feat: add onContextsPermissions to api

Signed-off-by: Philippe Martin <[email protected]>

Author: feloy

packages/api/src/kubernetes-dashboard-extension-api.d.ts

@@ -36,6 +36,28 @@ export interface ContextsHealthsInfo {
   healths: ContextHealth[];
 }
 
+export interface ContextPermission {
+  contextName: string;
+  // the resource name is a generic string type and not a string literal type, as we want to handle CRDs names
+  resourceName: string;
+  // permitted if allowed and not denied
+  // > When multiple authorization modules are configured, each is checked in sequence.
+  // > If any authorizer approves or denies a request, that decision is immediately returned
+  // > and no other authorizer is consulted. If all modules have no opinion on the request,
+  // > then the request is denied. An overall deny verdict means that the API server rejects
+  // > the request and responds with an HTTP 403 (Forbidden) status.
+  // (source: https://kubernetes.io/docs/reference/access-authn-authz/authorization/)
+  permitted: boolean;
+  // A free-form and optional text reason for the resource being allowed or denied.
+  // We cannot rely on having a reason for every request.
+  // For exemple on Kind cluster, a reason is given only when the access is allowed, no reason is done for denial.
+  reason?: string;
+}
+
+export interface ContextsPermissionsInfo {
+  permissions: ContextPermission[];
+}
+
 export interface AvailableContextsInfo {
   contextNames: string[];
 }
@@ -50,6 +72,7 @@ export interface CurrentContextInfo {
  */
 export interface KubernetesDashboardSubscriber {
   onContextsHealth(listener: (event: ContextsHealthsInfo) => void): Disposable;
+  onContextsPermissions(listener: (event: ContextsPermissionsInfo) => void): Disposable;
   onAvailableContexts(listener: (event: AvailableContextsInfo) => void): Disposable;
   onCurrentContext(listener: (event: CurrentContextInfo) => void): Disposable;
   /**

packages/channels/src/channels.ts

@@ -24,7 +24,6 @@ import type { PortForwardApi } from './interface/port-forward-api';
 import type { SubscribeApi } from './interface/subscribe-api';
 import type { SystemApi } from './interface/system-api';
 import type { ActiveResourcesCountInfo } from './model/active-resources-count-info';
-import type { ContextsPermissionsInfo } from './model/contexts-permissions-info';
 import type { EndpointsInfo } from './model/endpoints-info';
 import type { KubernetesProvidersInfo } from './model/kubernetes-providers-info';
 import type { PodLogsChunk } from './model/pod-logs-chunk';
@@ -38,6 +37,7 @@ import { createRpcChannel } from '@kubernetes-dashboard/rpc';
 import type {
   AvailableContextsInfo,
   ContextsHealthsInfo,
+  ContextsPermissionsInfo,
   CurrentContextInfo,
 } from '@podman-desktop/kubernetes-dashboard-extension-api';
 

packages/channels/src/model/contexts-permissions-info.ts

@@ -20,11 +20,9 @@ export * from './active-resources-count-info';
 export * from './context-resource-events';
 export * from './context-resources-details';
 export * from './context-resources-items';
-export * from './contexts-permissions-info';
 export * from './endpoint';
 export * from './endpoints-info';
 export * from './endpoints-options';
-export * from './kubernetes-contexts-permissions';
 export * from './kubernetes-providers-info';
 export * from './kubernetes-resource-count';
 export * from './kubernetes-troubleshooting';

