Limit norman API use of downstream cluster caches

ibuildthecloud · ibuildthecloud · commit 978d81ce2127 · 2021-11-19T17:52:47.000-07:00
diff --git a/pkg/api/norman/customization/cluster/actions_kubeconfig.go b/pkg/api/norman/customization/cluster/actions_kubeconfig.go
@@ -65,7 +65,7 @@ func (a ActionHandler) GenerateKubeconfigActionHandler(actionName string, action
 
 	if endpointEnabled {
 		clusterName := apiContext.ID
-		clusterClient, err := a.ClusterManager.UserContext(clusterName)
+		clusterClient, err := a.ClusterManager.UserContextNoControllers(clusterName)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/api/norman/customization/cluster/actions_yaml.go b/pkg/api/norman/customization/cluster/actions_yaml.go
@@ -178,7 +178,7 @@ func (a ActionHandler) processYAML(apiContext *types.APIContext, clusterName, pr
 }
 
 func (a ActionHandler) findOrCreateProjectNamespaces(apiContext *types.APIContext, namespaces []string, clusterName, projectName string) (corev1.NamespaceInterface, error) {
-	userCtx, err := a.ClusterManager.UserContext(clusterName)
+	userCtx, err := a.ClusterManager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/api/norman/customization/cluster/shell.go b/pkg/api/norman/customization/cluster/shell.go
@@ -25,7 +25,7 @@ type ShellLinkHandler struct {
 }
 
 func (s *ShellLinkHandler) LinkHandler(apiContext *types.APIContext, next types.RequestHandler) error {
-	context, err := s.ClusterManager.UserContext(apiContext.ID)
+	context, err := s.ClusterManager.UserContextNoControllers(apiContext.ID)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/norman/customization/clusterscan/clusterscan.go b/pkg/api/norman/customization/clusterscan/clusterscan.go
@@ -90,7 +90,7 @@ func (h Handler) LinkHandler(apiContext *types.APIContext, next types.RequestHan
 
 	clusterID, clusterScanID := ref.Parse(cs["id"].(string))
 
-	clusterContext, err := h.ClusterManager.UserContext(clusterID)
+	clusterContext, err := h.ClusterManager.UserContextNoControllers(clusterID)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/norman/customization/logging/action.go b/pkg/api/norman/customization/logging/action.go
@@ -174,14 +174,14 @@ func (h *Handler) testLoggingTarget(ctx context.Context, clusterName string, tar
 }
 
 func (h *Handler) dryRunLoggingTarget(apiContext *types.APIContext, level, clusterName, projectID string, target v33.LoggingTargets) error {
-	context, err := h.clusterManager.UserContext(clusterName)
+	context, err := h.clusterManager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return err
 	}
 
-	podLister := context.Core.Pods(metav1.NamespaceAll).Controller().Lister()
+	pods := context.Core.Pods(metav1.NamespaceAll)
 	namespaces := context.Core.Namespaces(metav1.NamespaceAll)
-	testerDeployer := deployer.NewTesterDeployer(context.Management, h.appsGetter, h.appLister, h.projectLister, podLister, h.projectLoggingLister, namespaces, h.templateLister)
+	testerDeployer := deployer.NewTesterDeployer(context.Management, h.appsGetter, h.appLister, h.projectLister, pods, h.projectLoggingLister, namespaces, h.templateLister)
 	configGenerator := configsyncer.NewConfigGenerator(metav1.NamespaceAll, h.projectLoggingLister, namespaces.Controller().Lister())
 
 	var dryRunConfigBuf []byte
diff --git a/pkg/api/norman/customization/monitor/cluster_graph_action.go b/pkg/api/norman/customization/monitor/cluster_graph_action.go
@@ -66,7 +66,7 @@ func (h *ClusterGraphHandler) QuerySeriesAction(actionName string, action *types
 	}
 
 	clusterName := inputParser.ClusterName
-	userContext, err := h.clustermanager.UserContext(clusterName)
+	userContext, err := h.clustermanager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return fmt.Errorf("get usercontext failed, %v", err)
 	}
diff --git a/pkg/api/norman/customization/monitor/handler_utils.go b/pkg/api/norman/customization/monitor/handler_utils.go
@@ -124,18 +124,16 @@ func (p *projectGraphInputParser) parseFilter() error {
 }
 
