New package repository API endpoint to provide repositories permissions #5521

castelblanque · 2022-10-20T09:19:33Z

Summary
New package repository API endpoint to provide a summary of user's permission on repositories CRDs

Background and rationale
Currently UI is making multiple 'canI' calls to retrieve which permissions the user has related to repositories.
Everything is grouped in the TS function getRepositoriesPermissions.
The resources involved are different per plugin: Helm is about kubeapps.com and apprepositories, Carvel is about packaging.carvel.dev and packagerepositories, etc.

The current setup is inefficient, as multiple canI calls are performed at the same time. And also UI has to know the resource names, groups, verbs...from the underlying K8s.

Description
Add a new API endpoint in package repository API that will provide permissions for the current user:

Per plugin
- For the specified namespace
- For the global namespace
For verbs
- list
- update
- create
- delete
- get

Input for the request:

Namespace
Auth token in header

Response of the request:
Similar to the structure in TS.

interface IResourcePermission {
  list: boolean;
  create: boolean;
  update: boolean;
  delete: boolean;
  get: boolean;
  namespace: string;
}

interface IPackageRepositoryPermission {
  global: IResourcePermission;
  namespaced: IResourcePermission;
  plugin: Plugin;
}

Acceptance criteria

Implemented new API endpoint in core and plugins for repositories to return permissions of the user to operate with package repositories resources.

Additional context
See comment in the originating PR #5480.

The text was updated successfully, but these errors were encountered:

### Description of the change Adds a new procedure `GetPackageRepositoryPermissions` in the repositories API that allows to get the permissions for the current user with regards to package repositories. Returned structure of data is (per plugin): - Global permissions (no namespace). Verbs allowed (`get`, `list`, etc.) - Same as above but specific for a namespace, if specified ### Benefits This endpoint will allow to: - Perform in a single call what is being done now with multiple `canI` requests from frontend. - Abstract away the frontend from knowing about the CRDs used by plugins. See [here](https://github.com/vmware-tanzu/kubeapps/blob/main/dashboard/src/shared/PackageRepositoriesService.ts#L302-L343). ### Possible drawbacks N/A ### Applicable issues - fixes #5521 Signed-off-by: Rafa Castelblanque <rcastelblanq@vmware.com> Co-authored-by: Dimitri Laloue <74025858+dlaloue-vmware@users.noreply.github.com>

[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [axios](https://github.com/axios/axios) from 1.3.0 to 1.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.3.1</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>formdata:</strong> add hotfix to use the asynchronous API to compute the content-length header value; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5521">#5521</a>) (<a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120">96d336f</a>)</li> <li><strong>serializer:</strong> fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>) (<a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d">08104c0</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+27/-8 ([#5521](axios/axios#5521) [#5518](axios/axios#5518) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/axios/axios/compare/v1.3.0...v1.3.1">1.3.1</a> (2023-02-01)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>formdata:</strong> add hotfix to use the asynchronous API to compute the content-length header value; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5521">#5521</a>) (<a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120">96d336f</a>)</li> <li><strong>serializer:</strong> fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>) (<a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d">08104c0</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+27/-8 ([#5521](axios/axios#5521) [#5518](axios/axios#5518) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/54d3facb3b032665e6ae84e157073702b5c2e4d9"><code>54d3fac</code></a> chore(release): v1.3.1 (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5522">#5522</a>)</li> <li><a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120"><code>96d336f</code></a> fix(formdata): add hotfix to use the asynchronous API to compute the content-...</li> <li><a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d"><code>08104c0</code></a> fix(serializer): fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>)</li> <li>See full diff in <a href="https://github.com/axios/axios/compare/v1.3.0...v1.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [axios](https://github.com/axios/axios) from 1.3.0 to 1.3.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>Release v1.3.1</h2> <h2>Release notes:</h2> <h3>Bug Fixes</h3> <ul> <li><strong>formdata:</strong> add hotfix to use the asynchronous API to compute the content-length header value; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5521">#5521</a>) (<a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120">96d336f</a>)</li> <li><strong>serializer:</strong> fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>) (<a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d">08104c0</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+27/-8 ([#5521](axios/axios#5521) [#5518](axios/axios#5518) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/axios/axios/compare/v1.3.0...v1.3.1">1.3.1</a> (2023-02-01)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>formdata:</strong> add hotfix to use the asynchronous API to compute the content-length header value; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5521">#5521</a>) (<a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120">96d336f</a>)</li> <li><strong>serializer:</strong> fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>) (<a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d">08104c0</a>)</li> </ul> <h3>Contributors to this release</h3> <ul> <li> <a href="https://github.com/DigitalBrainJS" title="+27/-8 ([#5521](axios/axios#5521) [#5518](axios/axios#5518) )">Dmitriy Mozgovoy</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/54d3facb3b032665e6ae84e157073702b5c2e4d9"><code>54d3fac</code></a> chore(release): v1.3.1 (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5522">#5522</a>)</li> <li><a href="https://github.com/axios/axios/commit/96d336f527619f21da012fe1f117eeb53e5a2120"><code>96d336f</code></a> fix(formdata): add hotfix to use the asynchronous API to compute the content-...</li> <li><a href="https://github.com/axios/axios/commit/08104c028c0f9353897b1b6691d74c440fd0c32d"><code>08104c0</code></a> fix(serializer): fixed serialization of array-like objects; (<a href="https://github-redirect.dependabot.com/axios/axios/issues/5518">#5518</a>)</li> <li>See full diff in <a href="https://github.com/axios/axios/compare/v1.3.0...v1.3.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.3.0&new-version=1.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

castelblanque added kind/proposal An issue that reports a new feature proposal to be discussed component/apis-server Issue related to kubeapps api-server labels Oct 20, 2022

castelblanque added this to the Update package repository API milestone Oct 20, 2022

ppbaena assigned castelblanque Oct 24, 2022

castelblanque mentioned this issue Nov 3, 2022

Package repository permissions endpoint #5604

Merged

dlaloue-vmware closed this as completed in #5604 Nov 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New package repository API endpoint to provide repositories permissions #5521

New package repository API endpoint to provide repositories permissions #5521

castelblanque commented Oct 20, 2022

New package repository API endpoint to provide repositories permissions #5521

New package repository API endpoint to provide repositories permissions #5521

Comments

castelblanque commented Oct 20, 2022