Add rolebinding to manage permissions-project tab (kubeflow#1273)

Signed-off-by: ppadti <[email protected]>

Author: ppadti

clients/ui/frontend/src/app/pages/settings/roleBinding/RoleBindingPermissions.tsx

@@ -32,7 +32,6 @@ type RoleBindingPermissionsProps = {
   }[];
   createRoleBinding: (roleBinding: RoleBindingKind) => Promise<RoleBindingKind>;
   deleteRoleBinding: (name: string, namespace: string) => Promise<K8sStatus>;
-
   projectName: string;
   roleRefKind: RoleBindingRoleRef['kind'];
   roleRefName?: RoleBindingRoleRef['name'];

clients/ui/frontend/src/app/pages/settings/roleBinding/RoleBindingPermissionsNameInput.tsx

@@ -1,7 +1,9 @@
 import React from 'react';
 import { TextInput } from '@patternfly/react-core';
 import { RoleBindingSubject, TypeaheadSelect } from 'mod-arch-shared';
+import { ProjectKind } from '~/app/shared/components/types';
 import { RoleBindingPermissionsRBType } from './types';
+import { namespaceToProjectDisplayName } from './utils';
 
 type RoleBindingPermissionsNameInputProps = {
   subjectKind: RoleBindingSubject['kind'];
@@ -10,6 +12,7 @@ type RoleBindingPermissionsNameInputProps = {
   onClear: () => void;
   placeholderText: string;
   typeAhead?: string[];
+  isProjectSubject?: boolean;
 };
 
 const RoleBindingPermissionsNameInput: React.FC<RoleBindingPermissionsNameInputProps> = ({
@@ -19,8 +22,10 @@ const RoleBindingPermissionsNameInput: React.FC<RoleBindingPermissionsNameInputP
   onClear,
   placeholderText,
   typeAhead,
+  isProjectSubject,
 }) => {
-  // TODO: We don't have project context yet and need to add logic to show projects permission tab under manage permissions of MR - might need to move the project-context part to shared library
+  // TODO: We don't have project context yet - might need to move the project-context part to shared library
+  const projects: ProjectKind[] = [];
   if (!typeAhead) {
     return (
       <TextInput
@@ -30,15 +35,19 @@ const RoleBindingPermissionsNameInput: React.FC<RoleBindingPermissionsNameInputP
         type="text"
         value={value}
         placeholder={`Type ${
-          subjectKind === RoleBindingPermissionsRBType.GROUP ? 'group name' : 'username'
+          isProjectSubject
+            ? 'project name'
+            : subjectKind === RoleBindingPermissionsRBType.GROUP
+              ? 'group name'
+              : 'username'
         }`}
         onChange={(e, newValue) => onChange(newValue)}
       />
     );
   }
 
   const selectOptions = typeAhead.map((option) => {
-    const displayName = option;
+    const displayName = isProjectSubject ? namespaceToProjectDisplayName(option, projects) : option;
     return { value: displayName, content: displayName };
   });
   // If we've selected an option that doesn't exist via isCreatable, include it in the options so it remains selected

clients/ui/frontend/src/app/pages/settings/roleBinding/RoleBindingPermissionsTable.tsx

@@ -20,6 +20,7 @@ type RoleBindingPermissionsTableProps = {
   roleRefKind: RoleBindingRoleRef['kind'];
   roleRefName?: RoleBindingRoleRef['name'];
   labels?: { [key: string]: string };
+  isProjectSubject?: boolean;
   defaultRoleBindingName?: string;
   permissions: RoleBindingKind[];
   permissionOptions: {
@@ -46,6 +47,7 @@ const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> =
   permissions,
   permissionOptions,
   typeAhead,
+  isProjectSubject,
   isAdding,
   createRoleBinding,
   deleteRoleBinding,
@@ -109,6 +111,7 @@ const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> =
             key="add-permissions-row"
             subjectKind={subjectKind}
             permissionOptions={permissionOptions}
+            isProjectSubject={isProjectSubject}
             typeAhead={typeAhead}
             isEditing={false}
             isAdding
@@ -130,12 +133,15 @@ const RoleBindingPermissionsTable: React.FC<RoleBindingPermissionsTableProps> =
       }
       rowRenderer={(rb) => (
         <RoleBindingPermissionsTableRow
+          isProjectSubject={isProjectSubject}
           defaultRoleBindingName={defaultRoleBindingName}
           key={rb.metadata.name || ''}
           permissionOptions={permissionOptions}
           roleBindingObject={rb}
           subjectKind={subjectKind}
-          isEditing={firstSubject(rb) === '' || editCell.includes(rb.metadata.name)}
+          isEditing={
+            firstSubject(rb, isProjectSubject) === '' || editCell.includes(rb.metadata.name)
+          }
           isAdding={false}
           typeAhead={typeAhead}
           onChange={(subjectName, rbRoleRefName) => {

clients/ui/frontend/src/app/pages/settings/roleBinding/RoleBindingPermissionsTableRow.tsx

