From 235167c59f108a29b49624731c61fbef3562e84d Mon Sep 17 00:00:00 2001 From: Arnob Kumar Saha Date: Fri, 7 Feb 2025 23:47:56 +0600 Subject: [PATCH 1/3] Filter genericResources by client-org Signed-off-by: Arnob Kumar Saha --- go.mod | 4 ++-- go.sum | 8 ++++---- pkg/registry/core/genericresource/storage.go | 12 ++++++++++++ 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 024a4c9e8..8cbf69ef2 100644 --- a/go.mod +++ b/go.mod @@ -47,12 +47,12 @@ require ( k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 kmodules.xyz/apiversion v0.2.0 kmodules.xyz/authorizer v0.29.1 - kmodules.xyz/client-go v0.30.45-0.20250207123756-eee0c64ca0c6 + kmodules.xyz/client-go v0.30.45 kmodules.xyz/custom-resources v0.30.0 kmodules.xyz/go-containerregistry v0.0.12 kmodules.xyz/monitoring-agent-api v0.30.4 kmodules.xyz/offshoot-api v0.30.1 - kmodules.xyz/resource-metadata v0.24.3-0.20250127043106-3dc2cd2a29af + kmodules.xyz/resource-metadata v0.24.4-0.20250205085501-41f5e5666a3b kmodules.xyz/resource-metrics v0.30.5 kmodules.xyz/resource-metrics/utils v0.30.4 kmodules.xyz/sets v0.29.0 diff --git a/go.sum b/go.sum index e4906e5c8..42379f04c 100644 --- a/go.sum +++ b/go.sum @@ -1174,8 +1174,8 @@ kmodules.xyz/apply v0.29.0 h1:0OXGfE2IPuvXHk6uI9zp6KCYdBibx8mK4PEl0g3LZ44= kmodules.xyz/apply v0.29.0/go.mod h1:bwToXErB+DC7/EEWjQVARCSbJBjGx5hIEuV1n0tC73g= kmodules.xyz/authorizer v0.29.1 h1:uByGGoryKbZcfiEAhjcK/Y345I9mygNQP7DVpkMbNQQ= kmodules.xyz/authorizer v0.29.1/go.mod h1:kZRhclL8twzyt2bQuJQJbpYww2sc+qFr8I5PPoq/sWY= -kmodules.xyz/client-go v0.30.45-0.20250207123756-eee0c64ca0c6 h1:ZHDolQgpH230bA4N/bxhBX26jPJ/OBdcoaZQ5CUn36Q= -kmodules.xyz/client-go v0.30.45-0.20250207123756-eee0c64ca0c6/go.mod h1:T9Kiu20wXEn65dLBQeegf4+y7oahJBR9ZJO2zGEVLIY= +kmodules.xyz/client-go v0.30.45 h1:hSjNlJoPQ86CKS8BiEbSmBkF2+yWsFjjMFISOCVJ6aA= +kmodules.xyz/client-go v0.30.45/go.mod h1:T9Kiu20wXEn65dLBQeegf4+y7oahJBR9ZJO2zGEVLIY= kmodules.xyz/crd-schema-fuzz v0.29.1 h1:zJTlWYOrT5dsVVHW8HGcnR/vaWfxQfNh11QwTtkYpcs= kmodules.xyz/crd-schema-fuzz v0.29.1/go.mod h1:n708z9YQqLMP2KNLQVgBcRJw1QpSWLvpNCEi+KJDOYE= kmodules.xyz/custom-resources v0.30.0 h1:vR3CbseHMLwR4GvtcJJuRuwIV8voKqFqNii27rMcm1o= @@ -1186,8 +1186,8 @@ kmodules.xyz/monitoring-agent-api v0.30.4 h1:6CTKxYJKpWDsDYb0WRBHGFoW3xQof05d+W8 kmodules.xyz/monitoring-agent-api v0.30.4/go.mod h1:ZuTQ5uGi6H80QLsOTuuC7m58dfXDGUv0YB+s059gnr4= kmodules.xyz/offshoot-api v0.30.1 h1:TrulAYO+oBsXe9sZZGTmNWIuI8qD2izMpgcTSPvgAmI= kmodules.xyz/offshoot-api v0.30.1/go.mod h1:T3mpjR6fui0QzOcmQvIuANytW48fe9ytmy/1cgx6D4g= -kmodules.xyz/resource-metadata v0.24.3-0.20250127043106-3dc2cd2a29af h1:fvSfjg4Ypqu3XgflHLLinpT3ErDStI+LJf9s4+5E9fQ= -kmodules.xyz/resource-metadata v0.24.3-0.20250127043106-3dc2cd2a29af/go.mod h1:rPUZSMR0e1Vi+gONQ2ZhOFW+GvUeK+1AI7h9fzTZoKI= +kmodules.xyz/resource-metadata v0.24.4-0.20250205085501-41f5e5666a3b h1:fdS0AvniV8BaS5LiNSty3MdFK/n3oy5EYGZ3Dqc3PLY= +kmodules.xyz/resource-metadata v0.24.4-0.20250205085501-41f5e5666a3b/go.mod h1:rPUZSMR0e1Vi+gONQ2ZhOFW+GvUeK+1AI7h9fzTZoKI= kmodules.xyz/resource-metrics v0.30.5 h1:ZhpGeR9DCz1HTrKUg/mWhr95wlFzCPRdgVAqwaggy1o= kmodules.xyz/resource-metrics v0.30.5/go.mod h1:w9+rz7/s/kGP1GWzYSuRdCn+l7EwpesmESSEHkLBnIQ= kmodules.xyz/resource-metrics/utils v0.30.4 h1:bJS/x0Qr7N1FFdxugFbzZ/Es6HVs4ptsFlhkmgj3jac= diff --git a/pkg/registry/core/genericresource/storage.go b/pkg/registry/core/genericresource/storage.go index f7b667915..dba053be9 100644 --- a/pkg/registry/core/genericresource/storage.go +++ b/pkg/registry/core/genericresource/storage.go @@ -168,6 +168,18 @@ func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions return nil, apierrors.NewInternalError(err) } + // for client org