Bug 1906898: Missing User RoleBindings in the Project Access Web UI

[debsmita1]

Fixes:
https://issues.redhat.com/browse/ODC-4989
Closes #6836

Analysis / Root cause:
The User info is added in the subjects property of the RoleBinding CR. This subjects is of type array and can have multiple users assigned the same role. So, previously while fetching the users from all the Role Bindings only the first element of subjects was being read

Solution Description:

• go over all the role binding subjects to fetch users
• if the role of one of the grouped subjects is changed, then it is deleted from the grouped subjects & a new role binding is created for that user

Screen shots / Gifs for design review:

Unit test coverage report:
Added new tests

Test setup:
NA

Browser conformance:

• Chrome
• Firefox
• Safari
• Edge

[debsmita1]

/kind bug

[openshift-ci-robot]

@debsmita1: This pull request references Bugzilla bug 1906898, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1906898: Missing User RoleBindings in the Project Access Web UI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[debsmita1]

/cc @andrewballantyne

[jerolimov]

Isn't this a map function? :)

[jerolimov]

Its similar to before, but the result of a map function should be used, otherwise can we switch to a .forEach here? Isn't this similar to this code?

export const getUserRoleBindings = (roleBindings: RoleBinding[]) => {
  const userRoleBindings: UserRoleBinding[] = [];
  roleBindings.forEach(
    (user: RoleBinding) => userRoleBindings.push(...getUsersFromSubject(user)),
  );
  return userRoleBindings;
};

(untested code). Wdyt? :)

[debsmita1]

used _.flatten here
added the test for this util in project-access-form-utils.spec.ts

[jerolimov]

Hmm, not a big fan of changing input parameters in a 'get' helper function. Esp. in this case where getGroupedRole was called with some props we should avoid this.

Did you see an option that this method return new values instead of modifying the input variables?

[debsmita1]

fixed it

[jerolimov]

Why remove this unit tests? The util functions still exist and are not changed, or? So I expect this tests would still run fine?

[debsmita1]

Fixed. Changed the file name to project-access-form-utils.spec.ts

[jerolimov]

@debsmita1 Happy new year and sorry for the late review here. I tested the PR locally and it looks like that everything works fine for the user and I like all these new types 👍

I added some small opinionated ideas and questions. Let me know what your opinion on that points.

[jerolimov]

(just changed review status)

[andrewballantyne]

Your get method is mutating roleBindings. This is not an expected side-effect of get methods.

Also, as discussed before, please make use of filters and finds instead of custom running your own forEach.

[debsmita1]

used find & filter

[andrewballantyne]

A .reduce into an array .push is just a .map.

Suggested change

	const users: UserRoleBinding[] = user.subjects?.reduce((acc, obj) => {
	acc.push({
	roleBindingName: user.metadata.name,
	user: obj.name,
	role: user.roleRef.name,
	});
	return acc;
	}, []);
	return users;
	return user.subjects?.map((obj) => ({
	roleBindingName: user.metadata.name,
	user: obj.name,
	role: user.roleRef.name,
	}));

[andrewballantyne]

For the record (I know this is old code) but .map should always have its response used. Ideally .map has no side-effects if possible.

[andrewballantyne]

Helps to declare what your returns will be when you're mutating and shifting values around. When it's a straight filter or find, and your input type is your output type, it's less of a concern.

In this case you're taking a RoleBinding and creating UserRoleBinding[]. Makes it easier to consume the method without having to read the method.

Suggested change

	export const getUsersFromSubject = (user: RoleBinding) => {
	export const getUsersFromSubject = (user: RoleBinding): UserRoleBinding[] => {

[andrewballantyne]

Suggested change

	(user: RoleBinding) => (userRoleBindings = [...userRoleBindings, ...getUsersFromSubject(user)]),
	return roleBindings.map((user) => getUsersFromSubject(user)).flat();

Two major things here:

1. Don't assign in a return statement (we should probably get a linter to stop this)
2. Avoid mutations in the middle of .map function calls (the purer they are the better they are)

[debsmita1]

yes, I could have used flat here to concatenate the sub-array elements. Thanks!

[andrewballantyne]

Is there a reason you need to remove the matching subject?

[debsmita1]

@andrewballantyne What I am trying to do here is, if I update the role of a user(suppose A) that belongs to grouped subjects(subjects: A, B) then I am removing that user(A) from the group and sending a patch request to update the rolebinding with the user B.

[andrewballantyne]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andrewballantyne, debsmita1

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• frontend/packages/dev-console/OWNERS [andrewballantyne]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@debsmita1: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/kubevirt-plugin	3161484	link	/test kubevirt-plugin

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@debsmita1: This pull request references Bugzilla bug 1906898, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1906898: Missing User RoleBindings in the Project Access Web UI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@debsmita1: All pull requests linked via external trackers have merged:

• openshift/console#7488

Bugzilla bug 1906898 has been moved to the MODIFIED state.

In response to this:

Bug 1906898: Missing User RoleBindings in the Project Access Web UI

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[debsmita1]

/cherry-pick release-4.6

[openshift-cherrypick-robot]

@debsmita1: new pull request created: #8034

In response to this:

/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.