Skip to content

Commit

Permalink
use mr cr for rb owner
Browse files Browse the repository at this point in the history
Signed-off-by: gitdallas <[email protected]>
  • Loading branch information
gitdallas committed Jul 9, 2024
1 parent cc6bda6 commit ff4a46b
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 13 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ describe('MR Permissions', () => {
cy.findByTestId('not-found-page').should('exist');
});

it('Redirect if no rolebindings (if valid MR, there will at least be a default)', () => {
it('redirect if no modelregistry', () => {
initIntercepts({ isEmpty: true });
usersTab.visit('example-mr');
cy.url().should('eq', `${Cypress.config().baseUrl}/modelRegistrySettings`);
Expand Down
18 changes: 9 additions & 9 deletions frontend/src/api/k8s/roleBindings.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import {
k8sListResource,
k8sPatchResource,
K8sStatus,
K8sResourceCommon,
} from '@openshift/dynamic-plugin-sdk-utils';
import {
K8sAPIOptions,
Expand All @@ -18,7 +19,7 @@ import { RoleBindingModel } from '~/api/models';
import { genRandomChars } from '~/utilities/string';
import { applyK8sAPIOptions } from '~/api/apiMergeUtils';
import { RoleBindingPermissionsRoleType } from '~/concepts/roleBinding/types';
import { addOwnerReference } from '../k8sUtils';
import { addOwnerReference } from '~/api/k8sUtils';

export const generateRoleBindingServingRuntime = (
name: string,
Expand Down Expand Up @@ -60,13 +61,8 @@ export const generateRoleBindingPermissions = (
[KnownLabels.DASHBOARD_RESOURCE]: 'true',
[KnownLabels.PROJECT_SHARING]: 'true',
},
ownerReference?: K8sResourceCommon,
): RoleBindingKind => {
const roleRef = {
apiGroup: 'rbac.authorization.k8s.io',
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: rbRoleRefKind,
name: rbRoleRefName,
};
const roleBindingObject: RoleBindingKind = {
apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'RoleBinding',
Expand All @@ -75,7 +71,11 @@ export const generateRoleBindingPermissions = (
namespace,
labels: rbLabels,
},
roleRef: roleRef,
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: rbRoleRefKind,
name: rbRoleRefName,
},
subjects: [
{
apiGroup: 'rbac.authorization.k8s.io',
Expand All @@ -84,7 +84,7 @@ export const generateRoleBindingPermissions = (
},
],
};
return addOwnerReference(roleBindingObject, roleRef);
return addOwnerReference(roleBindingObject, ownerReference);
};

export const listRoleBindings = (
Expand Down
5 changes: 5 additions & 0 deletions frontend/src/concepts/roleBinding/RoleBindingPermissions.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import {
EmptyStateHeader,
} from '@patternfly/react-core';
import { ExclamationCircleIcon } from '@patternfly/react-icons';
import { K8sResourceCommon } from '@openshift/dynamic-plugin-sdk-utils';
import { GroupKind, RoleBindingKind, RoleBindingRoleRef } from '~/k8sTypes';
import { ProjectSectionID } from '~/pages/projects/screens/detail/types';
import { ContextResourceData } from '~/types';
Expand All @@ -19,6 +20,7 @@ import { RoleBindingPermissionsRBType, RoleBindingPermissionsRoleType } from './
import { filterRoleBindingSubjects } from './utils';

type RoleBindingPermissionsProps = {
ownerReference?: K8sResourceCommon;
roleBindingPermissionsRB: ContextResourceData<RoleBindingKind>;
defaultRoleBindingName?: string;
permissionOptions: {
Expand All @@ -35,6 +37,7 @@ type RoleBindingPermissionsProps = {
};

const RoleBindingPermissions: React.FC<RoleBindingPermissionsProps> = ({
ownerReference,
roleBindingPermissionsRB,
defaultRoleBindingName,
permissionOptions,
Expand Down Expand Up @@ -84,6 +87,7 @@ const RoleBindingPermissions: React.FC<RoleBindingPermissionsProps> = ({

const userTable = (
<RoleBindingPermissionsTableSection
ownerReference={ownerReference}
defaultRoleBindingName={defaultRoleBindingName}
projectName={projectName}
roleRefKind={roleRefKind}
Expand All @@ -99,6 +103,7 @@ const RoleBindingPermissions: React.FC<RoleBindingPermissionsProps> = ({

const groupTable = (
<RoleBindingPermissionsTableSection
ownerReference={ownerReference}
defaultRoleBindingName={defaultRoleBindingName}
projectName={projectName}
roleRefKind={roleRefKind}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import * as React from 'react';
import { K8sResourceCommon } from '@openshift/dynamic-plugin-sdk-utils';
import { Table } from '~/components/table';
import { RoleBindingKind, RoleBindingRoleRef, RoleBindingSubject } from '~/k8sTypes';
import { deleteRoleBinding, generateRoleBindingPermissions, createRoleBinding } from '~/api';
Expand All @@ -9,6 +10,7 @@ import { firstSubject } from './utils';
import RoleBindingPermissionsTableRowAdd from './RoleBindingPermissionsTableRowAdd';

