From 91d285abf94247fe5b14dd82d9c8ce8a9db3528b Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Mon, 18 Nov 2024 00:00:45 -0800 Subject: [PATCH] fix Signed-off-by: Tamal Saha --- README.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- pkg/graph/renderer.go | 6 +++++- pkg/graph/setup.go | 10 ++++++++++ pkg/registry/meta/render/storage.go | 4 ++-- pkg/registry/meta/renderdashboard/storage.go | 2 +- pkg/registry/meta/resourcequery/storage.go | 4 ++-- vendor/kmodules.xyz/client-go/client/delegated.go | 11 ++++++++++- vendor/modules.txt | 2 +- 10 files changed, 35 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2540eba6f..8ca7009bd 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ helm install kube-ui-server appscode/kube-ui-server ## Usage ```console -$ kubectl create -f artifacts/whoami.yaml -o yaml +$ kubectl create -f artifacts/whoami.yaml -o yaml --validate=false apiVersion: authentication.k8s.io/v1 kind: SelfSubjectReview diff --git a/go.mod b/go.mod index f69e8663c..34209b33c 100644 --- a/go.mod +++ b/go.mod @@ -47,7 +47,7 @@ require ( k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 kmodules.xyz/apiversion v0.2.0 kmodules.xyz/authorizer v0.29.1 - kmodules.xyz/client-go v0.30.38-0.20241117075231-750051a8f0b9 + kmodules.xyz/client-go v0.30.38-0.20241118085432-c54b8a32c3c5 kmodules.xyz/custom-resources v0.30.0 kmodules.xyz/go-containerregistry v0.0.12 kmodules.xyz/monitoring-agent-api v0.30.2 diff --git a/go.sum b/go.sum index 41973f54d..5bf7b8825 100644 --- a/go.sum +++ b/go.sum @@ -927,8 +927,8 @@ kmodules.xyz/apiversion v0.2.0 h1:vAQYqZFm4xu4pbB1cAdHbFEPES6EQkcR4wc06xdTOWk= kmodules.xyz/apiversion v0.2.0/go.mod h1:oPX8g8LvlPdPX3Yc5YvCzJHQnw3YF/X4/jdW0b1am80= kmodules.xyz/authorizer v0.29.1 h1:uByGGoryKbZcfiEAhjcK/Y345I9mygNQP7DVpkMbNQQ= kmodules.xyz/authorizer v0.29.1/go.mod h1:kZRhclL8twzyt2bQuJQJbpYww2sc+qFr8I5PPoq/sWY= -kmodules.xyz/client-go v0.30.38-0.20241117075231-750051a8f0b9 h1:8qSZylUUBcY1rKlVLgm3mRjw3/mG8QT0tSuCCflmIeU= -kmodules.xyz/client-go v0.30.38-0.20241117075231-750051a8f0b9/go.mod h1:CAu+JlA8RVGtj6LQHu0Q1w2mnFUajuti49c7T1AvGdM= +kmodules.xyz/client-go v0.30.38-0.20241118085432-c54b8a32c3c5 h1:HC1VTk5wkfctbx8Con82exu+/zvYVFvWsqPjaEwuNiQ= +kmodules.xyz/client-go v0.30.38-0.20241118085432-c54b8a32c3c5/go.mod h1:CAu+JlA8RVGtj6LQHu0Q1w2mnFUajuti49c7T1AvGdM= kmodules.xyz/crd-schema-fuzz v0.29.1 h1:zJTlWYOrT5dsVVHW8HGcnR/vaWfxQfNh11QwTtkYpcs= kmodules.xyz/crd-schema-fuzz v0.29.1/go.mod h1:n708z9YQqLMP2KNLQVgBcRJw1QpSWLvpNCEi+KJDOYE= kmodules.xyz/custom-resources v0.30.0 h1:vR3CbseHMLwR4GvtcJJuRuwIV8voKqFqNii27rMcm1o= diff --git a/pkg/graph/renderer.go b/pkg/graph/renderer.go index 05a06503f..067164c1c 100644 --- a/pkg/graph/renderer.go +++ b/pkg/graph/renderer.go @@ -222,7 +222,11 @@ func renderPageBlock(ctx context.Context, kc client.Client, oc openvizcs.Interfa } func _renderPageBlock(ctx context.Context, kc client.Client, oc openvizcs.Interface, srcRID *kmapi.ResourceID, srcObj *unstructured.Unstructured, block *rsapi.PageBlockLayout, convertToTable bool) (*rsapi.PageBlockView, error) { - cc, err := getClient(ctx, kc, block.Impersonate) + var impersonate bool + if block != nil && block.ResourceLocator != nil && block.Impersonate { + impersonate = true + } + cc, err := getClient(ctx, kc, impersonate) if err != nil { return nil, err } diff --git a/pkg/graph/setup.go b/pkg/graph/setup.go index 46878ca19..b299aed0a 100644 --- a/pkg/graph/setup.go +++ b/pkg/graph/setup.go @@ -339,8 +339,18 @@ func getClient(ctx context.Context, kc client.Client, impersonate bool) (client. return kc, nil } + fmt.Printf("impersonating: %v\n", u.GetName()) + if rw, ok := kc.