Skip to content

Commit

Permalink
Update proto var name and remove unused fields
Browse files Browse the repository at this point in the history
  • Loading branch information
@kimlisa
kimlisa committed Oct 16, 2024
1 parent d27f5f6 commit 415537c
Show file tree
Hide file tree
Showing 8 changed files with 2,002 additions and 2,087 deletions.
17 changes: 9 additions & 8 deletions api/proto/teleport/legacy/types/types.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2649,8 +2649,9 @@ message AccessCapabilities {
// AutoRequest indicates whether the request strategy indicates that a
// request should be automatically generated on login.
bool AutoRequest = 6 [(gogoproto.jsontag) = "auto_request,omitempty"];
// RequestMode defines what resource kinds a user can request for applicable resources.
AccessRequestMode RequestMode = 7 [(gogoproto.jsontag) = "request_mode,omitempty"];

reserved 7; // removed and not required anymore
reserved "RequestMode";
}

// AccessCapabilitiesRequest encodes parameters for the GetAccessCapabilities method.
Expand Down Expand Up @@ -2682,15 +2683,15 @@ message AccessCapabilitiesRequest {
// in access request mode settings.
// Modeled after existing message KubernetesResource.
message RequestModeKubernetesResource {
// Kind specifies the Kubernetes Resource type.
string Kind = 1 [(gogoproto.jsontag) = "kind,omitempty"];
// kind specifies the Kubernetes Resource type.
string kind = 1 [(gogoproto.jsontag) = "kind,omitempty"];
}

// AccessRequestMode describes request mode settings for applicable resources.
message AccessRequestMode {
// KubernetesResources defines which Kubernetes subresources a user can
// kubernetes_resources defines which Kubernetes subresources a user can
// request during request creation.
repeated RequestModeKubernetesResource KubernetesResources = 1 [
repeated RequestModeKubernetesResource kubernetes_resources = 1 [
(gogoproto.nullable) = false,
(gogoproto.jsontag) = "kubernetes_resources,omitempty"
];
Expand Down Expand Up @@ -3047,12 +3048,12 @@ message RoleOptions {
// CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.
string CreateHostUserDefaultShell = 31 [(gogoproto.jsontag) = "create_host_user_default_shell,omitempty"];

// RequestMode optionally allows admins to define a create request mode for applicable resources.
// request_mode optionally allows admins to define a create request mode for applicable resources.
// It can enforce a requester to request only certain kinds of resources.
// Eg: Users can make request to either a resource kind "kube_cluster" or any of its
// subresources like "namespaces". The mode can be defined such that it prevents a user
// from requesting "kube_cluster" and enforce requesting any of its subresources.
AccessRequestMode RequestMode = 32 [(gogoproto.jsontag) = "request_mode,omitempty"];
AccessRequestMode request_mode = 32 [(gogoproto.jsontag) = "request_mode,omitempty"];
}

message RecordSession {
Expand Down
4,036 changes: 1,991 additions & 2,045 deletions api/types/types.pb.go
View file

Large diffs are not rendered by default.

5 changes: 2 additions & 3 deletions lib/web/apiserver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1199,9 +1199,8 @@ func (h *Handler) getUserContext(w http.ResponseWriter, r *http.Request, p httpr
}

userContext.AccessCapabilities = ui.AccessCapabilities{
RequestableRoles: res.RequestableRoles,
SuggestedReviewers: res.SuggestedReviewers,
RequestMode: ui.RequestMode{KubernetesResources: res.RequestMode.KubernetesResources},
RequestableRoles: res.RequestableRoles,
SuggestedReviewers: res.SuggestedReviewers,
}

userContext.AllowedSearchAsRoles = accessChecker.GetAllowedSearchAsRoles()
Expand Down
9 changes: 0 additions & 9 deletions lib/web/ui/usercontext.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,21 +33,12 @@ type accessStrategy struct {
Prompt string `json:"prompt"`
}

// RequestMode defines access request mode for specific resources.
type RequestMode struct {
// KubernetesResources contains a list of allowed Kubernetes resources
// defined by its "kind" field, that a requester is allowed to request.
KubernetesResources []types.RequestModeKubernetesResource `json:"kubernetesResources"`
}

// AccessCapabilities defines allowable access request rules defined in a user's roles.
type AccessCapabilities struct {
// RequestableRoles is a list of roles that the user can select when requesting access.
RequestableRoles []string `json:"requestableRoles"`
// SuggestedReviewers is a list of reviewers that the user can select when creating a request.
SuggestedReviewers []string `json:"suggestedReviewers"`
// RequestMode defines access request mode for specific resources.
RequestMode RequestMode `json:"requestMode"`
}

type authType string
Expand Down
3 changes: 0 additions & 3 deletions web/packages/teleport/src/services/user/makeUserContext.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,9 +54,6 @@ function makeAccessCapabilities(json): AccessCapabilities {
return {
requestableRoles: json.requestableRoles || [],
suggestedReviewers: json.suggestedReviewers || [],
requestMode: {
kubernetesResources: json.requestMode?.kubernetesResources || [],
},
};
}

Expand Down
11 changes: 0 additions & 11 deletions web/packages/teleport/src/services/user/types.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,27 +18,16 @@

import { Cluster } from 'teleport/services/clusters';

import { KubeResourceKind } from '../kube';

export type AuthType = 'local' | 'sso' | 'passwordless';

export interface AccessStrategy {
type: 'optional' | 'always' | 'reason';
prompt: string;
}

interface RequestModeKubeResource {
kind: KubeResourceKind;
}

interface AccessRequestMode {
kubernetesResources: RequestModeKubeResource[];
}

export interface AccessCapabilities {
requestableRoles: string[];
suggestedReviewers: string[];
requestMode: AccessRequestMode;
}

export interface UserContext {
Expand Down
1 change: 0 additions & 1 deletion web/packages/teleport/src/services/user/user.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,6 @@ test('undefined values in context response gives proper default values', async (
accessCapabilities: {
requestableRoles: [],
suggestedReviewers: [],
requestMode: { kubernetesResources: [] },
},
allowedSearchAsRoles: [],
passwordState: PasswordState.PASSWORD_STATE_UNSPECIFIED,
Expand Down
7 changes: 0 additions & 7 deletions web/packages/teleport/src/stores/storeUserContext.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import { Store } from 'shared/libs/stores';

import cfg from 'teleport/config';
import { KubeResourceKind } from 'teleport/services/kube';

import { UserContext } from 'teleport/services/user';

Expand Down Expand Up @@ -74,12 +73,6 @@ export default class StoreUserContext extends Store<UserContext> {
return this.state.acl.kubeServers;
}

getAllowedKubeSubresourceKinds(): KubeResourceKind[] {
const kubeResources =
this.state.accessCapabilities.requestMode.kubernetesResources;
return kubeResources.map(kubeResource => kubeResource.kind);
}

getTokenAccess() {
return this.state.acl.tokens;
}
Expand Down

0 comments on commit 415537c

Please sign in to comment.