type RoleBindingPermissionsTableProps = {
ownerReference?: K8sResourceCommon;
subjectKind: RoleBindingSubject['kind'];
namespace: string;
roleRefKind: RoleBindingRoleRef['kind'];
Expand All @@ -28,6 +30,7 @@ type RoleBindingPermissionsTableProps = {
};

const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> = ({
ownerReference,
subjectKind,
namespace,
roleRefKind,
Expand Down Expand Up @@ -65,6 +68,7 @@ const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> =
roleRefName || rbRoleRefName,
roleRefKind,
labels,
ownerReference,
);
createRoleBinding(newRBObject)
.then(() => {
Expand Down Expand Up @@ -96,6 +100,7 @@ const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> =
roleRefName || rbRoleRefName,
roleRefKind,
labels,
ownerReference,
);
createRoleBinding(newRBObject)
.then(() =>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@ import {
StackItem,
Title,
} from '@patternfly/react-core';
import { K8sResourceCommon } from '@openshift/dynamic-plugin-sdk-utils';
import { RoleBindingKind, RoleBindingRoleRef, RoleBindingSubject } from '~/k8sTypes';
import HeaderIcon from '~/concepts/design/HeaderIcon';
import { ProjectObjectType } from '~/concepts/design/utils';
import RoleBindingPermissionsTable from './RoleBindingPermissionsTable';
import { RoleBindingPermissionsRBType, RoleBindingPermissionsRoleType } from './types';

export type RoleBindingPermissionsTableSectionAltProps = {
ownerReference?: K8sResourceCommon;
roleBindings: RoleBindingKind[];
projectName: string;
roleRefKind: RoleBindingRoleRef['kind'];
Expand All @@ -34,6 +36,7 @@ export type RoleBindingPermissionsTableSectionAltProps = {
};

const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSectionAltProps> = ({
ownerReference,
roleBindings,
projectName,
roleRefKind,
Expand Down Expand Up @@ -74,6 +77,7 @@ const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSe
</StackItem>
<StackItem>
<RoleBindingPermissionsTable
ownerReference={ownerReference}
defaultRoleBindingName={defaultRoleBindingName}
permissions={roleBindings}
permissionOptions={permissionOptions}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,25 +10,41 @@ import {
} from '@patternfly/react-core';
import { Link } from 'react-router-dom';
import { Navigate, useParams } from 'react-router';
import { KnownLabels, RoleBindingKind } from '~/k8sTypes';
import { KnownLabels, ModelRegistryKind, RoleBindingKind } from '~/k8sTypes';
import { useGroups } from '~/api';
import RoleBindingPermissions from '~/concepts/roleBinding/RoleBindingPermissions';
import { useContextResourceData } from '~/utilities/useContextResourceData';
import ApplicationsPage from '~/pages/ApplicationsPage';
import { MODEL_REGISTRY_DEFAULT_NAMESPACE } from '~/concepts/modelRegistry/const';
import { SupportedArea } from '~/concepts/areas';
import { RoleBindingPermissionsRoleType } from '~/concepts/roleBinding/types';
import { useModelRegistryNamespaceCR } from '~/concepts/modelRegistry/context/useModelRegistryNamespaceCR';
import useModelRegistryRoleBindings from './useModelRegistryRoleBindings';

const ModelRegistriesManagePermissions: React.FC = () => {
const [activeTabKey, setActiveTabKey] = React.useState('users');
const [ownerReference, setOwnerReference] = React.useState<ModelRegistryKind>();
const [groups] = useGroups();
const roleBindings = useContextResourceData<RoleBindingKind>(useModelRegistryRoleBindings());
const { mrName } = useParams();
const state = useModelRegistryNamespaceCR(MODEL_REGISTRY_DEFAULT_NAMESPACE, mrName || '');
const [modelRegistryCR, crLoaded] = state;
const filteredRoleBindings = roleBindings.data.filter(
(rb) => rb.metadata.labels?.['app.kubernetes.io/name'] === mrName,
);
if (roleBindings.loaded && filteredRoleBindings.length === 0) {

React.useEffect(() => {
if (modelRegistryCR) {
setOwnerReference(modelRegistryCR);
} else {
setOwnerReference(undefined);
}
}, [modelRegistryCR]);

if (
(roleBindings.loaded && filteredRoleBindings.length === 0) ||
(crLoaded && !modelRegistryCR)
) {
return <Navigate to="/modelRegistrySettings" replace />;
}

Expand Down Expand Up @@ -67,6 +83,7 @@ const ModelRegistriesManagePermissions: React.FC = () => {
<TabContent id="users-tab-content" eventKey="users" hidden={activeTabKey !== 'users'}>
<TabContentBody>
<RoleBindingPermissions
ownerReference={ownerReference}
defaultRoleBindingName={`${mrName}-users`}
isGroupFirst
permissionOptions={[
Expand All @@ -89,7 +106,7 @@ const ModelRegistriesManagePermissions: React.FC = () => {
description={
<>
To enable access for all cluster users, add{' '}
<ClipboardCopy variant="inline-compact">system.authenticated</ClipboardCopy> to
<ClipboardCopy variant="inline-compact">system:authenticated</ClipboardCopy> to
the group list.
</>
}
Expand Down

0 comments on commit ff4a46b

Please sign in to comment.