(*cu.DelegatingClient); ok { return rw.Impersonate(u) } return nil, fmt.Errorf("can't impersonate client") } + +func NewUserContext(in context.Context) context.Context { + ctx := context.TODO() + if u, ok := request.UserFrom(in); ok { + ctx = request.WithUser(ctx, u) + } + return ctx +} diff --git a/pkg/registry/meta/render/storage.go b/pkg/registry/meta/render/storage.go index fb83c41fc..bad2974f2 100644 --- a/pkg/registry/meta/render/storage.go +++ b/pkg/registry/meta/render/storage.go @@ -107,7 +107,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat autoColumns = true } - bv, err := graph.RenderPageBlock(ctx, r.kc, r.oc, req.Source, req.Block, req.ConvertToTable) + bv, err := graph.RenderPageBlock(graph.NewUserContext(ctx), r.kc, r.oc, req.Source, req.Block, req.ConvertToTable) if err != nil { return nil, err } @@ -121,7 +121,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat renderBlocks.Insert(string(k)) } rv, err := graph.RenderLayout( - ctx, + graph.NewUserContext(ctx), r.kc, r.oc, req.Source, diff --git a/pkg/registry/meta/renderdashboard/storage.go b/pkg/registry/meta/renderdashboard/storage.go index 0393765d2..239eff6da 100644 --- a/pkg/registry/meta/renderdashboard/storage.go +++ b/pkg/registry/meta/renderdashboard/storage.go @@ -132,7 +132,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat } } - dg, err := graph.RenderDashboard(ctx, r.kc, r.oc, rd, src, req.EmbeddedLink) + dg, err := graph.RenderDashboard(graph.NewUserContext(ctx), r.kc, r.oc, rd, src, req.EmbeddedLink) if err != nil { return nil, err } diff --git a/pkg/registry/meta/resourcequery/storage.go b/pkg/registry/meta/resourcequery/storage.go index b03df2cd3..2dfa724fc 100644 --- a/pkg/registry/meta/resourcequery/storage.go +++ b/pkg/registry/meta/resourcequery/storage.go @@ -106,7 +106,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat src := kmapi.NewObjectID(&out) if req.OutputFormat == rsapi.OutputFormatRef { - _, refs, err := graph.ExecRawQuery(ctx, r.kc, src.OID(), *req.Target) + _, refs, err := graph.ExecRawQuery(graph.NewUserContext(ctx), r.kc, src.OID(), *req.Target) if err != nil { return nil, err } @@ -116,7 +116,7 @@ func (r *Storage) Create(ctx context.Context, obj runtime.Object, _ rest.Validat } in.Response = &runtime.RawExtension{Raw: data} } else { - rid2, items, err := graph.ExecQuery(ctx, r.kc, src.OID(), *req.Target) + rid2, items, err := graph.ExecQuery(graph.NewUserContext(ctx), r.kc, src.OID(), *req.Target) if err != nil { return nil, err } diff --git a/vendor/kmodules.xyz/client-go/client/delegated.go b/vendor/kmodules.xyz/client-go/client/delegated.go index 445ecf09d..f8bf7a660 100644 --- a/vendor/kmodules.xyz/client-go/client/delegated.go +++ b/vendor/kmodules.xyz/client-go/client/delegated.go @@ -106,7 +106,16 @@ func (d *DelegatingClient) Impersonate(u user.Info) (client.Client, error) { Groups: u.GetGroups(), Extra: u.GetExtra(), } - return NewClient(config, d.options) + // share the transport between all clients + httpClient, err := restclient.HTTPClientFor(config) + if err != nil { + return nil, err + } + + optionsShallowCopy := d.options + optionsShallowCopy.HTTPClient = httpClient + + return NewClient(config, optionsShallowCopy) } // GroupVersionKindFor returns the GroupVersionKind for the given object. diff --git a/vendor/modules.txt b/vendor/modules.txt index d22d6c44f..6fe27e7aa 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2020,7 +2020,7 @@ kmodules.xyz/authorizer/apiserver kmodules.xyz/authorizer/rbac kmodules.xyz/authorizer/rbac/helpers kmodules.xyz/authorizer/rbac/validation -# kmodules.xyz/client-go v0.30.38-0.20241117075231-750051a8f0b9 +# kmodules.xyz/client-go v0.30.38-0.20241118085432-c54b8a32c3c5 ## explicit; go 1.22.0 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1