Frontend: PodDetails: Fix wrong verbs#3506
Conversation
|
|
k8s-ci-robot
added
the
cncf-cla: no
|
Welcome @cavus700! |
k8s-ci-robot
added
the
size/XS
skoeva
left a comment
skoeva
left a comment
There was a problem hiding this comment.
Thanks for looking into this issue!
To get any changes reviewed/merged, be sure to sign the CLA linked in the GitHub bot's message. Also, be sure to rebase your feature branch against main to keep things up to date
k8s-ci-robot
added
cncf-cla: yes
|
Hello @skoeva, |
skoeva
left a comment
skoeva
left a comment
There was a problem hiding this comment.
LGTM, thanks for contributing!
|
I think the logic was correct before this PR and the "get" verb should remain in the check. Otherwise if the verb is not part of the role the terminal connection will fail. |
|
Check both? |
k8s-ci-robot
added
size/M
There was a problem hiding this comment.
Pull Request Overview
This PR updates the visibility logic for the “Exec” and “Attach” buttons in PodDetails by adding the correct “create” permission checks on their respective subresources.
- Wrapped the Exec action button in an additional
AuthVisiblerequiringcreateonexec - Wrapped the Attach action button in an additional
AuthVisiblerequiringcreateonattach - Closed the newly added wrappers to ensure both checks apply
Comments suppressed due to low confidence (4)
frontend/src/components/pod/Details.tsx:523
- [nitpick] Consider adding tests to verify that the exec button visibility toggles correctly based on the
createpermission for theexecsubresource.
<AuthVisible item={item} authVerb="create" subresource="exec">
frontend/src/components/pod/Details.tsx:547
- [nitpick] Add tests to ensure the attach button is hidden or shown based on the
createpermission for theattachsubresource.
<AuthVisible item={item} authVerb="create" subresource="attach">
frontend/src/components/pod/Details.tsx:522
- The outer
AuthVisibleis checkinggeton theexecsubresource. It should checkgeton the pod resource itself (nosubresource), and let the inner wrapper handlecreateonexec.
<AuthVisible item={item} authVerb="get" subresource="exec">
frontend/src/components/pod/Details.tsx:546
- Similar to exec, this
getcheck is scoped to theattachsubresource. Move thesubresourceattribute to the inner wrapper and let this outer check validategeton the pod.
<AuthVisible item={item} authVerb="get" subresource="attach">
|
Thanks. Yeah, it does need get and create. kubectl proxy &
[1] 544340
$ Starting to serve on 127.0.0.1:8001
curl http://localhost:8001/api/v1 | jq '.resources[] | select(.name=="pods/exec")'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10742 0 10742 0 0 673k 0 --:--:-- --:--:-- --:--:-- 699k
{
"name": "pods/exec",
"singularName": "",
"namespaced": true,
"kind": "PodExecOptions",
"verbs": [
"create",
"get"
]
}
$
curl http://localhost:8001/api/v1 | jq '.resources[] | select(.name=="pods/attach")'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10742 0 10742 0 0 1839k 0 --:--:-- --:--:-- --:--:-- 2098k
{
"name": "pods/attach",
"singularName": "",
"namespaced": true,
"kind": "PodAttachOptions",
"verbs": [
"create",
"get"
]
} |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cavus700, illume, skoeva The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
github-project-automation
bot
moved this from Queued
to Done
in Headlamp Release Plan / Roadmap
5 participants
This PR fixes the verbs, used to determine if the "exec" and "attach" button is visible in the PodDetails.