rancher/steve
1
0
Fork 0
mirror of https://github.com/rancher/steve.git synced 2025-07-19 17:26:57 +00:00
Code Issues Projects Releases Wiki Activity
06fe9c3ef4
steve/pkg/resources/common/formatter.go

249 lines
7.6 KiB
Go
Raw Blame History

package common
import (
"net/http"
"strings"
"github.com/rancher/apiserver/pkg/types"
"github.com/rancher/steve/pkg/accesscontrol"
"github.com/rancher/steve/pkg/attributes"
"github.com/rancher/steve/pkg/resources/virtual/common"
"github.com/rancher/steve/pkg/schema"
metricsStore "github.com/rancher/steve/pkg/stores/metrics"
"github.com/rancher/steve/pkg/stores/proxy"
"github.com/rancher/steve/pkg/summarycache"
"github.com/rancher/wrangler/v3/pkg/data"
corecontrollers "github.com/rancher/wrangler/v3/pkg/generated/controllers/core/v1"
"github.com/rancher/wrangler/v3/pkg/summary"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
schema2 "k8s.io/apimachinery/pkg/runtime/schema"
)
func DefaultTemplate(clientGetter proxy.ClientGetter,
summaryCache *summarycache.SummaryCache,
asl accesscontrol.AccessSetLookup,
namespaceCache corecontrollers.NamespaceCache) schema.Template {
return schema.Template{
Store: metricsStore.NewMetricsStore(proxy.NewProxyStore(clientGetter, summaryCache, asl, namespaceCache)),
Formatter: formatter(summaryCache, asl),
}
}
// DefaultTemplateForStore provides a default schema template which uses a provided, pre-initialized store. Primarily used when creating a Template that uses a Lasso SQL store internally.
func DefaultTemplateForStore(store types.Store,
summaryCache *summarycache.SummaryCache,
asl accesscontrol.AccessSetLookup) schema.Template {
return schema.Template{
Store: store,
Formatter: formatter(summaryCache, asl),
}
}
func selfLink(gvr schema2.GroupVersionResource, meta metav1.Object) (prefix string) {
return buildBasePath(gvr, meta.GetNamespace(), meta.GetName())
}
func buildBasePath(gvr schema2.GroupVersionResource, namespace string, includeName string) string {
buf := &strings.Builder{}
if gvr.Group == "management.cattle.io" && gvr.Version == "v3" {
buf.WriteString("/v1/")
buf.WriteString(gvr.Group)
buf.WriteString(".")
buf.WriteString(gvr.Resource)
if namespace != "" {
buf.WriteString("/")
buf.WriteString(namespace)
}
} else {
if gvr.Group == "" {
buf.WriteString("/api/v1/")
} else {
buf.WriteString("/apis/")
buf.WriteString(gvr.Group)
buf.WriteString("/")
buf.WriteString(gvr.Version)
buf.WriteString("/")
}
if namespace != "" {
buf.WriteString("namespaces/")
buf.WriteString(namespace)
buf.WriteString("/")
}
buf.WriteString(gvr.Resource)
}
if includeName != "" {
buf.WriteString("/")
buf.WriteString(includeName)
}
return buf.String()
}
func formatter(summarycache common.SummaryCache, asl accesscontrol.AccessSetLookup) types.Formatter {
return func(request *types.APIRequest, resource *types.RawResource) {
if resource.Schema == nil {
return
}
gvr := attributes.GVR(resource.Schema)
if gvr.Version == "" {
return
}
meta, err := meta.Accessor(resource.APIObject.Object)
if err != nil {
return
}
userInfo, ok := request.GetUserInfo()
if !ok {
return
}
accessSet := accesscontrol.AccessSetFromAPIRequest(request)
if accessSet == nil {
accessSet = asl.AccessFor(userInfo)
if accessSet == nil {
return
}
}
hasUpdate := accessSet.Grants("update", gvr.GroupResource(), resource.APIObject.Namespace(), resource.APIObject.Name())
hasDelete := accessSet.Grants("delete", gvr.GroupResource(), resource.APIObject.Namespace(), resource.APIObject.Name())
hasPatch := accessSet.Grants("patch", gvr.GroupResource(), resource.APIObject.Namespace(), resource.APIObject.Name())
selfLink := selfLink(gvr, meta)
u := request.URLBuilder.RelativeToRoot(selfLink)
resource.Links["view"] = u
if hasUpdate {
