Full dynamic RBAC and pagination

2025-09-08 08:29:06 +00:00 · 2020-02-10 10:18:20 -07:00
parent 12df5d1a3d
commit e64845dcb9
18 changed files with 656 additions and 36 deletions
--- a/pkg/server/store/proxy/watch_refresh.go
+++ b/pkg/server/store/proxy/watch_refresh.go
@@ -0,0 +1,45 @@
+package proxy
+
+import (
+	"context"
+	"time"
+
+	"github.com/rancher/steve/pkg/accesscontrol"
+	"github.com/rancher/steve/pkg/schemaserver/types"
+	"k8s.io/apiserver/pkg/endpoints/request"
+)
+
+type WatchRefresh struct {
+	types.Store
+	asl accesscontrol.AccessSetLookup
+}
+
+func (w *WatchRefresh) Watch(apiOp *types.APIRequest, schema *types.APISchema, wr types.WatchRequest) (chan types.APIEvent, error) {
+	user, ok := request.UserFrom(apiOp.Context())
+	if !ok {
+		return w.Store.Watch(apiOp, schema, wr)
+	}
+
+	as := w.asl.AccessFor(user)
+	ctx, cancel := context.WithCancel(apiOp.Context())
+	apiOp = apiOp.WithContext(ctx)
+
+	go func() {
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-time.After(30 * time.Second):
+			}
+
+			newAs := w.asl.AccessFor(user)
+			if as.ID != newAs.ID {
+				// RBAC changed
+				cancel()
+				return
+			}
+		}
+	}()
+
+	return w.Store.Watch(apiOp, schema, wr)
+}