 type authChecker struct {
-	ProjectID          string
-	Input              *v32.QueryGraphInput
-	UserContext        *config.UserContext
-	WorkloadController workload.CommonController
+	ProjectID   string
+	Input       *v32.QueryGraphInput
+	UserContext *config.UserContext
 }
 
 func newAuthChecker(ctx context.Context, userContext *config.UserContext, input *v32.QueryGraphInput, projectID string) *authChecker {
 	return &authChecker{
-		ProjectID:          projectID,
-		Input:              input,
-		UserContext:        userContext,
-		WorkloadController: workload.NewWorkloadController(ctx, userContext.UserOnlyContext(), nil),
+		ProjectID:   projectID,
+		Input:       input,
+		UserContext: userContext,
 	}
 }
 
diff --git a/pkg/api/norman/customization/monitor/metric_action.go b/pkg/api/norman/customization/monitor/metric_action.go
@@ -82,7 +82,7 @@ func (h *MetricHandler) Action(actionName string, action *types.Action, apiConte
 			return err
 		}
 
-		userContext, err := h.clustermanager.UserContext(clusterName)
+		userContext, err := h.clustermanager.UserContextNoControllers(clusterName)
 		if err != nil {
 			return fmt.Errorf("get usercontext failed, %v", err)
 		}
@@ -137,7 +137,7 @@ func (h *MetricHandler) Action(actionName string, action *types.Action, apiConte
 			return fmt.Errorf("clusterName is empty")
 		}
 
-		userContext, err := h.clustermanager.UserContext(clusterName)
+		userContext, err := h.clustermanager.UserContextNoControllers(clusterName)
 		if err != nil {
 			return fmt.Errorf("get usercontext failed, %v", err)
 		}
@@ -185,7 +185,7 @@ func (h *MetricHandler) Action(actionName string, action *types.Action, apiConte
 			return fmt.Errorf("clusterName is empty")
 		}
 
-		userContext, err := h.clustermanager.UserContext(clusterName)
+		userContext, err := h.clustermanager.UserContextNoControllers(clusterName)
 		if err != nil {
 			return fmt.Errorf("get usercontext failed, %v", err)
 		}
diff --git a/pkg/api/norman/customization/monitor/project_graph_action.go b/pkg/api/norman/customization/monitor/project_graph_action.go
@@ -58,7 +58,7 @@ func (h *ProjectGraphHandler) QuerySeriesAction(actionName string, action *types
 	}
 
 	clusterName := inputParser.ClusterName
-	userContext, err := h.clustermanager.UserContext(clusterName)
+	userContext, err := h.clustermanager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return fmt.Errorf("get usercontext failed, %v", err)
 	}
diff --git a/pkg/api/norman/customization/namespace/link.go b/pkg/api/norman/customization/namespace/link.go
@@ -50,7 +50,7 @@ func (s *yamlLinkHandler) LinkHandler(apiContext *types.APIContext, next types.R
 
 	clusterName := s.clusterManagement.ClusterName(apiContext)
 
-	userContext, err := s.clusterManagement.UserContext(clusterName)
+	userContext, err := s.clusterManagement.UserContextNoControllers(clusterName)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/norman/customization/namespace/namespace.go b/pkg/api/norman/customization/namespace/namespace.go
@@ -74,7 +74,7 @@ func (w ActionWrapper) ActionHandler(actionName string, action *types.Action, ap
 	case "move":
 		clusterID := w.ClusterManager.ClusterName(apiContext)
 		_, projectID := ref.Parse(convert.ToString(actionInput["projectId"]))
-		userContext, err := w.ClusterManager.UserContext(clusterID)
+		userContext, err := w.ClusterManager.UserContextNoControllers(clusterID)
 		if err != nil {
 			if !kerrors.IsNotFound(err) {
 				return err
diff --git a/pkg/api/norman/customization/persistentvolumeclaim/validator.go b/pkg/api/norman/customization/persistentvolumeclaim/validator.go
@@ -17,7 +17,7 @@ type Validator struct {
 
