From 2b3351bf9b06d0a0d97903234a2f2ec8b9727652 Mon Sep 17 00:00:00 2001 From: Sebastian Malton Date: Wed, 4 Aug 2021 16:01:47 -0400 Subject: [PATCH] Remove circular dependency with isAllowedResource function (#3545) Signed-off-by: Sebastian Malton --- src/common/rbac.ts | 18 -------- src/common/utils/allowed-resource.ts | 41 +++++++++++++++++++ src/extensions/renderer-api/k8s-api.ts | 2 +- src/renderer/components/+config/config.tsx | 2 +- src/renderer/components/+network/network.tsx | 2 +- src/renderer/components/+storage/storage.tsx | 2 +- .../+user-management/user-management.tsx | 2 +- .../+workloads-overview/overview-statuses.tsx | 3 +- .../components/+workloads/workloads.tsx | 2 +- src/renderer/components/app.tsx | 2 +- src/renderer/components/layout/sidebar.tsx | 2 +- .../workloads-overview-detail-registry.tsx | 2 +- 12 files changed, 52 insertions(+), 28 deletions(-) create mode 100644 src/common/utils/allowed-resource.ts diff --git a/src/common/rbac.ts b/src/common/rbac.ts index 1562d1915a..817d22b50a 100644 --- a/src/common/rbac.ts +++ b/src/common/rbac.ts @@ -19,9 +19,6 @@ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -import { ClusterStore } from "./cluster-store"; -import { getHostedClusterId } from "./utils"; - export type KubeResource = "namespaces" | "nodes" | "events" | "resourcequotas" | "services" | "limitranges" | "secrets" | "configmaps" | "ingresses" | "networkpolicies" | "persistentvolumeclaims" | "persistentvolumes" | "storageclasses" | @@ -74,18 +71,3 @@ export const apiResourceRecord: Record = { // TODO: auto-populate all resources dynamically (see: kubectl api-resources -o=wide -v=7) export const apiResources: KubeApiResource[] = Object.entries(apiResourceRecord) .map(([apiName, data]) => ({ apiName: apiName as KubeResource, ...data })); - -export function isAllowedResource(resources: KubeResource | KubeResource[]) { - if (!Array.isArray(resources)) { - resources = [resources]; - } - const { allowedResources = [] } = ClusterStore.getInstance().getById(getHostedClusterId()) || {}; - - for (const resource of resources) { - if (!allowedResources.includes(resource)) { - return false; - } - } - - return true; -} diff --git a/src/common/utils/allowed-resource.ts b/src/common/utils/allowed-resource.ts new file mode 100644 index 0000000000..d8d3676f17 --- /dev/null +++ b/src/common/utils/allowed-resource.ts @@ -0,0 +1,41 @@ +/** + * Copyright (c) 2021 OpenLens Authors + * + * Permission is hereby granted, free of charge, to any person obtaining a copy of + * this software and associated documentation files (the "Software"), to deal in + * the Software without restriction, including without limitation the rights to + * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of + * the Software, and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS + * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR + * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER + * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +import { ClusterStore } from "../cluster-store"; +import type { KubeResource } from "../rbac"; +import { getHostedClusterId } from "./cluster-id-url-parsing"; + +export function isAllowedResource(resource: KubeResource | KubeResource[]) { + const resources = [resource].flat(); + const cluster = ClusterStore.getInstance().getById(getHostedClusterId()); + + if (!cluster?.allowedResources) { + return false; + } + + if (resources.length === 0) { + return true; + } + + const allowedResources = new Set(cluster.allowedResources); + + return resources.every(resource => allowedResources.has(resource)); +} diff --git a/src/extensions/renderer-api/k8s-api.ts b/src/extensions/renderer-api/k8s-api.ts index c579aafbb6..2c31a4036f 100644 --- a/src/extensions/renderer-api/k8s-api.ts +++ b/src/extensions/renderer-api/k8s-api.ts @@ -19,7 +19,7 @@ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -export { isAllowedResource } from "../../common/rbac"; +export { isAllowedResource } from "../../common/utils/allowed-resource"; export { ResourceStack } from "../../common/k8s/resource-stack"; export { apiManager } from "../../renderer/api/api-manager"; export { KubeObjectStore } from "../../renderer/kube-object.store"; diff --git a/src/renderer/components/+config/config.tsx b/src/renderer/components/+config/config.tsx index c04f5eeb37..24d84cff34 100644 --- a/src/renderer/components/+config/config.tsx +++ b/src/renderer/components/+config/config.tsx @@ -27,7 +27,7 @@ import { Secrets } from "../+config-secrets"; import { ResourceQuotas } from "../+config-resource-quotas"; import { PodDisruptionBudgets } from "../+config-pod-disruption-budgets"; import { HorizontalPodAutoscalers } from "../+config-autoscalers"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import { LimitRanges } from "../+config-limit-ranges"; import * as routes from "../../../common/routes"; diff --git a/src/renderer/components/+network/network.tsx b/src/renderer/components/+network/network.tsx index ae4a7596fa..7c177ee2a3 100644 --- a/src/renderer/components/+network/network.tsx +++ b/src/renderer/components/+network/network.tsx @@ -28,7 +28,7 @@ import { Services } from "../+network-services"; import { Endpoints } from "../+network-endpoints"; import { Ingresses } from "../+network-ingresses"; import { NetworkPolicies } from "../+network-policies"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import * as routes from "../../../common/routes"; @observer diff --git a/src/renderer/components/+storage/storage.tsx b/src/renderer/components/+storage/storage.tsx index 3d4dd55ce3..cdc06a1e3c 100644 --- a/src/renderer/components/+storage/storage.tsx +++ b/src/renderer/components/+storage/storage.tsx @@ -27,7 +27,7 @@ import { TabLayout, TabLayoutRoute } from "../layout/tab-layout"; import { PersistentVolumes } from "../+storage-volumes"; import { StorageClasses } from "../+storage-classes"; import { PersistentVolumeClaims } from "../+storage-volume-claims"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import * as routes from "../../../common/routes"; @observer diff --git a/src/renderer/components/+user-management/user-management.tsx b/src/renderer/components/+user-management/user-management.tsx index 3c7e042cd5..2b6191a13e 100644 --- a/src/renderer/components/+user-management/user-management.tsx +++ b/src/renderer/components/+user-management/user-management.tsx @@ -25,7 +25,7 @@ import React from "react"; import { observer } from "mobx-react"; import { TabLayout, TabLayoutRoute } from "../layout/tab-layout"; import { PodSecurityPolicies } from "../+pod-security-policies"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import * as routes from "../../../common/routes"; import { ClusterRoleBindings } from "./+cluster-role-bindings"; import { ServiceAccounts } from "./+service-accounts"; diff --git a/src/renderer/components/+workloads-overview/overview-statuses.tsx b/src/renderer/components/+workloads-overview/overview-statuses.tsx index ebf62c1d98..f20b9d25ff 100644 --- a/src/renderer/components/+workloads-overview/overview-statuses.tsx +++ b/src/renderer/components/+workloads-overview/overview-statuses.tsx @@ -28,10 +28,11 @@ import { Link } from "react-router-dom"; import { workloadStores } from "../+workloads"; import { namespaceStore } from "../+namespaces/namespace.store"; import { NamespaceSelectFilter } from "../+namespaces/namespace-select-filter"; -import { isAllowedResource, KubeResource } from "../../../common/rbac"; +import type { KubeResource } from "../../../common/rbac"; import { ResourceNames } from "../../utils/rbac"; import { boundMethod } from "../../utils"; import { workloadURL } from "../../../common/routes"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; const resources: KubeResource[] = [ "pods", diff --git a/src/renderer/components/+workloads/workloads.tsx b/src/renderer/components/+workloads/workloads.tsx index 5f8724b928..71007b1195 100644 --- a/src/renderer/components/+workloads/workloads.tsx +++ b/src/renderer/components/+workloads/workloads.tsx @@ -31,7 +31,7 @@ import { DaemonSets } from "../+workloads-daemonsets"; import { StatefulSets } from "../+workloads-statefulsets"; import { Jobs } from "../+workloads-jobs"; import { CronJobs } from "../+workloads-cronjobs"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import { ReplicaSets } from "../+workloads-replicasets"; import * as routes from "../../../common/routes"; diff --git a/src/renderer/components/app.tsx b/src/renderer/components/app.tsx index 4d8195206f..b881bb74bb 100755 --- a/src/renderer/components/app.tsx +++ b/src/renderer/components/app.tsx @@ -31,7 +31,7 @@ import { Events } from "./+events/events"; import { DeploymentScaleDialog } from "./+workloads-deployments/deployment-scale-dialog"; import { CronJobTriggerDialog } from "./+workloads-cronjobs/cronjob-trigger-dialog"; import { CustomResources } from "./+custom-resources/custom-resources"; -import { isAllowedResource } from "../../common/rbac"; +import { isAllowedResource } from "../../common/utils/allowed-resource"; import logger from "../../main/logger"; import { webFrame } from "electron"; import { ClusterPageRegistry, getExtensionPageUrl } from "../../extensions/registries/page-registry"; diff --git a/src/renderer/components/layout/sidebar.tsx b/src/renderer/components/layout/sidebar.tsx index 96e3a26dac..44e57e9202 100644 --- a/src/renderer/components/layout/sidebar.tsx +++ b/src/renderer/components/layout/sidebar.tsx @@ -33,7 +33,7 @@ import { Network } from "../+network"; import { crdStore } from "../+custom-resources/crd.store"; import { CustomResources } from "../+custom-resources/custom-resources"; import { isActiveRoute } from "../../navigation"; -import { isAllowedResource } from "../../../common/rbac"; +import { isAllowedResource } from "../../../common/utils/allowed-resource"; import { Spinner } from "../spinner"; import { ClusterPageMenuRegistration, ClusterPageMenuRegistry, ClusterPageRegistry, getExtensionPageUrl } from "../../../extensions/registries"; import { SidebarItem } from "./sidebar-item"; diff --git a/src/renderer/initializers/workloads-overview-detail-registry.tsx b/src/renderer/initializers/workloads-overview-detail-registry.tsx index b374bb11af..b8aec840bf 100644 --- a/src/renderer/initializers/workloads-overview-detail-registry.tsx +++ b/src/renderer/initializers/workloads-overview-detail-registry.tsx @@ -20,7 +20,7 @@ */ import React from "react"; -import { isAllowedResource } from "../../common/rbac"; +import { isAllowedResource } from "../../common/utils/allowed-resource"; import { WorkloadsOverviewDetailRegistry } from "../../extensions/registries"; import { Events } from "../components/+events"; import { OverviewStatuses } from "../components/+workloads-overview/overview-statuses";