@ -107,8 +107,8 @@ function metrics(url, cb) {
 function apiFactory(apiType, kind) {
    const url = `${apiType}/${kind}`;
    return {
-        list: cb => streamResults(url, cb),
-        get: (name, cb) => streamResult(url, name, cb),
+        list: (cb, errCb) => streamResults(url, cb, errCb),
+        get: (name, cb, errCb) => streamResult(url, name, cb, errCb),
        post: body => post(url, body),
        put: body => put(`${url}/${body.metadata.name}`, body),
        delete: name => del(`${url}/${name}`),
@@ -117,8 +117,8 @@ function apiFactory(apiType, kind) {

 function apiFactoryWithNamespace(apiType, kind, includeScale) {
    const results = {
-        list: (namespace, cb) => streamResults(url(namespace), cb),
-        get: (namespace, name, cb) => streamResult(url(namespace), name, cb),
+        list: (namespace, cb, errCb) => streamResults(url(namespace), cb, errCb),
+        get: (namespace, name, cb, errCb) => streamResult(url(namespace), name, cb, errCb),
        post: body => post(url(body.metadata.namespace), body),
        put: body => put(`${url(body.metadata.namespace)}/${body.metadata.name}`, body),
        delete: (namespace, name) => del(`${url(namespace)}/${name}`),
--- a/client/src/services/apiProxy.js
+++ b/client/src/services/apiProxy.js
@@ -43,7 +43,7 @@ export async function request(path, params, autoLogoutOnAuthError = true) {

    if (!response.ok) {
        const {status, statusText} = response;
-        if (autoLogoutOnAuthError && (status === 401 || status === 403)) {
+        if (autoLogoutOnAuthError && status === 401) {
            log.error('Logging out due to auth error', {status, statusText, path});
            logout();
        }
@@ -64,7 +64,7 @@ export async function request(path, params, autoLogoutOnAuthError = true) {
    return response.json();
 }

-export async function streamResult(url, name, cb) {
+export async function streamResult(url, name, cb, errCb) {
    let isCancelled = false;
    let socket;
    run();
@@ -84,6 +84,7 @@ export async function streamResult(url, name, cb) {
            socket = stream(watchUrl, x => cb(x.object));
        } catch (err) {
            log.error('Error in api request', {err, url});
+            if (errCb) errCb(err);
        }
    }

@@ -95,7 +96,7 @@ export async function streamResult(url, name, cb) {
    }
 }

-export async function streamResults(url, cb) {
+export async function streamResults(url, cb, errCb) {
    const results = {};
    let isCancelled = false;
    let socket;
@@ -114,6 +115,7 @@ export async function streamResults(url, cb) {
            socket = stream(watchUrl, update);
        } catch (err) {
            log.error('Error in api request', {err, url});
+            if (errCb) errCb(err);
        }
    }

--- a/client/src/views/auth.js
+++ b/client/src/views/auth.js
@@ -99,14 +99,7 @@ async function oidcLogin(code, returnedState) {
 async function login(token) {
    try {
        setToken(token);
-
-        const result = await api.testAuth();
-        log.info('Auth', result);
-
-        if (!result || !result.status || !result.status.allowed) {
-            throw new Error('Invalid login');
-        }
-
+        await api.testAuth();
        window.location.reload();
    } catch (err) {
        log.error('Login Failed', err);
--- a/client/src/views/clusterRole.js
+++ b/client/src/views/clusterRole.js
@@ -54,6 +54,7 @@ export default class ClusterRole extends Base {
                        <thead>
                            <tr>
                                <th>Resources</th>
+                                <th>Non Resource</th>
                                <th>Names</th>
                                <th>Verbs</th>
                                <th>Groups</th>
@@ -63,6 +64,7 @@ export default class ClusterRole extends Base {
                        <TableBody items={rules} colSpan='4' row={(x, i) => (
                            <tr key={i}>
                                <td>{_.map(x.resources, toDiv)}</td>
+                                <td>{_.map(x.nonResourceURLs, toDiv)}</td>
                                <td>{_.map(x.resourceNames, toDiv)}</td>
                                <td>{_.map(x.verbs, toDiv)}</td>
                                <td>{_.map(x.apiGroups, toDiv)}</td>
--- a/client/src/views/editorModal.js
+++ b/client/src/views/editorModal.js
@@ -108,3 +108,12 @@ export default class EditorModal extends Base {
        );
    }
 }
+
+// function yaml2js(allowArrays, yaml) {
+//     if (!allowArrays) return yamljs.parse(yaml);
+
+//     return yaml
+//         .split('---')
+//         .filter(Boolean)
+//         .map(yamljs.parse);
+// }
--- a/client/src/views/serviceAccount.js
+++ b/client/src/views/serviceAccount.js
@@ -26,7 +26,7 @@ export default class ServiceAccount extends Base {

        return (
            <div id='content'>
-                <ItemHeader title={['Volume Claim', namespace, name]} ready={!!item}>
+                <ItemHeader title={['Service Account', namespace, name]} ready={!!item}>
                    <>
                        <SaveButton
                            item={item}
--- a/server/index.js
+++ b/server/index.js
@@ -24,6 +24,7 @@ const opts = {};
 kc.applyToRequest(opts);

 const target = kc.getCurrentCluster().server;
+console.log('API URL: ', target);
 const agent = new https.Agent({ca: opts.ca});
 const proxySettings = {
    target,
--- a/server/package.json
+++ b/server/package.json
@@ -4,7 +4,7 @@
  "description": "",
  "main": "index.js",
  "scripts": {
-    "start": "nodemon .",
+    "start": "DEBUG_VERBOSE=true nodemon .",
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",