Skip to content

Commit

Permalink
Merge pull request #3060 from josefkarasek/bz1587807-archive-link
Browse files Browse the repository at this point in the history 
 Fix wrong 'archiveLink' for operations user
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot authored Sep 4, 2018
2 parents e83dbde + 40e9714 commit 926f65e
Show file tree
Hide file tree
Showing 8 changed files with 241 additions and 171 deletions.
1 change: 1 addition & 0 deletions app/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ <h1>JavaScript Required</h1>
<script src="scripts/services/shims/hawtioExtension.js"></script>
<script src="scripts/services/browserStore.js"></script>
<script src="scripts/services/discovery.js"></script>
<script src="scripts/services/aggregatedLoggingService.js"></script>
<script src="scripts/services/applicationGenerator.js"></script>
<script src="scripts/services/navigate.js"></script>
<script src="scripts/services/nameGenerator.js"></script>
Expand Down
29 changes: 17 additions & 12 deletions app/scripts/directives/logViewer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,10 @@ angular.module('openshiftConsole')
'$window',
'$filter',
'$q',
'AuthService',
'AggregatedLoggingService',
'APIService',
'APIDiscovery',
'AuthService',
'DataService',
'HTMLService',
'ModalsService',
Expand All @@ -21,9 +22,10 @@ angular.module('openshiftConsole')
$window,
$filter,
$q,
AuthService,
AggregatedLoggingService,
APIService,
APIDiscovery,
AuthService,
DataService,
HTMLService,
ModalsService,
Expand Down Expand Up @@ -434,16 +436,19 @@ angular.module('openshiftConsole')
if(!(projectName && containerName && name && url)) {
return;
}
$scope.$watchGroup(['context.project.metadata.name', 'options.container', 'name'], function() {
angular.extend($scope, {
kibanaArchiveUrl: $sce.trustAsResourceUrl(logLinks.archiveUri({
baseURL: url,
namespace: $scope.context.project.metadata.name,
namespaceUid: $scope.context.project.metadata.uid,
podname: name,
containername: $scope.options.container,
backlink: URI.encode($window.location.href)
}, $filter('annotation')($scope.context.project,'loggingDataPrefix')))

AggregatedLoggingService.isOperationsUser().then(function(canViewOperationsLogs) {
$scope.$watchGroup(['context.project.metadata.name', 'options.container', 'name'], function() {
angular.extend($scope, {
kibanaArchiveUrl: logLinks.archiveUri({
baseURL: url,
namespace: $scope.context.project.metadata.name,
namespaceUid: $scope.context.project.metadata.uid,
podname: name,
containername: $scope.options.container,
backlink: URI.encode($window.location.href)
}, $filter('annotation')($scope.context.project,'loggingDataPrefix'), canViewOperationsLogs)
});
});
});
});
Expand Down
43 changes: 43 additions & 0 deletions app/scripts/services/aggregatedLoggingService.js
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
'use strict';

angular.module("openshiftConsole")
.factory("AggregatedLoggingService", function($q, Logger, DataService) {

// cache previous request
var userAllowed;

// Create SelfSubjectAccessReview request againt authorization API to check whether
// current user can view pods/log from 'default' project.
// Users who can view such logs are 'operations' users
var isOperationsUser = function() {
if (userAllowed !== undefined) {
// Using cached data.
Logger.log("AggregatedLoggingService, using cached user");
return $q.when(userAllowed);
}
Logger.log("AggregatedLoggingService, loading whether user is Operations user");
var ssar = {
apiVersion: 'authorization.k8s.io/v1',
kind: 'SelfSubjectAccessReview',
spec: {
resourceAttributes: {
resource: 'pods/log',
namespace: 'default',
verb: 'view'
}
}
};
return DataService.create({ group: 'authorization.k8s.io', version: 'v1', resource: 'selfsubjectaccessreviews'},
null, ssar, {namespace: 'default'}).then(
function(data) {
userAllowed = data.status.allowed;
return userAllowed;
}, function() {
return false;
});
};

return {
isOperationsUser: isOperationsUser
};
});
5 changes: 4 additions & 1 deletion app/scripts/services/logLinks.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,10 @@ angular.module('openshiftConsole')
].join(''));


var archiveUri = function(opts, prefix) {
var archiveUri = function(opts, prefix, canViewOperationsLogs) {
if(canViewOperationsLogs && (!prefix || prefix.startsWith('project.'))) {
prefix = 'project';
}
prefix = prefix || 'project.' + opts.namespace + '.' + opts.namespaceUid;
opts.index = prefix + '.*';

Expand Down
12 changes: 2 additions & 10 deletions app/views/directives/logs/_log-viewer.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,16 +47,8 @@ <h2>Logs are not available.</h2>
{{emptyStateMessage}}
</p>

<div ng-if="kibanaAuthUrl">
<form
action="{{kibanaAuthUrl}}"
method="POST">
<input type="hidden" name="redirect" value="{{kibanaArchiveUrl}}">
<input type="hidden" name="access_token" value="{{access_token}}">
<button class="btn btn-primary btn-lg">
View Archive
</button>
</form>
<div ng-if="kibanaArchiveUrl">
<a href="{{kibanaArchiveUrl}}">View Archive</a>
</div>
</div>

Expand Down
Loading

0 comments on commit 926f65e

Please sign in to comment.