From 73492ee287fb24dc5bdb5b7bd46f5a7c8c2b8e5f Mon Sep 17 00:00:00 2001 From: Sebastian Malton Date: Fri, 26 Feb 2021 11:08:22 -0500 Subject: [PATCH] all Roles tab to be viewed if cluster has access to clusterrole Signed-off-by: Sebastian Malton --- src/common/rbac.ts | 3 ++- src/main/__test__/cluster.test.ts | 4 ++-- src/renderer/components/+user-management/user-management.tsx | 3 ++- src/renderer/utils/rbac.ts | 1 + 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/common/rbac.ts b/src/common/rbac.ts index afb9fe8030..3802022c83 100644 --- a/src/common/rbac.ts +++ b/src/common/rbac.ts @@ -5,7 +5,7 @@ export type KubeResource = "secrets" | "configmaps" | "ingresses" | "networkpolicies" | "persistentvolumeclaims" | "persistentvolumes" | "storageclasses" | "pods" | "daemonsets" | "deployments" | "statefulsets" | "replicasets" | "jobs" | "cronjobs" | "endpoints" | "customresourcedefinitions" | "horizontalpodautoscalers" | "podsecuritypolicies" | "poddisruptionbudgets" | - "role" | "rolebinding" | "clusterrolebinding" | "serviceaccount"; + "role" | "clusterrole" | "rolebinding" | "clusterrolebinding" | "serviceaccount"; export interface KubeApiResource extends KubeApiResourceData { apiName: KubeResource; // valid api resource name (e.g. "namespaces") @@ -17,6 +17,7 @@ export interface KubeApiResourceData { } export const apiResources: Record = { + "clusterrole": { kind: "ClusterRole", group: "rbac.authorization.k8s.io" }, "clusterrolebinding": { kind: "ClusterRoleBinding", group: "rbac.authorization.k8s.io" }, "configmaps": { kind: "ConfigMap" }, "cronjobs": { kind: "CronJob", group: "batch" }, diff --git a/src/main/__test__/cluster.test.ts b/src/main/__test__/cluster.test.ts index 4b11a19879..8aa77926eb 100644 --- a/src/main/__test__/cluster.test.ts +++ b/src/main/__test__/cluster.test.ts @@ -36,7 +36,7 @@ import { Cluster } from "../cluster"; import { ContextHandler } from "../context-handler"; import { getFreePort } from "../port"; import { V1ResourceAttributes } from "@kubernetes/client-node"; -import { apiResources } from "../../common/rbac"; +import { apiResourceList } from "../../common/rbac"; import request from "request-promise-native"; import { Kubectl } from "../kubectl"; @@ -173,7 +173,7 @@ describe("create clusters", () => { expect(mockedRequest).toBeCalled(); expect(c.accessible).toBe(true); expect(c.allowedNamespaces.length).toBe(1); - expect(c.allowedResources.length).toBe(apiResources.length); + expect(c.allowedResources.length).toBe(apiResourceList.length); c.disconnect(); jest.resetAllMocks(); }); diff --git a/src/renderer/components/+user-management/user-management.tsx b/src/renderer/components/+user-management/user-management.tsx index f1772e2610..e4e4775d67 100644 --- a/src/renderer/components/+user-management/user-management.tsx +++ b/src/renderer/components/+user-management/user-management.tsx @@ -35,7 +35,8 @@ export class UserManagement extends React.Component { }); } - if (isAllowedResource("role")) { + if (isAllowedResource("role") || isAllowedResource("clusterrole")) { + // TODO: seperate out these two pages tabRoutes.push({ title: "Roles", component: Roles, diff --git a/src/renderer/utils/rbac.ts b/src/renderer/utils/rbac.ts index ef7522e8b4..5d3cb88108 100644 --- a/src/renderer/utils/rbac.ts +++ b/src/renderer/utils/rbac.ts @@ -29,5 +29,6 @@ export const ResourceNames: Record = { "role": "Roles", "rolebinding": "Role Bindings", "clusterrolebinding": "Cluster Role Bindings", + "clusterrole": "Cluster Roles", "serviceaccount": "Service Accounts" };