* Add vai access-control for tokens.
* Check for both Token and Kubeconfig resources
* Add a unit test for verifying the generated filters for restricted resources.
* Remove a TODO comment as Tom points out we no longer need it.
* Return error if we can't get userinfo from apiOp.Request.Context
* Stop using camelCase for the user ID label.
* Add a test for the admin user.
* And fold the two user-access tests into a single parameterized test.
* Address reviewer comments.
* post-rebase merge fixes
* WIP - add a comment about determining admin users.
---------
Co-authored-by: Peter Matseykanets <peter.matseykanets@suse.com>
* Add ListOptionIndexerOptions to create ListOptionIndexer
* Remove unused function
* Implement configurable garbage collection on ListOptionIndexer
* Propagate Steve options from Server
* Move types related to list options and sql queries into their own package.
The problem having these in the informer package is that eventually code
in other packages will need to import `informer` only for constants or types,
but some members of the informer package may already depend on those. Best to
move type definitions into their own simpler package.
* Fix the ListOptions sort field.
Instead of making it a single array-ish field, convert it into a
true array of Sort Directives. Easier to read, less bending backwards.
* Pass the listOptions struct by reference to avoid copying.
We never update the ListOptions struct once it's created so there's
no need to pass it by value.
This might be a near-useless optimization...
* Generate field names with brackets when needed.
* Stop hard-wiring complex selectors as `["field1", "field2[sub-field3]"]`
and instead represent them as a more consistent `["field1", "field2", "sub-field3"]`
* Convert all filter strings ending with square brackets to an array.
Stop special-casing 'metadata.labels[X]' and handle any query string that ends with '[...]'.
* Stop checking for pre-bracketed terms in constant field-accessor arrays.
In this commit we stop converting string arrays like
`["metadata", "labels[k8s.io/deepcode]"]` into the database field
`"metadata.labels[k8s.io/deepcode]"` and instead will do a
naive `join` to give `metadata[labels[k8s.io/deepcode]]`. The solution
is to never express the above terms in separate fields, like
`["metadata", "labels", "k8s.io/deepcode"]`. This also better reflects
the stucture of the referenced object.
* gofmt changes
* Simplify comment about 'smartJoin'.
Previous SQLite-related code used context.Background() and context.TODO() because it was not developed with context awareness.
This commit propagates the main Steve context so that it can be used when interacting with SQL context-aware functions.
This PR removes all production-code use of context.Background() and context.TODO() and replaces test-code use of TODO with Background.
Contributes to rancher/rancher#47825
* bump lasso to include pull #111
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Make IsListWatchable public to be reused in other packages
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Let lasso know whether a type is watchable upon requesting a cache
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Adapt existing tests
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* Add a test to check watchability is detected correctly
Signed-off-by: Silvio Moioli <silvio@moioli.net>
---------
Signed-off-by: Silvio Moioli <silvio@moioli.net>
* added namespace check to proxy_store create
* added namespaced resources checks and create tests
* Update pkg/stores/proxy/proxy_store.go
* changed error message and added missing name only test
* updated sql/proxy_store
* changed return to use apierror.NewAPIError
---------
Co-authored-by: Felipe C. Gehrke <felipe@localhost.localdomain>
Co-authored-by: Tom Lebreux <tom.lebreux@suse.com>
Adds logic which adds virtual fields resources. This allows these fields
to be sorted/filtered on when the SQL cache is enabled. Id and
metadata.state.name were added as the first two fields.
This uses SQLite-backed informers provided by Lasso with https://github.com/rancher/lasso/pull/65 to implement Steve API (/v1/) functionality.
This new functionality is available behind a feature flag to be specified at Steve startup
See https://confluence.suse.com/pages/viewpage.action?pageId=1359086083
Co-authored-by: Ricardo Weir <ricardo.weir@suse.com>
Co-authored-by: Michael Bolot <michael.bolot@suse.com>
Co-authored-by: Silvio Moioli <silvio@moioli.net>
Signed-off-by: Silvio Moioli <silvio@moioli.net>
