Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Namespace completion: don't list if don't have permission to #181

Merged
merged 4 commits into from
Apr 12, 2024
Merged

Namespace completion: don't list if don't have permission to #181

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d17c45b
Namespace completion: don't list if don't have permission to
jinnovation Apr 12, 2024
fa86f85
clean up stale code
jinnovation Apr 12, 2024
65438c3
allow injecting prompt
jinnovation Apr 12, 2024
7c91f38
use all args
jinnovation Apr 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/references/changelog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ versioning][semver].
- Changed the default cache expiration time for namespaces from 600 seconds to
**never**, since the set of namespaces in a cluster rarely if ever change. You
can use `kele-cache-namespaces` to force-refresh them as needed.
- Namespace selection now checks whether or not you have permission to list
namespaces from the cluster and falls back to verbatim string when you don't

## 0.4.2

Expand Down
49 changes: 31 additions & 18 deletions kele.el
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -643,6 +643,26 @@ to complete. Returned value may not be up to date."
proxy-status
(propertize ")" 'face 'completions-annotations))))

(cl-defun kele--namespaces-complete (&key context prompt initial-input history)
"Complete input for namespaces in CONTEXT using PROMPT.

If user does not have permission to list namespaces, simply
prompt user for verbatim string.

If CONTEXT is not provided, use the current context."
(let ((ctx (or context (kele-current-context-name))))
(completing-read
(or prompt (format "Namespace (%s): " ctx))
(when (kele--can-i
:resource "namespaces"
:group "core"
:verb 'list
:context ctx)
(-cut kele--resources-complete <> <> <>
:cands (kele--get-namespaces ctx)
:category 'kele-namespace))
nil t initial-input history)))

(cl-defun kele--resources-complete (str pred action &key cands category)
"Complete input for selection of resources.

Expand All @@ -659,12 +679,7 @@ as."
(defun kele-namespace-switch-for-context (context namespace)
"Switch to NAMESPACE for CONTEXT."
(interactive (let ((context (completing-read "Context: " #'kele--contexts-complete)))
(list context
(completing-read (format "Namespace (%s): " context)
(-cut kele--resources-complete <> <> <>
:cands (kele--get-namespaces
context)
:category 'kele-namespace)))))
(list context (kele--namespaces-complete :context context))))
(kele-kubectl-do "config" "set-context" context "--namespace" namespace))

(transient-define-suffix kele-namespace-switch-for-current-context (namespace)
Expand All @@ -681,11 +696,7 @@ as."
(oref transient--prefix scope)
(kele-current-context-name))))
(list
(completing-read
(format "Namespace (%s): " ctx)
(-cut kele--resources-complete <> <> <>
:cands (kele--get-namespaces ctx)
:category 'kele-namespace)))))
(kele--namespaces-complete :context ctx))))
(kele-namespace-switch-for-context
(if (and transient--prefix
(slot-boundp transient--prefix 'scope))
Expand Down Expand Up @@ -1080,6 +1091,7 @@ If CONTEXT is not provided, use the current context."
(progn
(setf (cdr (assoc 'items data)) filtered-items)
data)
;; FIXME: This might send false error if filtered-items ends up being empty
(signal 'error (format "Failed to fetch %s/%s/%s" group version kind)))))

(cl-defun kele--fetch-resource-names (group version kind &key namespace context)
Expand Down Expand Up @@ -1287,12 +1299,11 @@ Assumes that the current Transient prefix's :scope is an alist w/ `context' key.
;; value. If not present (or the scope is not an alist or the scope is not
;; defined), default to current context.
(if-let ((context (alist-get 'context (oref transient--prefix scope))))
(completing-read
prompt
(-cut kele--resources-complete <> <> <>
:cands (kele--get-namespaces context)
:category 'kele-namespace)
nil t initial-input history)
(kele--namespaces-complete
:context context
:prompt prompt
:initial-input initial-input
:history history)
(error "Unexpected nil context in `%s'" (oref transient--prefix command))))

(defclass kele--transient-scope-mutator (transient-option)
Expand Down Expand Up @@ -1611,6 +1622,7 @@ if it's set. Otherwise, prompts user for input."
(kele--get-resource-types-for-context
(kele--get-context-arg)))))

;; TODO: Disable if user does not have permission to get the given resource
(transient-define-suffix kele-get (context namespace group-version kind name)
"Get resource KIND by NAME and display it in a buffer.

Expand Down Expand Up @@ -1782,14 +1794,15 @@ Similar to `kele-dispatch'."
:selected (string-equal ctx ctx-current)))
(kele-context-names))))))

(cl-defun kele--mk-self-subject-access-review (&key resource group (verb 'get))
(cl-defun kele--mk-self-subject-access-review (&key resource group (verb 'get) version)
"Stub out a SelfSubjectAccessReview for GROUP, RESOURCE, and VERB.

Return the resulting SelfSubjectAccessReview in alist form."
`((apiVersion . "authorization.k8s.io/v1")
(kind . "SelfSubjectAccessReview")
(spec . ((resourceAttributes . ((group . ,group)
(resource . ,resource)
(version . ,(or version "*"))
(verb . ,(symbol-name verb))))))))


Expand Down
Loading