@@ -24,11 +24,13 @@ import {
   RoleBindingSubject,
 } from 'mod-arch-shared';
 import useUser from '~/app/hooks/useUser';
+import { ProjectKind } from '~/app/shared/components/types';
 import {
   castRoleBindingPermissionsRoleType,
   firstSubject,
   roleLabel,
   isCurrentUserChanging,
+  projectDisplayNameToNamespace,
 } from './utils';
 import { RoleBindingPermissionsRoleType } from './types';
 import RoleBindingPermissionsNameInput from './RoleBindingPermissionsNameInput';
@@ -46,13 +48,18 @@ type RoleBindingPermissionsTableRowProps = {
     description: string;
   }[];
   typeAhead?: string[];
+  isProjectSubject?: boolean;
   onChange: (name: string, roleType: RoleBindingPermissionsRoleType) => void;
   onCancel: () => void;
   onEdit?: () => void;
   onDelete?: () => void;
 };
 
-const defaultValueName = (obj: RoleBindingKind) => firstSubject(obj);
+const defaultValueName = (
+  obj: RoleBindingKind,
+  isProjectSubject?: boolean,
+  projects?: ProjectKind[],
+) => firstSubject(obj, isProjectSubject, projects);
 const defaultValueRole = (obj: RoleBindingKind) =>
   castRoleBindingPermissionsRoleType(obj.roleRef.name);
 
@@ -64,19 +71,21 @@ const RoleBindingPermissionsTableRow: React.FC<RoleBindingPermissionsTableRowPro
   defaultRoleBindingName,
   permissionOptions,
   typeAhead,
+  isProjectSubject,
   onChange,
   onCancel,
   onEdit,
   onDelete,
 }) => {
-  // TODO: We don't have project context yet and need to add logic to show projects permission tab under manage permissions of MR - might need to move the project-context part to shared library
+  // TODO: We don't have project context yet - might need to move the project-context part to shared library
+  const projects: ProjectKind[] = React.useMemo(() => [], []);
   const currentUser = useUser();
   const isCurrentUserBeingChanged = isCurrentUserChanging(obj, currentUser.userId);
   const [roleBindingName, setRoleBindingName] = React.useState(() => {
     if (isAdding || !obj) {
       return '';
     }
-    return defaultValueName(obj);
+    return defaultValueName(obj, isProjectSubject, projects);
   });
   const [roleBindingRoleRef, setRoleBindingRoleRef] =
     React.useState<RoleBindingPermissionsRoleType>(() => {
@@ -94,10 +103,14 @@ const RoleBindingPermissionsTableRow: React.FC<RoleBindingPermissionsTableRowPro
   //Sync local state with props if exiting edit mode
   React.useEffect(() => {
     if (!isEditing && obj) {
-      setRoleBindingName(defaultValueName(obj));
+      setRoleBindingName(
+        isProjectSubject
+          ? defaultValueName(obj, isProjectSubject, projects)
+          : defaultValueName(obj),
+      );
       setRoleBindingRoleRef(defaultValueRole(obj));
     }
-  }, [obj, isEditing]);
+  }, [obj, isEditing, isProjectSubject, projects]);
 
   return (
     <>
@@ -112,8 +125,9 @@ const RoleBindingPermissionsTableRow: React.FC<RoleBindingPermissionsTableRowPro
                   setRoleBindingName(selection);
                 }}
                 onClear={() => setRoleBindingName('')}
-                placeholderText="Select a group"
+                placeholderText={isProjectSubject ? 'Select or enter a project' : 'Select a group'}
                 typeAhead={typeAhead}
+                isProjectSubject={isProjectSubject}
               />
             ) : (
               <Content component="p">
@@ -179,7 +193,15 @@ const RoleBindingPermissionsTableRow: React.FC<RoleBindingPermissionsTableRowPro
                         setShowModal(true);
                       } else {
                         setIsLoading(true);
-                        onChange(roleBindingName, roleBindingRoleRef);
+                        onChange(
+                          isProjectSubject
+                            ? `system:serviceaccounts:${projectDisplayNameToNamespace(
+                                roleBindingName,
+                                projects,
+                              )}`
+                            : roleBindingName,
+                          roleBindingRoleRef,
+                        );
                         setIsLoading(false);
                       }
                     }}
@@ -245,7 +267,15 @@ const RoleBindingPermissionsTableRow: React.FC<RoleBindingPermissionsTableRowPro
           }}
           onEdit={() => {
             setIsLoading(true);
-            onChange(roleBindingName, roleBindingRoleRef);
+            onChange(
+              isProjectSubject
+                ? `system:serviceaccounts:${projectDisplayNameToNamespace(
+                    roleBindingName,
+                    projects,
+                  )}`
+                : roleBindingName,
+              roleBindingRoleRef,
+            );
             setIsLoading(false);
             setShowModal(false);
           }}

clients/ui/frontend/src/app/pages/settings/roleBinding/RoleBindingPermissionsTableSection.tsx

