feat: add onContextsPermissions to API (#451)

Signed-off-by: Philippe Martin <[email protected]>

Author: feloy

packages/api/src/kubernetes-dashboard-extension-api.d.ts

@@ -36,6 +36,28 @@ export interface ContextsHealthsInfo {
   healths: ContextHealth[];
 }
 
+export interface ContextPermission {
+  contextName: string;
+  // the resource name is a generic string type and not a string literal type, as we want to handle CRDs names
+  resourceName: string;
+  // permitted if allowed and not denied
+  // > When multiple authorization modules are configured, each is checked in sequence.
+  // > If any authorizer approves or denies a request, that decision is immediately returned
+  // > and no other authorizer is consulted. If all modules have no opinion on the request,
+  // > then the request is denied. An overall deny verdict means that the API server rejects
+  // > the request and responds with an HTTP 403 (Forbidden) status.
+  // (source: https://kubernetes.io/docs/reference/access-authn-authz/authorization/)
+  permitted: boolean;
+  // A free-form and optional text reason for the resource being allowed or denied.
+  // We cannot rely on having a reason for every request.
+  // For exemple on Kind cluster, a reason is given only when the access is allowed, no reason is done for denial.
+  reason?: string;
+}
+
+export interface ContextsPermissionsInfo {
+  permissions: ContextPermission[];
+}
+
 /**
  * The subscriber for the events emitted by the Kubernetes Dashboard extension.
  */
@@ -44,6 +66,10 @@ export interface KubernetesDashboardSubscriber {
    * Subscribes to the events emitted every time the health of the contexts changes.
    */
   onContextsHealth(listener: (event: ContextsHealthsInfo) => void): Disposable;
+  /**
+   * Subscribes to the events emitted every time the permissions of the contexts change.
+   */
+  onContextsPermissions(listener: (event: ContextsPermissionsInfo) => void): Disposable;
   /**
    * Disposes the subscriber and unsubscribes from all the events emitted by the Kubernetes Dashboard extension.
    */

packages/channels/src/channels.ts

@@ -25,7 +25,6 @@ import type { SubscribeApi } from './interface/subscribe-api';
 import type { SystemApi } from './interface/system-api';
 import type { ActiveResourcesCountInfo } from './model/active-resources-count-info';
 import type { AvailableContextsInfo } from './model/available-contexts-info';
-import type { ContextsPermissionsInfo } from './model/contexts-permissions-info';
 import type { CurrentContextInfo } from './model/current-context-info';
 import type { EndpointsInfo } from './model/endpoints-info';
 import type { KubernetesProvidersInfo } from './model/kubernetes-providers-info';
@@ -37,7 +36,7 @@ import type { ResourceEventsInfo } from './model/resource-events-info';
 import type { ResourcesCountInfo } from './model/resources-count-info';
 import type { UpdateResourceInfo } from './model/update-resource-info';
 import { createRpcChannel } from '@kubernetes-dashboard/rpc';
-import type { ContextsHealthsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
+import type { ContextsHealthsInfo, ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 // RPC channels (used by the webview to send requests to the extension)
 export const API_CONTEXTS = createRpcChannel<ContextsApi>('ContextsApi');

packages/channels/src/model/contexts-permissions-info.ts

@@ -21,12 +21,10 @@ export * from './available-contexts-info';
 export * from './context-resource-events';
 export * from './context-resources-details';
 export * from './context-resources-items';
-export * from './contexts-permissions-info';
 export * from './current-context-info';
 export * from './endpoint';
 export * from './endpoints-info';
 export * from './endpoints-options';
-export * from './kubernetes-contexts-permissions';
 export * from './kubernetes-providers-info';
 export * from './kubernetes-resource-count';
 export * from './kubernetes-troubleshooting';

