Commits on Sep 19, 2024

1. feat(ui): add namespace input to UserInfo page. Fixes argoproj#12041 …

   When using [SSO RBAC Namespace
   Delegation](https://argo-workflows.readthedocs.io/en/latest/argo-server-sso/#sso-rbac-namespace-delegation),
   there's currently no way of seeing which service account maps to the
   user in a given namespace. The backend for the `/api/v1/userinfo`
   endpoint already supports a query parameter called `?namespace` that it
   will use to look up service account details, though this isn't
   documented.
   
   This documents the existing `?namespace` query parameter, adds a
   namespace inbox filter on the top of the page, and updates the
   `UserInfo` page to pass it when calling `/api/v1/userinfo`. The only
   thing I wasn't quite sure about is error handling: if someone enter an
   invalid namespace, then `/api/v1/userinfo` will ignore it and silently
   fall back to the installation namespace, which could cause confusion.
   Ideally, the UI would detect that and show an informative error message,
   but that'd require non-trivial API changes.
   
   Testing procedure:
   1. Created the following manifest and ran `kubectl apply -f` on it:
   ```yaml
   apiVersion: v1
   kind: Namespace
   metadata:
     name: delegation-test
   ---
   apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: delegated-sa
     namespace: delegation-test
     annotations:
       workflows.argoproj.io/rbac-rule: "true"
       workflows.argoproj.io/rbac-rule-precedence: "2"
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: delegated-sa.service-account-token
     namespace: delegation-test
     annotations:
       kubernetes.io/service-account.name: delegated-sa
   type: kubernetes.io/service-account-token
   data:
     ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTWpFM05qazBPVFF3SGhjTk1qUXdOekl6TWpFeE9ERTBXaGNOTXpRd056SXhNakV4T0RFMApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTWpFM05qazBPVFF3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTWnAyeVNTekR5OFR6VjJHWG1naUdWaW5Qb0VkREZrdCtSeGpkbE5zMjAKamc1bk9iUEhLMTYybDdObHR5dGxpb0RxTHIwQXNwSGNPVWlvUTlrcElnNVdvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWZlYUhaTnpOeG9kd0w0YXNHdDhSCjBrZDJ6K0V3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnRGdWZjJBMGZESkN1S3lLblI3RTVBay9KTDlWek1KQzIKZ2dKbmJFbjFrNm9DSVFDZldtL1FWbkxVVG5Bb0RMSCtFNzN6UW0wdXVOVEhzemxXVFhYM2hjWkFaUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
     namespace: ZGVsZWdhdGlvbi10ZXN0Cg==
     token: ZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklreHlhVWhQV0RSdlYwOUhhSFZsVFdOWWJqQTVhV1p1VUcxRFh6aFNlVkZUVG5kVGVWTjNTVEZPZDJjaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUpoY21kdklpd2lhM1ZpWlhKdVpYUmxjeTVwYnk5elpYSjJhV05sWVdOamIzVnVkQzl6WldOeVpYUXVibUZ0WlNJNkltRnlaMjh0YzJWeWRtVnlMbk5sY25acFkyVXRZV05qYjNWdWRDMTBiMnRsYmlJc0ltdDFZbVZ5Ym1WMFpYTXVhVzh2YzJWeWRtbGpaV0ZqWTI5MWJuUXZjMlZ5ZG1salpTMWhZMk52ZFc1MExtNWhiV1VpT2lKaGNtZHZMWE5sY25abGNpSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNklqSmtOV1F3TVRjMkxUQmpPRGN0TkRVMlpTMWlOR05tTFdFMlpEUmlaRGhsTURJelpTSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBoY21kdk9tRnlaMjh0YzJWeWRtVnlJbjAuYXZZVVZNZUtpTnZKYWdkU1U0bElYQ1RjdEFqSUE4V0FCVC01MEh1SFRRTVFrNUNKSFY1NFVTOW9hZlIwS085TldLcE5aVVlCU0hIaWJIWXRXRDdVVUVRRnk2bEFidzRUU3lwb2lBN2dST3N3X1dXSXpkS3BYVG5CM1UzSVVVeEdaQW56ZlBKNlZRdXhGQUZIQ205b1lTZXl1eDE4MkNNdnphUEhEdjd0N0V3TTRCSHFOU1dCMFc2aG95ZFJzeWdBV0xoWFhjSnNZZDdTTzBNRUlBWTViWmNHajF0eXQ1NUV1T1N2SDdqdUJES2JianhYMFlKUkp5dl9tbzdHNl9EemtHN3NMQ2NsUGZOMXYyZnJkZ2cxdjVEZHZBNmhVeXhsRjZhUzdublM5X1BfbW42UlctUk9TUWI3YkpTNVFmNzdVNG01QUFYUGttRWhnM2htVXcwdjJB
   ```
       I thought about creating a new profile under
       `test/e2e/manifests/sso-delegated` that could be used to test this via `make start PROFILE=sso-delegated`, but I don't know if that's worth it.
   2. Run `make start UI=true PROFILE=sso SSO_DELEGATE_RBAC_TO_NAMESPACE=true NAMESPACED=false`
   3. Visit http://localhost:8080/
   4. Click "Login"
   5. Click "Log in with Example"
   6. Click "Grant Access"
   7. Click the icon for the `UserInfo` page on the left navigation bar
   8. Verify namespace input is populated with the installation namespace
   
   Also, I verified the
   
   Signed-off-by: Mason Malone <mmalone@adobe.com>

   

   MasonM committed Sep 19, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for ee50921
   • Browse repository at this point

   Copy the full SHA

   ee50921 View commit details

   Browse the repository at this point in the history

2. Merge branch 'main' into feat-12041

   

   MasonM authored Sep 19, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 1096ede
   • Browse repository at this point

   Copy the full SHA

   1096ede View commit details

   Browse the repository at this point in the history