 func (v *Validator) Validator(request *types.APIContext, schema *types.Schema, data map[string]interface{}) error {
 	clusterName := v.ClusterManager.ClusterName(request)
-	c, err := v.ClusterManager.UserContext(clusterName)
+	c, err := v.ClusterManager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/norman/customization/pipeline/pipeline_execution_log.go b/pkg/api/norman/customization/pipeline/pipeline_execution_log.go
@@ -50,7 +50,7 @@ func (h *ExecutionHandler) handleLog(apiContext *types.APIContext) error {
 		return err
 	}
 	clusterName, _ := ref.Parse(execution.Spec.ProjectName)
-	userContext, err := h.ClusterManager.UserContext(clusterName)
+	userContext, err := h.ClusterManager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/api/norman/customization/workload/workload.go b/pkg/api/norman/customization/workload/workload.go
@@ -74,7 +74,7 @@ func (a *Config) ActionHandler(actionName string, action *types.Action, apiConte
 		if clusterName == "" {
 			return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("Cluster name empty %s", deployment.ID))
 		}
-		clusterContext, err := a.ClusterManager.UserContext(clusterName)
+		clusterContext, err := a.ClusterManager.UserContextNoControllers(clusterName)
 		if err != nil {
 			return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("Error getting cluster context %s", deployment.ID))
 		}
@@ -190,13 +190,9 @@ func (a *Config) rollbackDeployment(apiContext *types.APIContext, clusterContext
 			return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("Invalid ReplicaSet %s", rollbackInput.ReplicaSetID))
 		}
 		replicaNamespace, replicaName := split[1], split[2]
-		rs, err := clusterContext.Apps.ReplicaSets("").Controller().Lister().Get(replicaNamespace, replicaName)
+		rs, err := clusterContext.Apps.ReplicaSets("").GetNamespaced(replicaNamespace, replicaName, v1.GetOptions{})
 		if err != nil {
-			logrus.Debugf("ReplicaSet not found in cache, fetching from etcd")
-			rs, err = clusterContext.Apps.ReplicaSets("").GetNamespaced(replicaNamespace, replicaName, v1.GetOptions{})
-			if err != nil {
-				return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("ReplicaSet %s not found for deployment %s", rollbackInput.ReplicaSetID, deployment.ID))
-			}
+			return httperror.NewAPIError(httperror.ServerError, fmt.Sprintf("ReplicaSet %s not found for deployment %s", rollbackInput.ReplicaSetID, deployment.ID))
 		}
 		toUpdateDepl := depl.DeepCopy()
 		toUpdateDepl.Spec.Template.Spec = rs.Spec.Template.Spec
diff --git a/pkg/api/norman/store/apiservice/filter.go b/pkg/api/norman/store/apiservice/filter.go
@@ -8,6 +8,7 @@ import (
 	"github.com/rancher/rancher/pkg/clustermanager"
 	apiregistrationv1 "github.com/rancher/rancher/pkg/generated/norman/apiregistration.k8s.io/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 type noWatchByAPIServiceStore struct {
@@ -29,25 +30,25 @@ func NewAPIServicFilterStoreFunc(cm *clustermanager.Manager, apiVersion string)
 func (s *noWatchByAPIServiceStore) Watch(apiContext *types.APIContext, schema *types.Schema, opt *types.QueryOptions) (chan map[string]interface{}, error) {
 	clustername := s.manager.ClusterName(apiContext)
 	versionName := getAPIVersionName(s.version)
-	lister, err := s.getAPIServiceLister(clustername)
+	apiServiceClient, err := s.getAPIServiceClient(clustername)
 	if err != nil {
-		return nil, errors.Wrapf(err, "failed to get api service lister in cluster %s", clustername)
+		return nil, errors.Wrapf(err, "failed to get api service client in cluster %s", clustername)
 	}
-	if _, err := lister.Get("", versionName); err != nil {
+	if _, err := apiServiceClient.Get(versionName, metav1.GetOptions{}); err != nil {
 		if !apierrors.IsNotFound(err) {
-			return nil, errors.Wrapf(err, "failed to get apiservice %s from lister in cluster %s", versionName, clustername)
+			return nil, errors.Wrapf(err, "failed to get apiservice %s from client in cluster %s", versionName, clustername)
 		}
 		return nil, nil
 	}
 	return s.Store.Watch(apiContext, schema, opt)
 }
 
