Fix shouldShowResource when not a cluster admin (#6900)

* Fix shouldShowResource when not a cluster admin Signed-off-by: Sebastian Malton <sebastian@malton.name> * Fix only tests that rely on bad formatting of resources Signed-off-by: Sebastian Malton <sebastian@malton.name> Signed-off-by: Sebastian Malton <sebastian@malton.name>
2025-05-20 05:10:56 +00:00 · 2023-01-11 06:02:10 -08:00 · 2023-01-11 06:02:10 -08:00 · 0ec8cbd7ed
commit 0ec8cbd7ed
parent 841c6b5720
23 changed files with 45 additions and 41 deletions
--- a/src/common/front-end-routing/routes/cluster/config/config-maps/config-maps-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/config-maps/config-maps-route.injectable.ts
@ -13,7 +13,7 @@ const configMapsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "configmaps",
-      group: "v1",
+      group: "",
    }),
  }),
  injectionToken: frontEndRouteInjectionToken,
--- a/src/common/front-end-routing/routes/cluster/config/limit-ranges/limit-ranges-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/limit-ranges/limit-ranges-route.injectable.ts
@ -14,7 +14,7 @@ const limitRangesRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "limitranges",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/config/resource-quotas/resource-quotas-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/resource-quotas/resource-quotas-route.injectable.ts
@ -14,7 +14,7 @@ const resourceQuotasRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "resourcequotas",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/config/secrets/secrets-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/config/secrets/secrets-route.injectable.ts
@ -14,7 +14,7 @@ const secretsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "secrets",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/events/events-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/events/events-route.injectable.ts
@ -14,7 +14,7 @@ const eventsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "events",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/namespaces/namespaces-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/namespaces/namespaces-route.injectable.ts
@ -14,7 +14,7 @@ const namespacesRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "namespaces",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/network/endpoints/endpoints-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/endpoints/endpoints-route.injectable.ts
@ -14,7 +14,7 @@ const endpointsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "endpoints",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/network/services/services-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/network/services/services-route.injectable.ts
@ -14,7 +14,7 @@ const servicesRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "services",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/nodes/nodes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/nodes/nodes-route.injectable.ts
@ -14,7 +14,7 @@ const nodesRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "nodes",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/overview/cluster-overview-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/overview/cluster-overview-route.injectable.ts
@ -14,7 +14,7 @@ const clusterOverviewRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "nodes",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/storage/persistent-volume-claims/persistent-volume-claims-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/storage/persistent-volume-claims/persistent-volume-claims-route.injectable.ts
@ -14,7 +14,7 @@ const persistentVolumeClaimsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "persistentvolumeclaims",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/storage/persistent-volumes/persistent-volumes-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/storage/persistent-volumes/persistent-volumes-route.injectable.ts
@ -14,7 +14,7 @@ const persistentVolumesRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "persistentvolumes",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/user-management/service-accounts/service-accounts-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/user-management/service-accounts/service-accounts-route.injectable.ts
@ -14,7 +14,7 @@ const serviceAccountsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "serviceaccounts",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/front-end-routing/routes/cluster/workloads/pods/pods-route.injectable.ts
+++ b/src/common/front-end-routing/routes/cluster/workloads/pods/pods-route.injectable.ts
@ -14,7 +14,7 @@ const podsRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "pods",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/common/rbac.ts
+++ b/src/common/rbac.ts
@ -13,17 +13,21 @@ export type KubeResource =

 export interface KubeApiResource {
  kind: string;
-  group: string;
+  group: string; // api-group, if empty then "core"
  apiName: string;
  namespaced: boolean;
 }

 export interface KubeApiResourceDescriptor {
  apiName: string;
-  group: string;
+  group: string; // api-group, if empty then "core"
 }

-export const formatKubeApiResource = (res: KubeApiResourceDescriptor) => `${res.group}/${res.apiName}`;
+export const formatKubeApiResource = (desc: KubeApiResourceDescriptor) => (
+  desc.group
+    ? `${desc.group}/${desc.apiName}`
+    : desc.apiName
+);

 export interface KubeApiResourceData {
  kind: string; // resource type (e.g. "Namespace")
@ -44,7 +48,7 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  configmaps: {
    kind: "ConfigMap",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  cronjobs: {
@ -69,12 +73,12 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  endpoints: {
    kind: "Endpoint",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  events: {
    kind: "Event",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  horizontalpodautoscalers: {
@ -99,17 +103,17 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  namespaces: {
    kind: "Namespace",
-    group: "v1",
+    group: "",
    namespaced: false,
  },
  limitranges: {
    kind: "LimitRange",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  leases: {
    kind: "Lease",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  networkpolicies: {
@ -119,22 +123,22 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  nodes: {
    kind: "Node",
-    group: "v1",
+    group: "",
    namespaced: false,
  },
  persistentvolumes: {
    kind: "PersistentVolume",
-    group: "v1",
+    group: "",
    namespaced: false,
  },
  persistentvolumeclaims: {
    kind: "PersistentVolumeClaim",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  pods: {
    kind: "Pod",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  poddisruptionbudgets: {
@ -159,7 +163,7 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  resourcequotas: {
    kind: "ResourceQuota",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  replicasets: {
@ -179,17 +183,17 @@ export const apiResourceRecord: Record<KubeResource, KubeApiResourceData> = {
  },
  secrets: {
    kind: "Secret",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  serviceaccounts: {
    kind: "ServiceAccount",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  services: {
    kind: "Service",
-    group: "v1",
+    group: "",
    namespaced: true,
  },
  statefulsets: {
--- a/src/features/cluster/namespaces/edit-namespace-from-new-tab.test.tsx
+++ b/src/features/cluster/namespaces/edit-namespace-from-new-tab.test.tsx
@ -66,7 +66,7 @@ describe("cluster/namespaces - edit namespace from new tab", () => {