if attributes.DisallowMethods(resource.Schema)[http.MethodPut] {
resource.Links["update"] = "blocked"
}
} else {
delete(resource.Links, "update")
}
if hasDelete {
if attributes.DisallowMethods(resource.Schema)[http.MethodDelete] {
resource.Links["remove"] = "blocked"
}
} else {
delete(resource.Links, "remove")
}
if hasPatch {
if attributes.DisallowMethods(resource.Schema)[http.MethodPatch] {
resource.Links["patch"] = "blocked"
}
} else {
delete(resource.Links, "patch")
}
if unstr, ok := resource.APIObject.Object.(*unstructured.Unstructured); ok {
// with the sql cache, these were already added by the indexer. However, the sql cache
// is only used for lists, so we need to re-add here for get/watch
s, rel := summarycache.SummaryAndRelationship(unstr)
data.PutValue(unstr.Object, map[string]interface{}{
"name": s.State,
"error": s.Error,
"transitioning": s.Transitioning,
"message": strings.Join(s.Message, ":"),
}, "metadata", "state")
data.PutValue(unstr.Object, rel, "metadata", "relationships")
summary.NormalizeConditions(unstr)
includeFields(request, unstr)
excludeFields(request, unstr)
excludeValues(request, unstr)
}
if permsQuery := request.Query.Get("checkPermissions"); permsQuery != "" {
ns := getNamespaceFromResource(resource.APIObject)
permissions := map[string]map[string]string{}
for _, res := range strings.Split(permsQuery, ",") {
s := request.Schemas.LookupSchema(res)
if s == nil {
continue
}
gvr := attributes.GVR(s)
gr := schema2.GroupResource{Group: gvr.Group, Resource: gvr.Resource}
perms := map[string]string{}
for _, verb := range []string{"create", "update", "delete", "list", "get", "watch", "patch"} {
if accessSet.Grants(verb, gr, ns, "") {
url := request.URLBuilder.RelativeToRoot(buildBasePath(gvr, ns, ""))
perms[verb] = url
}
}
if len(perms) > 0 {
permissions[res] = perms
}
}
if unstr, ok := resource.APIObject.Object.(*unstructured.Unstructured); ok {
data.PutValue(unstr.Object, permissions, "resourcePermissions")
}
}
}
}
func includeFields(request *types.APIRequest, unstr *unstructured.Unstructured) {
if fields, ok := request.Query["include"]; ok {
newObj := map[string]interface{}{}
for _, f := range fields {
fieldParts := strings.Split(f, ".")
if val, ok := data.GetValue(unstr.Object, fieldParts...); ok {
data.PutValue(newObj, val, fieldParts...)
}
}
unstr.Object = newObj
}
}
func excludeFields(request *types.APIRequest, unstr *unstructured.Unstructured) {
if fields, ok := request.Query["exclude"]; ok {
for _, f := range fields {
fieldParts := strings.Split(f, ".")
data.RemoveValue(unstr.Object, fieldParts...)
}
}
}
func excludeValues(request *types.APIRequest, unstr *unstructured.Unstructured) {
if values, ok := request.Query["excludeValues"]; ok {
for _, f := range values {
fieldParts := strings.Split(f, ".")
fieldValues := data.GetValueN(unstr.Object, fieldParts...)
if obj, ok := fieldValues.(map[string]interface{}); ok {
for k := range obj {
data.PutValue(unstr.Object, "", append(fieldParts, k)...)
}
}
}
}
}
func getNamespaceFromResource(obj types.APIObject) string {
unstr, ok := obj.Object.(*unstructured.Unstructured)
if !ok {
return ""
}
// If we have a backingNamespace, use that
if statusRaw, ok := unstr.Object["status"]; ok {
if statusMap, ok := statusRaw.(map[string]interface{}); ok {
if backingNamespace, ok := statusMap["backingNamespace"].(string); ok && backingNamespace != "" {
return backingNamespace
}
}
}
// Otherwise, if the id has a slash, we will interpret that.
// This is used to determine a project's namespace when there is no backingNamespace present.
// For cases where there is no slash, we use the object's ID, which is the same as the namespace.
return strings.Replace(obj.ID, "/", "-", 1)
}
Reference in New Issue View Git Blame Copy Permalink