-func (s *noWatchByAPIServiceStore) getAPIServiceLister(clusterName string) (apiregistrationv1.APIServiceLister, error) {
-	userContext, err := s.manager.UserContext(clusterName)
+func (s *noWatchByAPIServiceStore) getAPIServiceClient(clusterName string) (apiregistrationv1.APIServiceInterface, error) {
+	userContext, err := s.manager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return nil, err
 	}
-	return userContext.APIAggregation.APIServices("").Controller().Lister(), nil
+	return userContext.APIAggregation.APIServices(""), nil
 }
 
 func getAPIVersionName(version string) string {
diff --git a/pkg/clustermanager/manager.go b/pkg/clustermanager/manager.go
@@ -62,11 +62,11 @@ type record struct {
 	cancel        context.CancelFunc
 }
 
-func NewManager(httpsPort int, context *config.ScaledContext, rbacControllers rbacv1.Interface, asl accesscontrol.AccessSetLookup) *Manager {
+func NewManager(httpsPort int, context *config.ScaledContext, asl accesscontrol.AccessSetLookup) *Manager {
 	return &Manager{
 		httpsPort:     httpsPort,
 		ScaledContext: context,
-		accessControl: rbac.NewAccessControlWithASL("", rbacControllers, asl),
+		accessControl: rbac.NewAccessControlWithASL("", asl),
 		clusterLister: context.Management.Clusters("").Controller().Lister(),
 		clusters:      context.Management.Clusters(""),
 		startSem:      semaphore.NewWeighted(int64(settings.ClusterControllerStartCount.GetInt())),
@@ -447,6 +447,20 @@ func (m *Manager) APIExtClient(apiContext *types.APIContext, storageContext type
 	return m.ScaledContext.APIExtClient, nil
 }
 
+// UserContextNoControllers accepts a cluster name and returns a client for that cluster,
+// no controllers are started for that cluster in the process.
+func (m *Manager) UserContextNoControllers(clusterName string) (*config.UserContext, error) {
+	cluster, err := m.clusterLister.Get("", clusterName)
+	if err != nil {
+		return nil, err
+	}
+	ctx, err := m.UserContextFromCluster(cluster)
+	if ctx == nil && err == nil {
+		return nil, fmt.Errorf("cluster context %s is unavaiblable", clusterName)
+	}
+	return ctx, err
+}
+
 // UserContext accepts a cluster name and returns a client for that cluster,
 // starting all controllers for that cluster in the process.
 func (m *Manager) UserContext(clusterName string) (*config.UserContext, error) {
@@ -565,7 +579,7 @@ func (m *Manager) GetHTTPSPort() int {
 
 func (m *Manager) SubjectAccessReviewForCluster(req *http.Request) (authv1.SubjectAccessReviewInterface, error) {
 	clusterID := clusterrouter.GetClusterID(req)
-	userContext, err := m.UserContext(clusterID)
+	userContext, err := m.UserContextNoControllers(clusterID)
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/controllers/management/auth/user.go b/pkg/controllers/management/auth/user.go
@@ -369,7 +369,7 @@ func (l *userLifecycle) deleteClusterUserAttributes(username string, tokens []*v
 	}
 
 	for _, cluster := range set {
-		userCtx, err := l.clusterManager.UserContext(cluster.Name)
+		userCtx, err := l.clusterManager.UserContextNoControllers(cluster.Name)
 		if err != nil {
 			return err
 		}
diff --git a/pkg/controllers/management/clusterdeploy/clusterdeploy.go b/pkg/controllers/management/clusterdeploy/clusterdeploy.go
@@ -445,7 +445,7 @@ func (cd *clusterDeploy) getYAML(cluster *v3.Cluster, agentImage, authImage stri
 }
 
 func (cd *clusterDeploy) getClusterAgentImage(name string) (string, error) {
-	uc, err := cd.clusterManager.UserContext(name)
+	uc, err := cd.clusterManager.UserContextNoControllers(name)
 	if err != nil {
 		return "", err
 	}
@@ -468,7 +468,7 @@ func (cd *clusterDeploy) getClusterAgentImage(name string) (string, error) {
 }
 
 func (cd *clusterDeploy) getNodeAgentImage(name string) (string, error) {
-	uc, err := cd.clusterManager.UserContext(name)
+	uc, err := cd.clusterManager.UserContextNoControllers(name)
 	if err != nil {
 		return "", err
 	}
diff --git a/pkg/controllers/management/clusterstats/statsaggregator.go b/pkg/controllers/management/clusterstats/statsaggregator.go
@@ -172,7 +172,7 @@ func (s *StatsAggregator) aggregate(cluster *v3.Cluster, clusterName string) err
 