    builder.allowKubeResource({
      apiName: "namespaces",
-      group: "v1",
+      group: "",
    });
  });

--- a/src/features/cluster/namespaces/edit-namespace-from-previously-opened-tab.test.tsx
+++ b/src/features/cluster/namespaces/edit-namespace-from-previously-opened-tab.test.tsx
@ -37,7 +37,7 @@ describe("cluster/namespaces - edit namespaces from previously opened tab", () =

    builder.allowKubeResource({
      apiName: "namespaces",
-      group: "v1",
+      group: "",
    });
  });

--- a/src/features/cluster/visibility-of-sidebar-items.test.tsx
+++ b/src/features/cluster/visibility-of-sidebar-items.test.tsx
@ -52,7 +52,7 @@ describe("cluster - visibility of sidebar items", () => {
      beforeEach(() => {
        builder.allowKubeResource({
          apiName: "namespaces",
-          group: "v1",
+          group: "",
        });
      });

@ -77,7 +77,7 @@ const testRouteInjectable = getInjectable({
    clusterFrame: true,
    isEnabled: di.inject(shouldShowResourceInjectionToken, {
      apiName: "namespaces",
-      group: "v1",
+      group: "",
    }),
  }),

--- a/src/features/cluster/workload-overview.test.tsx
+++ b/src/features/cluster/workload-overview.test.tsx
@ -15,7 +15,7 @@ describe("workload overview", () => {
    applicationBuilder = getApplicationBuilder().setEnvironmentToClusterFrame();
    applicationBuilder.allowKubeResource({
      apiName: "pods",
-      group: "v1",
+      group: "",
    });
    rendered = await applicationBuilder.render();
  });
--- a/src/main/cluster/request-core-api-versions.injectable.ts
+++ b/src/main/cluster/request-core-api-versions.injectable.ts
@ -16,7 +16,7 @@ const requestCoreApiVersionsInjectable = getInjectable({
      const { versions } = await k8sRequest(cluster, "/api") as V1APIVersions;

      return versions.map(version => ({
-        group: version,
+        group: "",
        path: `/api/${version}`,
      }));
    };
--- a/src/renderer/components/+workloads-overview/workloads/implementations/pods-workload.injectable.ts
+++ b/src/renderer/components/+workloads-overview/workloads/implementations/pods-workload.injectable.ts
@ -21,7 +21,7 @@ const podsWorkloadInjectable = getInjectable({
    return {
      resource: {
        apiName: "pods",
-        group: "v1",
+        group: "",
      },
      open: navigate,

--- a/src/renderer/frames/cluster-frame/cluster-frame.test.tsx
+++ b/src/renderer/frames/cluster-frame/cluster-frame.test.tsx
@ -69,7 +69,7 @@ describe("<ClusterFrame />", () => {
  describe("given cluster with list nodes and namespaces permissions", () => {
    beforeEach(() => {
      // TODO: replace with not using private info
-      (cluster as any).allowedResources.replace(["v1/nodes", "v1/namespaces"]);
+      (cluster as unknown as { readonly allowedResources: Cluster["allowedResources"] }).allowedResources.replace(["nodes", "namespaces"]);
    });

    it("renders", () => {
@ -110,7 +110,7 @@ describe("<ClusterFrame />", () => {

  describe("given cluster without list nodes, but with namespaces permissions", () => {
    beforeEach(() => {
-      (cluster as any).allowedResources.replace(["v1/namespaces"]);
+      (cluster as unknown as { readonly allowedResources: Cluster["allowedResources"] }).allowedResources.replace(["namespaces"]);
    });

    it("renders", () => {
--- a/src/renderer/initializers/workload-events.tsx
+++ b/src/renderer/initializers/workload-events.tsx
@ -34,7 +34,7 @@ export const WorkloadEvents = withInjectables<Dependencies, WorkloadEventsProps>
  getProps: (di, props) => ({
    workloadEventsAreAllowed: di.inject(shouldShowResourceInjectionToken, {
      apiName: "events",
-      group: "v1",
+      group: "",
    }),
    ...props,
  }),