Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1826808: added endpoint to fetch duck typed knative event source crds #4945

Merged
merged 2 commits into from Apr 24, 2020
Merged

Bug 1826808: added endpoint to fetch duck typed knative event source crds #4945

merged 2 commits into from Apr 24, 2020

Conversation

abhi-kn
Copy link
Contributor

@abhi-kn abhi-kn commented Apr 7, 2020
edited

Fixes:
https://issues.redhat.com/browse/ODC-3398

Analysis / Root cause:
Need a new end point in console that specifically returns metadata for all knative event source CRDs. This shall allow an unprivileged user to access this information without read access to CRDs.

Solution Description:
Added an end point /api/console/knative-event-sources to fetch all duck typed event source CRDs. Updated ResourceLister handler to propagate response error status as is & also added a ResponseFilter function to filter any response before propagation.
In order to allow an unprivileged user to get this information without read access to CRDs, new RBAC has been added in console-operator to authorise service account to list CRDs. Ref PR: openshift/console-operator#413

Screen shots / Gifs for design review:
N/A

Unit test coverage report:
N/A

Test setup:
Need to build backend & console-operator to test above API
Note: In off-cluster mode, user token shall be used & hence user need to be authorised to verify this API. Whereas for in-cluster mode, service account shall be used & it has RBAC to authorise for unprivileged user.

Browser conformance:
N/A

@openshift-ci-robot openshift-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. component/backend Related to backend labels Apr 7, 2020
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 7, 2020

/assign @spadgett

@abhi-kn abhi-kn mentioned this pull request Apr 13, 2020
Merged
@abhi-kn abhi-kn force-pushed the event_source_crd branch 2 times, most recently from a00f66e to b604805 Compare April 14, 2020 15:49
@abhi-kn abhi-kn changed the title [WIP] added endpoint to fetch duck typed event source crds added endpoint to fetch duck typed knative event source crds Apr 14, 2020
@openshift-ci-robot openshift-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 14, 2020
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 14, 2020

/assign @christianvogt

@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 15, 2020

/assign @invincibleJai

@invincibleJai
Copy link
Member

invincibleJai commented Apr 15, 2020
edited

Verified locally and in-cluster mode

in in-cluster mode

  • it works for un-privileged user
  • it works for kubeadmin

in off-cluster (localhost)

  • kubeadmin works as expected
  • for non Admin (un privileged user) won't work out of the box

@abhi-kn Thanks , i was able to verify the changes

@spadgett
Copy link
Member

It would be better if we could only return the group/version/kind in the response instead of the entire resource. That way we don't leak additional information about the CRD that you wouldn't otherwise be able to see.

@andrewballantyne
Copy link
Contributor

/kind feature

@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Apr 16, 2020
@abhi-kn abhi-kn force-pushed the event_source_crd branch 2 times, most recently from 9229c59 to 491dde0 Compare April 17, 2020 19:28
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 17, 2020

It would be better if we could only return the group/version/kind in the response instead of the entire resource. That way we don't leak additional information about the CRD that you wouldn't otherwise be able to see.

Added ResponseFilter function to prune partial metadata data before propagating CRD response.

spadgett
spadgett reviewed Apr 17, 2020
View reviewed changes
pkg/server/resource_lister.go Outdated Show resolved Hide resolved
pkg/server/server.go Outdated Show resolved Hide resolved
pkg/serverutils/crdutils.go Outdated Show resolved Hide resolved
pkg/serverutils/crdutils.go Outdated Show resolved Hide resolved
pkg/serverutils/crdutils.go Outdated Show resolved Hide resolved
pkg/serverutils/crdutils.go Outdated Show resolved Hide resolved
pkg/serverutils/crdutils.go Outdated Show resolved Hide resolved
@spadgett
Copy link
Member

@benjaminapetersen it might be good for you to look since you know go better

@abhi-kn abhi-kn force-pushed the event_source_crd branch 2 times, most recently from 916b400 to e03c6f1 Compare April 17, 2020 23:41
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 18, 2020

/retest

1 similar comment
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 18, 2020

/retest

jhadvig
jhadvig requested changes Apr 20, 2020
View reviewed changes
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
pkg/server/server.go Outdated Show resolved Hide resolved
pkg/serverutils/knative_event_source_utils.go Outdated Show resolved Hide resolved
@abhi-kn abhi-kn changed the title added endpoint to fetch duck typed knative event source crds Bug 1826808: added endpoint to fetch duck typed knative event source crds Apr 22, 2020
@openshift-ci-robot openshift-ci-robot added bugzilla/unspecified bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Apr 22, 2020
@openshift-ci-robot
Copy link
Contributor

@abhi-kn: This pull request references Bugzilla bug 1826808, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1826808: added endpoint to fetch duck typed knative event source crds

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@abhi-kn abhi-kn force-pushed the event_source_crd branch 2 times, most recently from 61c7b18 to d82b834 Compare April 23, 2020 19:51
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 23, 2020

/retest

2 similar comments
@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 24, 2020

/retest

@abhi-kn
Copy link
Contributor Author

abhi-kn commented Apr 24, 2020

/retest

stlaz
stlaz suggested changes Apr 24, 2020
View reviewed changes
pkg/server/resource_lister.go Outdated Show resolved Hide resolved
pkg/server/resource_lister.go Outdated Show resolved Hide resolved
spadgett
spadgett approved these changes Apr 24, 2020
View reviewed changes
Copy link
Member

@spadgett spadgett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve
/lgtm

@spadgett spadgett removed the kind/feature Categorizes issue or PR as related to a new feature. label Apr 24, 2020
@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 24, 2020
@spadgett
Copy link
Member

/bugzilla refresh

@openshift-ci-robot
Copy link
Contributor

@spadgett: This pull request references Bugzilla bug 1826808, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abhi-kn, jhadvig, spadgett, stlaz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 24, 2020
benjaminapetersen
benjaminapetersen reviewed Apr 24, 2020
View reviewed changes
pkg/knative/utils.go
Storage bool `json:"storage" protobuf:"varint,3,opt,name=storage"`
}

// EventSourceSpec describes how a user wants their resource to appear
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit, you could put the types in a types.go and the utils in a separate file, but not a big deal unless you keep adding to this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. Hope its fine if I consider it in next change set!

@openshift-merge-robot openshift-merge-robot merged commit 2d2e411 into openshift:master Apr 24, 2020
@openshift-ci-robot
Copy link
Contributor

@abhi-kn: All pull requests linked via external trackers have merged: openshift/console#4945. Bugzilla bug 1826808 has been moved to the MODIFIED state.

In response to this:

Bug 1826808: added endpoint to fetch duck typed knative event source crds

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spadgett spadgett added this to the v4.5 milestone Apr 24, 2020
@abhi-kn abhi-kn mentioned this pull request May 5, 2020
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benjaminapetersen benjaminapetersen benjaminapetersen left review comments

@christianvogt christianvogt christianvogt left review comments

@stlaz stlaz stlaz approved these changes

@spadgett spadgett spadgett approved these changes

@jhadvig jhadvig jhadvig approved these changes

@rhamilto rhamilto Awaiting requested review from rhamilto

Assignees

@spadgett spadgett

@invincibleJai invincibleJai

@christianvogt christianvogt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. component/backend Related to backend lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
v4.5
Development

Successfully merging this pull request may close these issues.

None yet
10 participants
@abhi-kn @invincibleJai @spadgett @andrewballantyne @christianvogt @openshift-ci-robot @benjaminapetersen @stlaz @jhadvig @openshift-merge-robot