fix(kube): improve dashboard load speed [EE-4941] (#8572)

* apply changes from EE

* clear query cache when logging out

* Text transitions in smoother

app/react/kubernetes/namespaces/queries.ts

@@ -3,9 +3,11 @@ import { useQuery } from 'react-query';
 import { EnvironmentId } from '@/react/portainer/environments/types';
 import { error as notifyError } from '@/portainer/services/notifications';
 
-import { getIngresses } from '../ingresses/service';
-
-import { getNamespaces, getNamespace } from './service';
+import {
+  getNamespaces,
+  getNamespace,
+  getSelfSubjectAccessReview,
+} from './service';
 import { Namespaces } from './types';
 
 export function useNamespaces(environmentId: EnvironmentId) {
@@ -13,18 +15,23 @@ export function useNamespaces(environmentId: EnvironmentId) {
     ['environments', environmentId, 'kubernetes', 'namespaces'],
     async () => {
       const namespaces = await getNamespaces(environmentId);
-      const settledNamespacesPromise = await Promise.allSettled(
-        Object.keys(namespaces).map((namespace) =>
-          getIngresses(environmentId, namespace).then(() => namespace)
+      const namespaceNames = Object.keys(namespaces);
+      // use seflsubjectaccess reviews to avoid forbidden requests
+      const allNamespaceAccessReviews = await Promise.all(
+        namespaceNames.map((namespaceName) =>
+          getSelfSubjectAccessReview(environmentId, namespaceName)
         )
       );
-      const ns: Namespaces = {};
-      settledNamespacesPromise.forEach((namespace) => {
-        if (namespace.status === 'fulfilled') {
-          ns[namespace.value] = namespaces[namespace.value];
+      const allowedNamespacesNames = allNamespaceAccessReviews
+        .filter((accessReview) => accessReview.status.allowed)
+        .map((accessReview) => accessReview.spec.resourceAttributes.namespace);
+      const allowedNamespaces = namespaceNames.reduce((acc, namespaceName) => {
+        if (allowedNamespacesNames.includes(namespaceName)) {
+          acc[namespaceName] = namespaces[namespaceName];
         }
-      });
-      return ns;
+        return acc;
+      }, {} as Namespaces);
+      return allowedNamespaces;
     },
     {
       onError: (err) => {

app/react/kubernetes/namespaces/service.ts

@@ -1,7 +1,7 @@
 import axios, { parseAxiosError } from '@/portainer/services/axios';
 import { EnvironmentId } from '@/react/portainer/environments/types';
 
-import { Namespaces } from './types';
+import { Namespaces, SelfSubjectAccessReviewResponse } from './types';
 
 export async function getNamespace(
   environmentId: EnvironmentId,
@@ -28,6 +28,39 @@ export async function getNamespaces(environmentId: EnvironmentId) {
   }
 }
 
+export async function getSelfSubjectAccessReview(
+  environmentId: EnvironmentId,
+  namespaceName: string,
+  verb = 'list',
+  resource = 'deployments',
+  group = 'apps'
+) {
+  try {
+    const { data: accessReview } =
+      await axios.post<SelfSubjectAccessReviewResponse>(
+        `endpoints/${environmentId}/kubernetes/apis/authorization.k8s.io/v1/selfsubjectaccessreviews`,
+        {
+          spec: {
+            resourceAttributes: {
+              group,
+              resource,
+              verb,
+              namespace: namespaceName,
+            },
+          },
+          apiVersion: 'authorization.k8s.io/v1',
+          kind: 'SelfSubjectAccessReview',
+        }
+      );
+    return accessReview;
+  } catch (e) {
+    throw parseAxiosError(
+      e as Error,
+      'Unable to retrieve self subject access review'
+    );
+  }
+}
+
 function buildUrl(environmentId: EnvironmentId, namespace?: string) {
   let url = `kubernetes/${environmentId}/namespaces`;
 

app/react/kubernetes/namespaces/types.ts

@@ -4,3 +4,14 @@ export interface Namespaces {
     IsSystem: boolean;
   };
 }
+
+export interface SelfSubjectAccessReviewResponse {
+  status: {
+    allowed: boolean;
+  };
+  spec: {
+    resourceAttributes: {
+      namespace: string;
+    };
+  };
+}