@@ -40,6 +40,7 @@ export type RoleBindingPermissionsTableSectionAltProps = {
   typeModifier: string;
   defaultRoleBindingName?: string;
   labels?: { [key: string]: string };
+  isProjectSubject?: boolean;
 };
 
 const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSectionAltProps> = ({
@@ -57,6 +58,7 @@ const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSe
   typeModifier,
   defaultRoleBindingName,
   labels,
+  isProjectSubject,
 }) => {
   const [addField, setAddField] = React.useState(false);
   const [error, setError] = React.useState<React.ReactNode>();
@@ -72,14 +74,20 @@ const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSe
         >
           <HeaderIcon
             type={
-              subjectKind === RoleBindingPermissionsRBType.USER
-                ? ProjectObjectType.user
-                : ProjectObjectType.group
+              isProjectSubject
+                ? ProjectObjectType.project
+                : subjectKind === RoleBindingPermissionsRBType.USER
+                  ? ProjectObjectType.user
+                  : ProjectObjectType.group
             }
           />
           <FlexItem>
             <Title id={`user-permission-${typeModifier}`} headingLevel="h2" size="xl">
-              {subjectKind === RoleBindingPermissionsRBType.USER ? 'Users' : 'Groups'}
+              {isProjectSubject
+                ? 'Projects'
+                : subjectKind === RoleBindingPermissionsRBType.USER
+                  ? 'Users'
+                  : 'Groups'}
             </Title>
           </FlexItem>
         </Flex>
@@ -93,6 +101,7 @@ const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSe
           namespace={projectName}
           roleRefKind={roleRefKind}
           roleRefName={roleRefName}
+          isProjectSubject={isProjectSubject}
           labels={labels}
           subjectKind={subjectKind}
           typeAhead={typeAhead}
@@ -133,7 +142,11 @@ const RoleBindingPermissionsTableSection: React.FC<RoleBindingPermissionsTableSe
           onClick={() => setAddField(true)}
           style={{ paddingLeft: 'var(--pf-t--global--spacer--lg)' }}
         >
-          {subjectKind === RoleBindingPermissionsRBType.USER ? 'Add user' : 'Add group'}
+          {isProjectSubject
+            ? 'Add project'
+            : subjectKind === RoleBindingPermissionsRBType.USER
+              ? 'Add user'
+              : 'Add group'}
         </Button>
       </StackItem>
     </Stack>

clients/ui/frontend/src/app/pages/settings/roleBinding/utils.ts

@@ -1,6 +1,8 @@
 import { capitalize } from '@patternfly/react-core';
 import { RoleBindingKind } from 'mod-arch-shared';
 import { patchRoleBinding } from '~/app/api/k8s';
+import { getDisplayNameFromK8sResource } from '~/app/shared/components/utils';
+import { ProjectKind } from '~/app/shared/components/types';
 import { RoleBindingPermissionsRBType, RoleBindingPermissionsRoleType } from './types';
 
 export const filterRoleBindingSubjects = (
@@ -28,8 +30,17 @@ export const castRoleBindingPermissionsRoleType = (
   return RoleBindingPermissionsRoleType.CUSTOM;
 };
 
-export const firstSubject = (roleBinding: RoleBindingKind): string =>
-  roleBinding.subjects[0]?.name || '';
+export const firstSubject = (
+  roleBinding: RoleBindingKind,
+  isProjectSubject?: boolean,
+  project?: ProjectKind[],
+): string =>
+  (isProjectSubject && project
+    ? namespaceToProjectDisplayName(
+        roleBinding.subjects[0]?.name.replace(/^system:serviceaccounts:/, ''),
+        project,
+      )
+    : roleBinding.subjects[0]?.name) || '';
 
 export const roleLabel = (value: RoleBindingPermissionsRoleType): string => {
   if (value === RoleBindingPermissionsRoleType.EDIT) {
@@ -77,3 +88,21 @@ export const tryPatchRoleBinding = async (
     return false;
   }
 };
+
+export const namespaceToProjectDisplayName = (
+  namespace: string,
+  projects: ProjectKind[],
+): string => {
+  const project = projects.find((p) => p.metadata.name === namespace);
+  return project ? getDisplayNameFromK8sResource(project) : namespace;
+};
+
+export const projectDisplayNameToNamespace = (
+  displayName: string,
+  projects: ProjectKind[],
+): string => {
+  const project = projects.find(
+    (p) => p.metadata.annotations?.['openshift.io/display-name'] === displayName,
+  );
+  return project?.metadata.name || displayName;
+};

clients/ui/frontend/src/app/shared/components/types.ts

@@ -34,3 +34,17 @@ export type K8sDSGResource = K8sResourceCommon & {
     name: string;
   };
 };
+
+export type ProjectKind = K8sResourceCommon & {
+  metadata: {
+    annotations?: DisplayNameAnnotations &
+      Partial<{
+        'openshift.io/requester': string; // the username of the user that requested this project
+      }>;
+    labels?: Record<string, string>;
+    name: string;
+  };
+  status?: {
+    phase: 'Active' | 'Terminating';
+  };
+};