packages/channels/src/model/index.ts

@@ -37,6 +37,7 @@ import {
   API_SUBSCRIBE,
   API_SYSTEM,
   CONTEXTS_HEALTHS,
+  CONTEXTS_PERMISSIONS,
   IDisposable,
 } from '@kubernetes-dashboard/channels';
 import { SystemApiImpl } from './manager/system-api';
@@ -49,6 +50,7 @@ import { KubernetesProvidersManager } from '/@/manager/kubernetes-providers';
 import { ChannelSubscriber } from '/@/subscriber/channel-subscriber';
 import type {
   ContextsHealthsInfo,
+  ContextsPermissionsInfo,
   KubernetesDashboardExtensionApi,
   KubernetesDashboardSubscriber,
 } from '@podman-desktop/kubernetes-dashboard-extension-api';
@@ -136,6 +138,9 @@ export class DashboardExtension {
           onContextsHealth: (listener: (event: ContextsHealthsInfo) => void): IDisposable => {
             return subscriber.subscribe(CONTEXTS_HEALTHS, undefined, listener);
           },
+          onContextsPermissions: (listener: (event: ContextsPermissionsInfo) => void): IDisposable => {
+            return subscriber.subscribe(CONTEXTS_PERMISSIONS, undefined, listener);
+          },
           dispose: () => {
             subscriber.dispose();
           },

packages/channels/src/model/kubernetes-contexts-permissions.ts

@@ -20,7 +20,8 @@ import { inject, injectable } from 'inversify';
 import type { DispatcherObject } from './util/dispatcher-object';
 import { AbsDispatcherObjectImpl } from './util/dispatcher-object';
 import { ContextsManager } from '/@/manager/contexts-manager';
-import { CONTEXTS_PERMISSIONS, type ContextsPermissionsInfo } from '@kubernetes-dashboard/channels';
+import { CONTEXTS_PERMISSIONS } from '@kubernetes-dashboard/channels';
+import type { ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 @injectable()
 export class ContextsPermissionsDispatcher

packages/extension/src/dashboard-extension.ts

@@ -34,7 +34,6 @@ import type {
   TargetRef,
   Endpoint,
   V1Route,
-  ContextPermission,
   ResourceCount,
   KubernetesTroubleshootingInformation,
 } from '@kubernetes-dashboard/channels';
@@ -76,6 +75,7 @@ import { NamespacesResourceFactory } from '/@/resources/namespaces-resource-fact
 import { EndpointSlicesResourceFactory } from '/@/resources/endpoint-slices-resource-factory.js';
 import { parseAllDocuments, stringify, type Tags } from 'yaml';
 import { writeFile } from 'node:fs/promises';
+import { ContextPermission } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 const HEALTH_CHECK_TIMEOUT_MS = 5_000;
 const DEFAULT_NAMESPACE = 'default';

packages/extension/src/dispatcher/contexts-permissions-dispatcher.ts

@@ -24,15 +24,11 @@ import { beforeEach, describe, expect, test, vi } from 'vitest';
 
 import KubernetesDashboardResourceCard from './DashboardResourceCard.svelte';
 import { FakeStateObject } from '/@/state/util/fake-state-object.svelte';
-import type {
-  CurrentContextInfo,
-  ActiveResourcesCountInfo,
-  ResourcesCountInfo,
-  ContextsPermissionsInfo,
-} from '@kubernetes-dashboard/channels';
+import type { CurrentContextInfo, ActiveResourcesCountInfo, ResourcesCountInfo } from '@kubernetes-dashboard/channels';
 import { StatesMocks } from '/@/tests/state-mocks';
 import { DependencyMocks } from '/@/tests/dependency-mocks';
 import { Navigator } from '/@/navigation/navigator';
+import type { ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 const statesMocks = new StatesMocks();
 const dependencyMocks = new DependencyMocks();

packages/extension/src/manager/contexts-manager.ts

@@ -23,9 +23,9 @@ import KubernetesEmptyScreen from './KubernetesEmptyScreen.svelte';
 import CheckConnection from '/@/component/connection/CheckConnection.svelte';
 import { StatesMocks } from '/@/tests/state-mocks';
 import { FakeStateObject } from '/@/state/util/fake-state-object.svelte';
-import type { CurrentContextInfo, ContextsPermissionsInfo } from '@kubernetes-dashboard/channels';
+import type { CurrentContextInfo } from '@kubernetes-dashboard/channels';
 import NodeIcon from '/@/component/icons/NodeIcon.svelte';
-import type { ContextsHealthsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
+import type { ContextsHealthsInfo, ContextsPermissionsInfo } from '@podman-desktop/kubernetes-dashboard-extension-api';
 
 vi.mock(import('/@/component/connection/CheckConnection.svelte'));