 func (s *StatsAggregator) updateVersion(cluster *v3.Cluster) bool {
 	updated := false
-	userContext, err := s.ClusterManager.UserContext(cluster.Name)
+	userContext, err := s.ClusterManager.UserContextNoControllers(cluster.Name)
 	if err == nil {
 		callWithTimeout(func() {
 			// This has the tendency to timeout
diff --git a/pkg/controllers/management/k3sbasedupgrade/deployPlans.go b/pkg/controllers/management/k3sbasedupgrade/deployPlans.go
@@ -43,7 +43,7 @@ func (h *handler) deployPlans(cluster *v3.Cluster, isK3s, isRke2 bool) error {
 		strategy = cluster.Spec.K3sConfig.ClusterUpgradeStrategy
 	}
 	// access downstream cluster
-	clusterCtx, err := h.manager.UserContext(cluster.Name)
+	clusterCtx, err := h.manager.UserContextNoControllers(cluster.Name)
 	if err != nil {
 		return err
 
diff --git a/pkg/controllers/management/k3sbasedupgrade/k3sbased_upgrade_handler.go b/pkg/controllers/management/k3sbasedupgrade/k3sbased_upgrade_handler.go
@@ -95,7 +95,7 @@ func (h *handler) onClusterChange(key string, cluster *v3.Cluster) (*v3.Cluster,
 // deployK3sBaseUpgradeController creates a rancher k3s/rke2 upgrader controller if one does not exist.
 // Updates k3s upgrader controller if one exists and is not the newest available version.
 func (h *handler) deployK3sBasedUpgradeController(clusterName string, isK3s, isRke2 bool) error {
-	userCtx, err := h.manager.UserContext(clusterName)
+	userCtx, err := h.manager.UserContextNoControllers(clusterName)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/controllers/managementuserlegacy/logging/deployer/appdeployer.go b/pkg/controllers/managementuserlegacy/logging/deployer/appdeployer.go
@@ -34,6 +34,7 @@ type AppDeployer struct {
 	AppsLister projectv3.AppLister
 	Namespaces v1.NamespaceInterface
 	PodLister  v1.PodLister
+	Pods       v1.PodInterface
 }
 
 func (d *AppDeployer) initNamespace(name string) error {
@@ -123,17 +124,33 @@ func (d *AppDeployer) isDeploySuccess(targetNamespace string, selector map[strin
 	for {
 		select {
 		case <-ticker.C:
-			pods, err := d.PodLister.List(targetNamespace, labels.Set(selector).AsSelector())
-			if err != nil {
-				return errors.Wrap(err, "list pods failed in check app deploy")
-			}
-
-			for _, pod := range pods {
-				switch pod.Status.Phase {
-				case k8scorev1.PodFailed:
-					return errors.New("get failed status from pod, please the check logs for " + pod.Namespace + ":" + pod.Name)
-				case k8scorev1.PodRunning, k8scorev1.PodSucceeded:
-					return nil
+			if d.PodLister == nil {
+				pods, err := d.Pods.ListNamespaced(targetNamespace, metav1.ListOptions{
+					LabelSelector: labels.Set(selector).AsSelector().String(),
+				})
+				if err != nil {
+					return errors.Wrap(err, "list pods failed in check app deploy")
+				}
+				for _, pod := range pods.Items {
+					switch pod.Status.Phase {
+					case k8scorev1.PodFailed:
+						return errors.New("get failed status from pod, please the check logs for " + pod.Namespace + ":" + pod.Name)
+					case k8scorev1.PodRunning, k8scorev1.PodSucceeded:
+						return nil
+					}
+				}
+			} else {
+				pods, err := d.PodLister.List(targetNamespace, labels.Set(selector).AsSelector())
+				if err != nil {
+					return errors.Wrap(err, "list pods failed in check app deploy")
+				}
+				for _, pod := range pods {
+					switch pod.Status.Phase {
+					case k8scorev1.PodFailed:
+						return errors.New("get failed status from pod, please the check logs for " + pod.Namespace + ":" + pod.Name)
+					case k8scorev1.PodRunning, k8scorev1.PodSucceeded:
+						return nil
+					}
 				}
 			}
 
diff --git a/pkg/controllers/managementuserlegacy/logging/deployer/testerdeployer.go b/pkg/controllers/managementuserlegacy/logging/deployer/testerdeployer.go
@@ -27,12 +27,12 @@ type TesterDeployer struct {
 	systemAccountManager *systemaccount.Manager
 }
 
