Skip to content

Commit 04ba579

Browse files
YuliaKrimermanYuliaKrimerman
authored
Admin Settings - RBAC - Main view and routes 2 (kubeflow#1247)
* addressed comments Signed-off-by: Yulia Krimerman <[email protected]> * fixed merge conflicts Signed-off-by: Yulia Krimerman <[email protected]> * enabled Create call Signed-off-by: Yulia Krimerman <[email protected]> * addressed comments Signed-off-by: Yulia Krimerman <[email protected]> * addressed latest comments Signed-off-by: Yulia Krimerman <[email protected]> * fixed backend test Signed-off-by: Yulia Krimerman <[email protected]> --------- Signed-off-by: Yulia Krimerman <[email protected]>
1 parent b59a4eb commit 04ba579

24 files changed

+1054
-353
lines changed

clients/ui/bff/internal/api/model_registry_settings_rbac_handler.go

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ import (
55

66
"github.com/julienschmidt/httprouter"
77
"github.com/kubeflow/model-registry/ui/bff/internal/models"
8+
rbacv1 "k8s.io/api/rbac/v1"
89
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
910
// Add other necessary imports like context, slog, helpers etc.
1011
)
@@ -53,6 +54,75 @@ func (app *App) GetRoleBindingsHandler(w http.ResponseWriter, r *http.Request, p
5354
Items: []models.RoleBinding{
5455
{ /* Dummy RoleBinding 1 */ ObjectMeta: metav1.ObjectMeta{Name: "stub-rb-1"}},
5556
{ /* Dummy RoleBinding 2 */ ObjectMeta: metav1.ObjectMeta{Name: "stub-rb-2"}},
57+
{
58+
ObjectMeta: metav1.ObjectMeta{
59+
Name: "model-registry-permissions",
60+
Labels: map[string]string{
61+
"app.kubernetes.io/name": "model-registry",
62+
"app": "model-registry",
63+
"app.kubernetes.io/component": "model-registry",
64+
"app.kubernetes.io/part-of": "model-registry",
65+
},
66+
},
67+
Subjects: []rbacv1.Subject{
68+
{
69+
Kind: "User",
70+
Name: "admin-user",
71+
APIGroup: "rbac.authorization.k8s.io",
72+
},
73+
},
74+
RoleRef: rbacv1.RoleRef{
75+
Kind: "Role",
76+
Name: "registry-user-model-registry",
77+
APIGroup: "rbac.authorization.k8s.io",
78+
},
79+
},
80+
{
81+
ObjectMeta: metav1.ObjectMeta{
82+
Name: "model-registry-dora-permissions",
83+
Labels: map[string]string{
84+
"app.kubernetes.io/name": "model-registry-dora",
85+
"app": "model-registry-dora",
86+
"app.kubernetes.io/component": "model-registry",
87+
"app.kubernetes.io/part-of": "model-registry",
88+
},
89+
},
90+
Subjects: []rbacv1.Subject{
91+
{
92+
Kind: "User",
93+
Name: "dora-user",
94+
APIGroup: "rbac.authorization.k8s.io",
95+
},
96+
},
97+
RoleRef: rbacv1.RoleRef{
98+
Kind: "Role",
99+
Name: "registry-user-model-registry-dora",
100+
APIGroup: "rbac.authorization.k8s.io",
101+
},
102+
},
103+
{
104+
ObjectMeta: metav1.ObjectMeta{
105+
Name: "model-registry-bella-permissions",
106+
Labels: map[string]string{
107+
"app.kubernetes.io/name": "model-registry-bella",
108+
"app": "model-registry-bella",
109+
"app.kubernetes.io/component": "model-registry",
110+
"app.kubernetes.io/part-of": "model-registry",
111+
},
112+
},
113+
Subjects: []rbacv1.Subject{
114+
{
115+
Kind: "Group",
116+
Name: "bella-team",
117+
APIGroup: "rbac.authorization.k8s.io",
118+
},
119+
},
120+
RoleRef: rbacv1.RoleRef{
121+
Kind: "Role",
122+
Name: "registry-user-model-registry-bella",
123+
APIGroup: "rbac.authorization.k8s.io",
124+
},
125+
},
56126
},
57127
},
58128
}

clients/ui/bff/internal/api/model_registry_settings_rbac_handler_test.go

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,27 @@ var _ = Describe("TestRoleBindingHandlers", func() {
5656
Expect(err).NotTo(HaveOccurred())
5757

5858
Expect(rr.Code).To(Equal(http.StatusOK))
59-
Expect(actual.Data.Items).To(HaveLen(2))
59+
Expect(actual.Data.Items).To(HaveLen(5))
60+
61+
// Check the first two stub role bindings
6062
Expect(actual.Data.Items[0].Name).To(Equal("stub-rb-1"))
6163
Expect(actual.Data.Items[1].Name).To(Equal("stub-rb-2"))
64+
65+
// Check model-registry permissions role binding
66+
Expect(actual.Data.Items[2].Name).To(Equal("model-registry-permissions"))
67+
Expect(actual.Data.Items[2].Labels["app.kubernetes.io/name"]).To(Equal("model-registry"))
68+
Expect(actual.Data.Items[2].Subjects[0].Name).To(Equal("admin-user"))
69+
70+
// Check dora permissions role binding
71+
Expect(actual.Data.Items[3].Name).To(Equal("model-registry-dora-permissions"))
72+
Expect(actual.Data.Items[3].Labels["app.kubernetes.io/name"]).To(Equal("model-registry-dora"))
73+
Expect(actual.Data.Items[3].Subjects[0].Name).To(Equal("dora-user"))
74+
75+
// Check bella permissions role binding
76+
Expect(actual.Data.Items[4].Name).To(Equal("model-registry-bella-permissions"))
77+
Expect(actual.Data.Items[4].Labels["app.kubernetes.io/name"]).To(Equal("model-registry-bella"))
78+
Expect(actual.Data.Items[4].Subjects[0].Name).To(Equal("bella-team"))
79+
Expect(actual.Data.Items[4].Subjects[0].Kind).To(Equal("Group"))
6280
})
6381

6482
It("should create a role binding", func() {

0 commit comments

Comments
 (0)