feat(k8s/resource-pool): add the ability to mark/unmark resource pool as system (#5360)

* feat(k8s/resource-pool): add the ability to mark/unmark resource pool as system fix(kube/ns): check label to see if namespace is system refactor(k8s/namespaces): rename variables feat(kubernetes): toggle system state in the server (#5361) fix(app/resource-pool): UI fixes feat(app/resource-pool): add confirmation modal when unamrking system namespace * refactor(app): review changes * feat(app/namespaces): introduce store to retrieve namespace system status without changing all the kubernetes models refactor(app/namespaces): remove unused code first introduced for system tagging fix(app/namespaces): cache namespaces to retrieve system status regardless of namespace reference format refactor(app): migrate namespace store from helper to a separate singleton refactor(app): remove KubernetesNamespaceHelper from DI cycle * refactor(app): normalize usage of KubernetesNamespaceHelper functions * refactor(app/k8s): change namespace store to functions instead of class Co-authored-by: LP B <xAt0mZ@users.noreply.github.com>
2025-07-22 23:09:41 +02:00 · 2021-08-26 17:00:59 +03:00 · 2021-08-26 17:00:59 +03:00 · 1830a80a61
commit 1830a80a61
parent 5ab98f41f1
45 changed files with 675 additions and 154 deletions
--- a/api/http/handler/kubernetes/handler.go
+++ b/api/http/handler/kubernetes/handler.go
@ -1,28 +1,68 @@
 package kubernetes

 import (
+	"errors"
 	"net/http"

 	"github.com/gorilla/mux"
 	httperror "github.com/portainer/libhttp/error"
 	portainer "github.com/portainer/portainer/api"
+	"github.com/portainer/portainer/api/http/middlewares"
 	"github.com/portainer/portainer/api/http/security"
+	"github.com/portainer/portainer/api/internal/authorization"
+	"github.com/portainer/portainer/api/internal/endpointutils"
 	"github.com/portainer/portainer/api/kubernetes/cli"
 )

 // Handler is the HTTP handler which will natively deal with to external endpoints.
 type Handler struct {
 	*mux.Router
-	DataStore               portainer.DataStore
-	KubernetesClientFactory *cli.ClientFactory
+	dataStore               portainer.DataStore
+	kubernetesClientFactory *cli.ClientFactory
+	authorizationService    *authorization.Service
 }

 // NewHandler creates a handler to process pre-proxied requests to external APIs.
-func NewHandler(bouncer *security.RequestBouncer) *Handler {
+func NewHandler(bouncer *security.RequestBouncer, authorizationService *authorization.Service, dataStore portainer.DataStore, kubernetesClientFactory *cli.ClientFactory) *Handler {
 	h := &Handler{
-		Router: mux.NewRouter(),
+		Router:                  mux.NewRouter(),
+		dataStore:               dataStore,
+		kubernetesClientFactory: kubernetesClientFactory,
+		authorizationService:    authorizationService,
 	}
-	h.PathPrefix("/kubernetes/{id}/config").Handler(
+
+	kubeRouter := h.PathPrefix("/kubernetes/{id}").Subrouter()
+
+	kubeRouter.Use(bouncer.AuthenticatedAccess)
+	kubeRouter.Use(middlewares.WithEndpoint(dataStore.Endpoint(), "id"))
+	kubeRouter.Use(kubeOnlyMiddleware)
+
+	kubeRouter.PathPrefix("/config").Handler(
 		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.getKubernetesConfig))).Methods(http.MethodGet)
+
+	// namespaces
+	// in the future this piece of code might be in another package (or a few different packages - namespaces/namespace?)
+	// to keep it simple, we've decided to leave it like this.
+	namespaceRouter := kubeRouter.PathPrefix("/namespaces/{namespace}").Subrouter()
+	namespaceRouter.Handle("/system", bouncer.RestrictedAccess(httperror.LoggerHandler(h.namespacesToggleSystem))).Methods(http.MethodPut)
+
 	return h
 }
+
+func kubeOnlyMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(rw http.ResponseWriter, request *http.Request) {
+		endpoint, err := middlewares.FetchEndpoint(request)
+		if err != nil {
+			httperror.WriteError(rw, http.StatusInternalServerError, "Unable to find an endpoint on request context", err)
+			return
+		}
+
+		if !endpointutils.IsKubernetesEndpoint(endpoint) {
+			errMessage := "Endpoint is not a kubernetes endpoint"
+			httperror.WriteError(rw, http.StatusBadRequest, errMessage, errors.New(errMessage))
+			return
+		}
+
+		next.ServeHTTP(rw, request)
+	})
+}