-func NewTesterDeployer(mgmtCtx *config.ManagementContext, appsGetter projectv3.AppsGetter, appLister projectv3.AppLister, projectLister mgmtv3.ProjectLister, podLister v1.PodLister, projectLoggingLister mgmtv3.ProjectLoggingLister, namespaces v1.NamespaceInterface, templateLister mgmtv3.CatalogTemplateLister) *TesterDeployer {
+func NewTesterDeployer(mgmtCtx *config.ManagementContext, appsGetter projectv3.AppsGetter, appLister projectv3.AppLister, projectLister mgmtv3.ProjectLister, pods v1.PodInterface, projectLoggingLister mgmtv3.ProjectLoggingLister, namespaces v1.NamespaceInterface, templateLister mgmtv3.CatalogTemplateLister) *TesterDeployer {
 	appDeployer := &AppDeployer{
 		AppsGetter: appsGetter,
 		AppsLister: appLister,
 		Namespaces: namespaces,
-		PodLister:  podLister,
+		Pods:       pods,
 	}
 
 	return &TesterDeployer{
diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go
diff --git a/pkg/multiclustermanager/app.go b/pkg/multiclustermanager/app.go
diff --git a/pkg/multiclustermanager/deferred.go b/pkg/multiclustermanager/deferred.go
diff --git a/pkg/pipeline/engine/engine.go b/pkg/pipeline/engine/engine.go
diff --git a/pkg/pipeline/engine/jenkins/engine.go b/pkg/pipeline/engine/jenkins/engine.go
diff --git a/pkg/pipeline/engine/jenkins/minio.go b/pkg/pipeline/engine/jenkins/minio.go
diff --git a/pkg/rbac/access_control.go b/pkg/rbac/access_control.go

