From a96fefd32edac94a842f8eae65cbc6ba1851a8f7 Mon Sep 17 00:00:00 2001 From: Lisa Kim Date: Thu, 3 Oct 2024 20:14:22 -0700 Subject: [PATCH] Web: define request mode field --- web/packages/teleport/src/services/kube/types.ts | 8 +++++--- .../teleport/src/services/user/makeUserContext.ts | 3 +++ web/packages/teleport/src/services/user/types.ts | 11 +++++++++++ web/packages/teleport/src/services/user/user.test.ts | 6 +++++- web/packages/teleport/src/stores/storeUserContext.ts | 7 +++++++ 5 files changed, 31 insertions(+), 4 deletions(-) diff --git a/web/packages/teleport/src/services/kube/types.ts b/web/packages/teleport/src/services/kube/types.ts index 554249a287b64..735dfd45b1459 100644 --- a/web/packages/teleport/src/services/kube/types.ts +++ b/web/packages/teleport/src/services/kube/types.ts @@ -27,11 +27,13 @@ export interface Kube { } /** - * Add kind consts as we go. - * Supported kube subresources: + * Only the web UI supported kinds are defined. + * All supported backend kube subresources: * https://github.com/gravitational/teleport/blob/c86f46db17fe149240e30fa0748621239e36c72a/api/types/constants.go#L1233 + * + * Wildcard means any of the kube subresources. */ -export type KubeResourceKind = 'namespace'; +export type KubeResourceKind = 'namespace' | '*'; /** * Refers to kube_cluster's subresources like namespaces, pods, etc diff --git a/web/packages/teleport/src/services/user/makeUserContext.ts b/web/packages/teleport/src/services/user/makeUserContext.ts index 9aab4e2c9602b..23a7041797839 100644 --- a/web/packages/teleport/src/services/user/makeUserContext.ts +++ b/web/packages/teleport/src/services/user/makeUserContext.ts @@ -54,6 +54,9 @@ function makeAccessCapabilities(json): AccessCapabilities { return { requestableRoles: json.requestableRoles || [], suggestedReviewers: json.suggestedReviewers || [], + requestMode: { + kubernetesResources: json.requestMode?.kubernetesResources || [], + }, }; } diff --git a/web/packages/teleport/src/services/user/types.ts b/web/packages/teleport/src/services/user/types.ts index 150a44cf40b1c..8a36aa101410c 100644 --- a/web/packages/teleport/src/services/user/types.ts +++ b/web/packages/teleport/src/services/user/types.ts @@ -18,6 +18,8 @@ import { Cluster } from 'teleport/services/clusters'; +import { KubeResourceKind } from '../kube'; + export type AuthType = 'local' | 'sso' | 'passwordless'; export interface AccessStrategy { @@ -25,9 +27,18 @@ export interface AccessStrategy { prompt: string; } +interface RequestModeKubeResource { + kind: KubeResourceKind; +} + +interface AccessRequestMode { + kubernetesResources: RequestModeKubeResource[]; +} + export interface AccessCapabilities { requestableRoles: string[]; suggestedReviewers: string[]; + requestMode: AccessRequestMode; } export interface UserContext { diff --git a/web/packages/teleport/src/services/user/user.test.ts b/web/packages/teleport/src/services/user/user.test.ts index 7b65e467e6a0c..bca360d7934f7 100644 --- a/web/packages/teleport/src/services/user/user.test.ts +++ b/web/packages/teleport/src/services/user/user.test.ts @@ -289,7 +289,11 @@ test('undefined values in context response gives proper default values', async ( // Test undefined access strategy is set to default optional. accessStrategy: { type: 'optional', prompt: '' }, // Test undefined roles and reviewers are set to empty arrays. - accessCapabilities: { requestableRoles: [], suggestedReviewers: [] }, + accessCapabilities: { + requestableRoles: [], + suggestedReviewers: [], + requestMode: { kubernetesResources: [] }, + }, allowedSearchAsRoles: [], passwordState: PasswordState.PASSWORD_STATE_UNSPECIFIED, }); diff --git a/web/packages/teleport/src/stores/storeUserContext.ts b/web/packages/teleport/src/stores/storeUserContext.ts index bc054fa2e3df9..1f4e2b6685946 100644 --- a/web/packages/teleport/src/stores/storeUserContext.ts +++ b/web/packages/teleport/src/stores/storeUserContext.ts @@ -19,6 +19,7 @@ import { Store } from 'shared/libs/stores'; import cfg from 'teleport/config'; +import { KubeResourceKind } from 'teleport/services/kube'; import { UserContext } from 'teleport/services/user'; @@ -73,6 +74,12 @@ export default class StoreUserContext extends Store { return this.state.acl.kubeServers; } + getAllowedKubeSubresourceKinds(): KubeResourceKind[] { + const kubeResources = + this.state.accessCapabilities.requestMode.kubernetesResources; + return kubeResources.map(kubeResource => kubeResource.kind); + } + getTokenAccess() { return this.state.acl.tokens; }