Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow non admin users to manage BSL #6589

Merged
merged 5 commits into from Mar 14, 2024
Merged

Allow non admin users to manage BSL #6589

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
a6f9859
allow other than admins to manage cbsl
ahmadhamzh Mar 7, 2024
b7ead75
add impersonated client
ahmadhamzh Mar 12, 2024
0cc2373
refactor code
ahmadhamzh Mar 13, 2024
543798f
improve errors
moelsayed Mar 14, 2024
b2fc8fd
review comments
moelsayed Mar 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/api/cmd/kubermatic-api/main.go
View file
Open in desktop
Expand Up @@ -410,7 +410,7 @@ func createInitProviders(ctx context.Context, options serverRunOptions, masterCf

featureGatesProvider := kubernetesprovider.NewFeatureGatesProvider(options.featureGates)

backupStorageProvider := backupStorageProviderFactory(client)
backupStorageProvider := backupStorageProviderFactory(defaultImpersonationClient.CreateImpersonatedClient, client)

return providers{
sshKey: sshKeyProvider,
Expand Down
2 changes: 1 addition & 1 deletion modules/api/cmd/kubermatic-api/wrappers_ce.go
View file
Open in desktop
Expand Up @@ -48,6 +48,6 @@ func groupProjectBindingFactory(_ kubernetes.ImpersonationClient, _ ctrlruntimec
return nil
}

func backupStorageProviderFactory(_ ctrlruntimeclient.Client) provider.BackupStorageProvider {
func backupStorageProviderFactory(_ kubernetes.ImpersonationClient, _ ctrlruntimeclient.Client) provider.BackupStorageProvider {
return nil
}
4 changes: 2 additions & 2 deletions modules/api/cmd/kubermatic-api/wrappers_ee.go
View file
Open in desktop
Expand Up @@ -49,6 +49,6 @@ func groupProjectBindingFactory(createMasterImpersonatedClient kubernetes.Impers
return eeapi.GroupProjectBindingProviderFactory(createMasterImpersonatedClient, privilegedClient)
}

func backupStorageProviderFactory(privilegedClient ctrlruntimeclient.Client) provider.BackupStorageProvider {
return eeapi.BackupStorageProviderFactory(privilegedClient)
func backupStorageProviderFactory(createMasterImpersonatedClient kubernetes.ImpersonationClient, privilegedClient ctrlruntimeclient.Client) provider.BackupStorageProvider {
return eeapi.BackupStorageProviderFactory(createMasterImpersonatedClient, privilegedClient)
}
61 changes: 51 additions & 10 deletions modules/api/pkg/ee/clusterbackup/storage-location/handler.go
View file
Open in desktop
Expand Up @@ -96,16 +96,23 @@ const (
displayNameLabelKey = "csbl-display-name"
)

func ListCBSL(ctx context.Context, request interface{}, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) ([]*apiv2.ClusterBackupStorageLocation, error) {
func ListCBSL(ctx context.Context, request interface{}, userInfoGetter provider.UserInfoGetter, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) ([]*apiv2.ClusterBackupStorageLocation, error) {
req, ok := request.(listCbslReq)
if !ok {
return nil, utilerrors.NewBadRequest("invalid request")
}

user, err := userInfoGetter(ctx, req.ProjectID)

if err != nil {
return nil, err
}

labelSet := map[string]string{
kubermaticv1.ProjectIDLabelKey: req.ProjectID,
}

cbslList, err := provider.ListUnsecured(ctx, labelSet)
cbslList, err := provider.ListUnsecured(ctx, user, labelSet)
if err != nil {
return nil, err
}
Expand All @@ -122,20 +129,31 @@ func ListCBSL(ctx context.Context, request interface{}, provider provider.Backup
return resp, nil
}

func GetCSBL(ctx context.Context, request interface{}, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
func GetCSBL(ctx context.Context, request interface{}, userInfoGetter provider.UserInfoGetter, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
req, ok := request.(getCbslReq)
if !ok {
return nil, utilerrors.NewBadRequest("invalid request")
}

user, err := userInfoGetter(ctx, req.ProjectID)

if err != nil {
return nil, err
}

labelSet := map[string]string{
kubermaticv1.ProjectIDLabelKey: req.ProjectID,
}

cbsl, err := provider.GetUnsecured(ctx, req.ClusterBackupStorageLocationName, labelSet)
cbsl, err := provider.GetUnsecured(ctx, user, req.ClusterBackupStorageLocationName, labelSet)
if err != nil {
return nil, err
}

if cbsl == nil {
return nil, nil
}

return &apiv2.ClusterBackupStorageLocation{
Name: cbsl.Name,
DisplayName: cbsl.Labels[displayNameLabelKey],
Expand All @@ -144,18 +162,25 @@ func GetCSBL(ctx context.Context, request interface{}, provider provider.BackupS
}, nil
}

func CreateCBSL(ctx context.Context, request interface{}, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
func CreateCBSL(ctx context.Context, request interface{}, userInfoGetter provider.UserInfoGetter, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
req, ok := request.(createCbslReq)
if !ok {
return nil, utilerrors.NewBadRequest("invalid request")
}

user, err := userInfoGetter(ctx, req.ProjectID)

if err != nil {
return nil, err
}

cbslName := req.Body.Name
cbslSpec := req.Body.CBSLSpec.DeepCopy()
creds := req.Body.Credentials
cbsl := &kubermaticv1.ClusterBackupStorageLocation{
Spec: *cbslSpec,
}
created, err := provider.CreateUnsecured(ctx, cbslName, req.ProjectID, cbsl, creds)
created, err := provider.Create(ctx, user, cbslName, req.ProjectID, cbsl, creds)
if err != nil {
return nil, err
}
Expand All @@ -168,31 +193,47 @@ func CreateCBSL(ctx context.Context, request interface{}, provider provider.Back
}, nil
}

func DeleteCBSL(ctx context.Context, request interface{}, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) error {
func DeleteCBSL(ctx context.Context, request interface{}, userInfoGetter provider.UserInfoGetter, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) error {
req, ok := request.(deleteCbslReq)
if !ok {
return utilerrors.NewBadRequest("invalid request")
}

err := provider.DeleteUnsecured(ctx, req.ClusterBackupStorageLocationName)
user, err := userInfoGetter(ctx, req.ProjectID)

if err != nil {
return err
}

err = provider.Delete(ctx, user, req.ClusterBackupStorageLocationName)
if err != nil {
return err
}

return nil
}

func PatchCBSL(ctx context.Context, request interface{}, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
func PatchCBSL(ctx context.Context, request interface{}, userInfoGetter provider.UserInfoGetter, provider provider.BackupStorageProvider, projectProvider provider.ProjectProvider) (*apiv2.ClusterBackupStorageLocation, error) {
req, ok := request.(patchCbslReq)
if !ok {
return nil, utilerrors.NewBadRequest("invalid request")
}

user, err := userInfoGetter(ctx, req.ProjectID)

if err != nil {
return nil, err
}

cbslSpec := req.Body.CBSLSpec.DeepCopy()
cbsl := &kubermaticv1.ClusterBackupStorageLocation{
Spec: *cbslSpec,
}
patched, err := provider.PatchUnsecured(ctx, req.ClusterBackupStorageLocationName, cbsl, req.Body.Credentials)
patched, err := provider.Patch(ctx, user, req.ClusterBackupStorageLocationName, cbsl, req.Body.Credentials)
if err != nil {
return nil, err
}

if err != nil {
return nil, err
}
Expand Down