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ func (a ActionHandler) GenerateKubeconfigActionHandler(actionName string, action`
`65`	`65`
`66`	`66`	`if endpointEnabled {`
`67`	`67`	`clusterName := apiContext.ID`
`68`		`- clusterClient, err := a.ClusterManager.UserContext(clusterName)`
	`68`	`+ clusterClient, err := a.ClusterManager.UserContextNoControllers(clusterName)`
`69`	`69`	`if err != nil {`
`70`	`70`	`return err`
`71`	`71`	`}`
Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,7 @@ func (a ActionHandler) processYAML(apiContext *types.APIContext, clusterName, pr`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`func (a ActionHandler) findOrCreateProjectNamespaces(apiContext *types.APIContext, namespaces []string, clusterName, projectName string) (corev1.NamespaceInterface, error) {`
`181`		`- userCtx, err := a.ClusterManager.UserContext(clusterName)`
	`181`	`+ userCtx, err := a.ClusterManager.UserContextNoControllers(clusterName)`
`182`	`182`	`if err != nil {`
`183`	`183`	`return nil, err`
`184`	`184`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ type ShellLinkHandler struct {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`func (s ShellLinkHandler) LinkHandler(apiContext types.APIContext, next types.RequestHandler) error {`
`28`		`- context, err := s.ClusterManager.UserContext(apiContext.ID)`
	`28`	`+ context, err := s.ClusterManager.UserContextNoControllers(apiContext.ID)`
`29`	`29`	`if err != nil {`
`30`	`30`	`return err`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ func (h Handler) LinkHandler(apiContext *types.APIContext, next types.RequestHan`
`90`	`90`
`91`	`91`	`clusterID, clusterScanID := ref.Parse(cs["id"].(string))`
`92`	`92`
`93`		`- clusterContext, err := h.ClusterManager.UserContext(clusterID)`
	`93`	`+ clusterContext, err := h.ClusterManager.UserContextNoControllers(clusterID)`
`94`	`94`	`if err != nil {`
`95`	`95`	`return err`
`96`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ func (h ClusterGraphHandler) QuerySeriesAction(actionName string, action types`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`clusterName := inputParser.ClusterName`
`69`		`- userContext, err := h.clustermanager.UserContext(clusterName)`
	`69`	`+ userContext, err := h.clustermanager.UserContextNoControllers(clusterName)`
`70`	`70`	`if err != nil {`
`71`	`71`	`return fmt.Errorf("get usercontext failed, %v", err)`
`72`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -124,18 +124,16 @@ func (p *projectGraphInputParser) parseFilter() error {`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`type authChecker struct {`
`127`		`- ProjectID string`
`128`		`- Input *v32.QueryGraphInput`
`129`		`- UserContext *config.UserContext`
`130`		`- WorkloadController workload.CommonController`
	`127`	`+ ProjectID string`
	`128`	`+ Input *v32.QueryGraphInput`
	`129`	`+ UserContext *config.UserContext`
`131`	`130`	`}`
`132`	`131`
`133`	`132`	`func newAuthChecker(ctx context.Context, userContext config.UserContext, input v32.QueryGraphInput, projectID string) *authChecker {`
`134`	`133`	`return &authChecker{`
`135`		`- ProjectID: projectID,`
`136`		`- Input: input,`
`137`		`- UserContext: userContext,`
`138`		`- WorkloadController: workload.NewWorkloadController(ctx, userContext.UserOnlyContext(), nil),`
	`134`	`+ ProjectID: projectID,`
	`135`	`+ Input: input,`
	`136`	`+ UserContext: userContext,`
`139`	`137`	`}`
`140`	`138`	`}`
`141`	`139`
Original file line number	Diff line number	Diff line change
`@@ -82,7 +82,7 @@ func (h MetricHandler) Action(actionName string, action types.Action, apiConte`
`82`	`82`	`return err`
`83`	`83`	`}`
`84`	`84`
`85`		`- userContext, err := h.clustermanager.UserContext(clusterName)`
	`85`	`+ userContext, err := h.clustermanager.UserContextNoControllers(clusterName)`
`86`	`86`	`if err != nil {`
`87`	`87`	`return fmt.Errorf("get usercontext failed, %v", err)`
`88`	`88`	`}`
`@@ -137,7 +137,7 @@ func (h MetricHandler) Action(actionName string, action types.Action, apiConte`
`137`	`137`	`return fmt.Errorf("clusterName is empty")`
`138`	`138`	`}`
`139`	`139`
`140`		`- userContext, err := h.clustermanager.UserContext(clusterName)`
	`140`	`+ userContext, err := h.clustermanager.UserContextNoControllers(clusterName)`
`141`	`141`	`if err != nil {`
`142`	`142`	`return fmt.Errorf("get usercontext failed, %v", err)`
`143`	`143`	`}`
`@@ -185,7 +185,7 @@ func (h MetricHandler) Action(actionName string, action types.Action, apiConte`
`185`	`185`	`return fmt.Errorf("clusterName is empty")`
`186`	`186`	`}`
`187`	`187`
`188`		`- userContext, err := h.clustermanager.UserContext(clusterName)`
	`188`	`+ userContext, err := h.clustermanager.UserContextNoControllers(clusterName)`
`189`	`189`	`if err != nil {`
`190`	`190`	`return fmt.Errorf("get usercontext failed, %v", err)`
`191`	`191`	`}`
Original file line number	Diff line number	Diff line change
`@@ -58,7 +58,7 @@ func (h ProjectGraphHandler) QuerySeriesAction(actionName string, action types`
`58`	`58`	`}`
`59`	`59`
`60`	`60`	`clusterName := inputParser.ClusterName`
`61`		`- userContext, err := h.clustermanager.UserContext(clusterName)`
	`61`	`+ userContext, err := h.clustermanager.UserContextNoControllers(clusterName)`
`62`	`62`	`if err != nil {`
`63`	`63`	`return fmt.Errorf("get usercontext failed, %v", err)`
`64`	`64`	`}`
Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ func (s yamlLinkHandler) LinkHandler(apiContext types.APIContext, next types.R`
`50`	`50`
`51`	`51`	`clusterName := s.clusterManagement.ClusterName(apiContext)`
`52`	`52`
`53`		`- userContext, err := s.clusterManagement.UserContext(clusterName)`
	`53`	`+ userContext, err := s.clusterManagement.UserContextNoControllers(clusterName)`
`54`	`54`	`if err != nil {`
`55`	`55`	`return err`
`56`	`56`	`}`