user, show their own namespace only when all namespace objects is requested + if ns == "" { + result, err := clustermeta.IsClientOrgMember(r.kc, user) + if err != nil { + return nil, err + } + + if result.IsClientOrg { + ns = result.Namespace.Name + } + } + mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(r.dc)) gvks := make(map[schema.GroupKind]string) From 07ce75072b2fe6dc0e692e275f3d6e72c2e45204 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Fri, 7 Feb 2025 12:20:26 -0800 Subject: [PATCH 2/3] Update deps Signed-off-by: Tamal Saha --- .../core/v1alpha1/generic_resource_types.go | 8 ++++++-- .../apis/core/v1alpha1/openapi_generated.go | 12 ++++++++++++ .../core.k8s.appscode.com_genericresources.yaml | 12 ++++++++++++ .../v1alpha1/backupsessions.yaml | 17 ++++++++++------- vendor/modules.txt | 4 ++-- 5 files changed, 42 insertions(+), 11 deletions(-) diff --git a/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/generic_resource_types.go b/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/generic_resource_types.go index 564b1a6e5..20e67c58f 100644 --- a/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/generic_resource_types.go +++ b/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/generic_resource_types.go @@ -76,7 +76,9 @@ type GenericResourceSpec struct { } type ComputeResource struct { - Name string `json:"name"` + // +optional + UID types.UID `json:"uid,omitempty"` + Name string `json:"name"` // +optional CreationTimestamp metav1.Time `json:"creationTimestamp,omitempty"` Containers []ContainerResource `json:"containers,omitempty"` @@ -91,7 +93,9 @@ type ContainerResource struct { } type StorageResource struct { - Name string `json:"name"` + // +optional + UID types.UID `json:"uid,omitempty"` + Name string `json:"name"` // +optional CreationTimestamp metav1.Time `json:"creationTimestamp,omitempty"` // +optional diff --git a/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/openapi_generated.go b/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/openapi_generated.go index cf050388f..7166478f9 100644 --- a/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/openapi_generated.go +++ b/vendor/kmodules.xyz/resource-metadata/apis/core/v1alpha1/openapi_generated.go @@ -18878,6 +18878,12 @@ func schema_resource_metadata_apis_core_v1alpha1_ComputeResource(ref common.Refe SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ + "uid": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, "name": { SchemaProps: spec.SchemaProps{ Default: "", @@ -20487,6 +20493,12 @@ func schema_resource_metadata_apis_core_v1alpha1_StorageResource(ref common.Refe SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ + "uid": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, "name": { SchemaProps: spec.SchemaProps{ Default: "", diff --git a/vendor/kmodules.xyz/resource-metadata/crds/core.k8s.appscode.com_genericresources.yaml b/vendor/kmodules.xyz/resource-metadata/crds/core.k8s.appscode.com_genericresources.yaml index d2b181971..607554959 100644 --- a/vendor/kmodules.xyz/resource-metadata/crds/core.k8s.appscode.com_genericresources.yaml +++ b/vendor/kmodules.xyz/resource-metadata/crds/core.k8s.appscode.com_genericresources.yaml @@ -286,6 +286,12 @@ spec: type: array name: type: string + uid: + description: UID is a type that holds unique ID values, including + UUIDs. Because we don't ONLY use UUIDs, this is an alias + to string. Being a type captures intent and helps make sure + that UIDs and names do not get conflated. + type: string required: - name type: object @@ -367,6 +373,12 @@ spec: cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object + uid: + description: UID is a type that holds unique ID values, including + UUIDs. Because we don't ONLY use UUIDs, this is an alias + to string. Being a type captures intent and helps make sure + that UIDs and names do not get conflated. + type: string required: - name type: object diff --git a/vendor/kmodules.xyz/resource-metadata/hub/resourceoutlines/core.kubestash.com/v1alpha1/backupsessions.yaml b/vendor/kmodules.xyz/resource-metadata/hub/resourceoutlines/core.kubestash.com/v1alpha1/backupsessions.yaml index 99a69c916..9210315e2 100644 --- a/vendor/kmodules.xyz/resource-metadata/hub/resourceoutlines/core.kubestash.com/v1alpha1/backupsessions.yaml +++ b/vendor/kmodules.xyz/resource-metadata/hub/resourceoutlines/core.kubestash.com/v1alpha1/backupsessions.yaml @@ -14,16 +14,19 @@ spec: - name: Overview sections: - blocks: - - kind: Block - name: core.kubestash.com-v1alpha1-backupsessions - info: - actions: + - actions: create: Never displayMode: Field - kind: Self + kind: Connection + name: Target + query: + byLabel: backup_via + type: GraphQL + ref: + group: appcatalog.appscode.com + kind: AppBinding view: - name: core.kubestash.com-v1alpha1-backupsessions - - blocks: + name: appcatalog.appscode.com-v1alpha1-appbindings-kubedb - actions: create: Never displayMode: List diff --git a/vendor/modules.txt b/vendor/modules.txt index 4ca53025f..7d924d107 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2575,7 +2575,7 @@ kmodules.xyz/authorizer/apiserver kmodules.xyz/authorizer/rbac kmodules.xyz/authorizer/rbac/helpers kmodules.xyz/authorizer/rbac/validation -# kmodules.xyz/client-go v0.30.45-0.20250207123756-eee0c64ca0c6 +# kmodules.xyz/client-go v0.30.45 ## explicit; go 1.22.0 kmodules.xyz/client-go kmodules.xyz/client-go/api/v1 @@ -2613,7 +2613,7 @@ kmodules.xyz/monitoring-agent-api/client kmodules.xyz/offshoot-api/api/v1 kmodules.xyz/offshoot-api/api/v2 kmodules.xyz/offshoot-api/util -# kmodules.xyz/resource-metadata v0.24.3-0.20250127043106-3dc2cd2a29af +# kmodules.xyz/resource-metadata v0.24.4-0.20250205085501-41f5e5666a3b ## explicit; go 1.22.1 kmodules.xyz/resource-metadata/apis/core/install kmodules.xyz/resource-metadata/apis/core/v1alpha1 From 9dbb1da2a48e3ec8318eb6afeff7791181654bed Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Fri, 7 Feb 2025 12:27:08 -0800 Subject: [PATCH 3/3] Change all core apis Signed-off-by: Tamal Saha --- pkg/registry/core/genericresource/storage.go | 20 +++++++++----------- pkg/registry/core/podview/storage.go | 18 +++++++++++++++--- pkg/registry/core/resourceservice/storage.go | 20 +++++++++++++++----- pkg/registry/core/resourcesummary/storage.go | 1 - 4 files changed, 39 insertions(+), 20 deletions(-) diff --git a/pkg/registry/core/genericresource/storage.go b/pkg/registry/core/genericresource/storage.go index dba053be9..0694bbd9a 100644 --- a/pkg/registry/core/genericresource/storage.go +++ b/pkg/registry/core/genericresource/storage.go @@ -152,22 +152,15 @@ func (r *Storage) Get(ctx context.Context, name string, options *metav1.GetOptio } func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) { - ns, ok := apirequest.NamespaceFrom(ctx) - if !ok { - return nil, apierrors.NewBadRequest("missing namespace") - } - selector := shared.NewGroupKindSelector(options.LabelSelector) - user, ok := apirequest.UserFrom(ctx) if !ok { return nil, apierrors.NewBadRequest("missing user info") } - cmeta, err := clustermeta.ClusterMetadata(r.kc) - if err != nil { - return nil, apierrors.NewInternalError(err) + ns, ok := apirequest.NamespaceFrom(ctx) + if !ok { + return nil, apierrors.NewBadRequest("missing namespace") } - // for client org user, show their own namespace only when all namespace objects is requested if ns == "" { result, err := clustermeta.IsClientOrgMember(r.kc, user) @@ -180,8 +173,13 @@ func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions } } - mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(r.dc)) + selector := shared.NewGroupKindSelector(options.LabelSelector) + cmeta, err := clustermeta.ClusterMetadata(r.kc) + if err != nil { + return nil, apierrors.NewInternalError(err) + } + mapper := restmapper.NewDeferredDiscoveryRESTMapper(memory.NewMemCacheClient(r.dc)) gvks := make(map[schema.GroupKind]string) for _, gvk := range api.RegisteredTypes() { if !selector.Matches(gvk.GroupKind()) { diff --git a/pkg/registry/core/podview/storage.go b/pkg/registry/core/podview/storage.go index 648bb6478..b1516ddd6 100644 --- a/pkg/registry/core/podview/storage.go +++ b/pkg/registry/core/podview/storage.go @@ -32,6 +32,7 @@ import ( apirequest "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" "k8s.io/klog/v2" + clustermeta "kmodules.xyz/client-go/cluster" mu "kmodules.xyz/client-go/meta" promclient "kmodules.xyz/monitoring-agent-api/client" rscoreapi "kmodules.xyz/resource-metadata/apis/core/v1alpha1" @@ -224,14 +225,25 @@ func (r *Storage) NewList() runtime.Object { } func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) { + user, ok := apirequest.UserFrom(ctx) + if !ok { + return nil, apierrors.NewBadRequest("missing user info") + } + ns, ok := apirequest.NamespaceFrom(ctx) if !ok { return nil, apierrors.NewBadRequest("missing namespace") } + // for client org user, show their own namespace only when all namespace objects is requested + if ns == "" { + result, err := clustermeta.IsClientOrgMember(r.kc, user) + if err != nil { + return nil, err + } - user, ok := apirequest.UserFrom(ctx) - if !ok { - return nil, apierrors.NewBadRequest("missing user info") + if result.IsClientOrg { + ns = result.Namespace.Name + } } attrs := authorizer.AttributesRecord{ diff --git a/pkg/registry/core/resourceservice/storage.go b/pkg/registry/core/resourceservice/storage.go index 7d9feb8be..d73786db3 100644 --- a/pkg/registry/core/resourceservice/storage.go +++ b/pkg/registry/core/resourceservice/storage.go @@ -163,18 +163,28 @@ func (r *Storage) Get(ctx context.Context, name string, options *metav1.GetOptio } func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions) (runtime.Object, error) { + user, ok := apirequest.UserFrom(ctx) + if !ok { + return nil, apierrors.NewBadRequest("missing user info") + } + ns, ok := apirequest.NamespaceFrom(ctx) if !ok { return nil, apierrors.NewBadRequest("missing namespace") } + // for client org user, show their own namespace only when all namespace objects is requested + if ns == "" { + result, err := clustermeta.IsClientOrgMember(r.kc, user) + if err != nil { + return nil, err + } - selector := shared.NewGroupKindSelector(options.LabelSelector) - - user, ok := apirequest.UserFrom(ctx) - if !ok { - return nil, apierrors.NewBadRequest("missing user info") + if result.IsClientOrg { + ns = result.Namespace.Name + } } + selector := shared.NewGroupKindSelector(options.LabelSelector) cmeta, err := clustermeta.ClusterMetadata(r.kc) if err != nil { return nil, apierrors.NewInternalError(err) diff --git a/pkg/registry/core/resourcesummary/storage.go b/pkg/registry/core/resourcesummary/storage.go index 0389a887a..ef7380ef0 100644 --- a/pkg/registry/core/resourcesummary/storage.go +++ b/pkg/registry/core/resourcesummary/storage.go @@ -109,7 +109,6 @@ func (r *Storage) List(ctx context.Context, options *internalversion.ListOptions if !ok { return nil, apierrors.NewBadRequest("missing namespace") } - // for client org user, show their own namespace only when all namespace summary is requested if ns == "" { result, err := clustermeta.IsClientOrgMember(r.kc, user)