packages/channels/src/model/index.ts

@@ -38,6 +38,7 @@ import {
   API_SYSTEM,
   AVAILABLE_CONTEXTS,
   CONTEXTS_HEALTHS,
+  CONTEXTS_PERMISSIONS,
   CURRENT_CONTEXT,
   IDisposable,
 } from '@kubernetes-dashboard/channels';
@@ -52,6 +53,7 @@ import { ChannelSubscriber } from '/@/subscriber/channel-subscriber';
 import type {
   AvailableContextsInfo,
   ContextsHealthsInfo,
+  ContextsPermissionsInfo,
   CurrentContextInfo,
   KubernetesDashboardExtensionApi,
   KubernetesDashboardSubscriber,
@@ -140,6 +142,9 @@ export class DashboardExtension {
           onContextsHealth: (listener: (event: ContextsHealthsInfo) => void): IDisposable => {
             return subscriber.subscribe(CONTEXTS_HEALTHS, undefined, listener);
           },
+          onContextsPermissions: (listener: (event: ContextsPermissionsInfo) => void): IDisposable => {
+            return subscriber.subscribe(CONTEXTS_PERMISSIONS, undefined, listener);
+          },
           onAvailableContexts: (listener: (event: AvailableContextsInfo) => void): IDisposable => {
             return subscriber.subscribe(AVAILABLE_CONTEXTS, undefined, listener);
           },

packages/channels/src/model/kubernetes-contexts-permissions.ts

@@ -20,7 +20,8 @@ import { inject, injectable } from 'inversify';
 import type { DispatcherObject } from './util/dispatcher-object';
 import { AbsDispatcherObjectImpl } from './util/dispatcher-object';
 import { ContextsManager } from '/@/manager/contexts-manager';
-import { CONTEXTS_PERMISSIONS, type ContextsPermissionsInfo } from '@kubernetes-dashboard/channels';
+import { CONTEXTS_PERMISSIONS } from '@kubernetes-dashboard/channels';
+import type { ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 @injectable()
 export class ContextsPermissionsDispatcher

packages/extension/src/dashboard-extension.ts

@@ -34,7 +34,6 @@ import type {
   TargetRef,
   Endpoint,
   V1Route,
-  ContextPermission,
   ResourceCount,
   KubernetesTroubleshootingInformation,
 } from '@kubernetes-dashboard/channels';
@@ -76,6 +75,7 @@ import { NamespacesResourceFactory } from '/@/resources/namespaces-resource-fact
 import { EndpointSlicesResourceFactory } from '/@/resources/endpoint-slices-resource-factory.js';
 import { parseAllDocuments, stringify, type Tags } from 'yaml';
 import { writeFile } from 'node:fs/promises';
+import { ContextPermission } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 const HEALTH_CHECK_TIMEOUT_MS = 5_000;
 const DEFAULT_NAMESPACE = 'default';

packages/extension/src/dispatcher/contexts-permissions-dispatcher.ts

@@ -24,15 +24,11 @@ import { beforeEach, describe, expect, test, vi } from 'vitest';
 
 import KubernetesDashboardResourceCard from './DashboardResourceCard.svelte';
 import { FakeStateObject } from '/@/state/util/fake-state-object.svelte';
-import type {
-  ActiveResourcesCountInfo,
-  ResourcesCountInfo,
-  ContextsPermissionsInfo,
-} from '@kubernetes-dashboard/channels';
+import type { ActiveResourcesCountInfo, ResourcesCountInfo } from '@kubernetes-dashboard/channels';
 import { StatesMocks } from '/@/tests/state-mocks';
 import { DependencyMocks } from '/@/tests/dependency-mocks';
 import { Navigator } from '/@/navigation/navigator';
-import type { CurrentContextInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
+import type { CurrentContextInfo, ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 const statesMocks = new StatesMocks();
 const dependencyMocks = new DependencyMocks();

packages/extension/src/manager/contexts-manager.ts

@@ -23,9 +23,12 @@ import KubernetesEmptyScreen from './KubernetesEmptyScreen.svelte';
 import CheckConnection from '/@/component/connection/CheckConnection.svelte';
 import { StatesMocks } from '/@/tests/state-mocks';
 import { FakeStateObject } from '/@/state/util/fake-state-object.svelte';
-import type { ContextsPermissionsInfo } from '@kubernetes-dashboard/channels';
 import NodeIcon from '/@/component/icons/NodeIcon.svelte';
-import type { ContextsHealthsInfo, CurrentContextInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
+import type {
+  ContextsHealthsInfo,
+  CurrentContextInfo,
+  ContextsPermissionsInfo,
+} from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 vi.mock(import('/@/component/connection/CheckConnection.svelte'));