refactor(k8s): namespace core logic (#12142)

Co-authored-by: testA113 <aliharriss1995@gmail.com> Co-authored-by: Anthony Lapenna <anthony.lapenna@portainer.io> Co-authored-by: James Carppe <85850129+jamescarppe@users.noreply.github.com> Co-authored-by: Ali <83188384+testA113@users.noreply.github.com>
2025-07-22 23:09:41 +02:00 · 2024-10-01 14:15:51 +13:00 · 2024-10-01 14:15:51 +13:00 · ea228c3d6d
commit ea228c3d6d
parent da010f3d08
276 changed files with 9241 additions and 3361 deletions
--- a/app/kubernetes/services/namespaceService.js
+++ b/app/kubernetes/services/namespaceService.js
@ -2,17 +2,17 @@ import angular from 'angular';
 import PortainerError from 'Portainer/error';
 import { KubernetesCommonParams } from 'Kubernetes/models/common/params';
 import KubernetesNamespaceConverter from 'Kubernetes/converters/namespace';
+import KubernetesNamespaceHelper from 'Kubernetes/helpers/namespaceHelper';
 import { updateNamespaces } from 'Kubernetes/store/namespace';
-import $allSettled from 'Portainer/services/allSettled';
-import { getSelfSubjectAccessReview } from '@/react/kubernetes/namespaces/getSelfSubjectAccessReview';

 class KubernetesNamespaceService {
  /* @ngInject */
-  constructor($async, KubernetesNamespaces, LocalStorage, $state) {
+  constructor($async, KubernetesNamespaces, Authentication, LocalStorage, $state) {
    this.$async = $async;
    this.$state = $state;
    this.KubernetesNamespaces = KubernetesNamespaces;
    this.LocalStorage = LocalStorage;
+    this.Authentication = Authentication;

    this.getAsync = this.getAsync.bind(this);
    this.getAllAsync = this.getAllAsync.bind(this);
@ -68,17 +68,13 @@ class KubernetesNamespaceService {
    try {
      // get the list of all namespaces (RBAC allows users to see the list of namespaces)
      const data = await this.KubernetesNamespaces().get().$promise;
-      // get the status of each namespace with accessReviews (to avoid failed forbidden responses, which aren't cached)
-      const accessReviews = await Promise.all(data.items.map((namespace) => getSelfSubjectAccessReview(this.$state.params.endpointId, namespace.metadata.name)));
-      const allowedNamespaceNames = accessReviews.filter((ar) => ar.status.allowed).map((ar) => ar.spec.resourceAttributes.namespace);
-      const promises = allowedNamespaceNames.map((name) => this.KubernetesNamespaces().status({ id: name }).$promise);
-      const namespaces = await $allSettled(promises);
-      // only return namespaces if the user has access to namespaces
-      const allNamespaces = namespaces.fulfilled.map((item) => {
-        return KubernetesNamespaceConverter.apiToNamespace(item);
-      });
-      updateNamespaces(allNamespaces);
-      return allNamespaces;
+      // get the list of all namespaces with isAccessAllowed flags
+      const hasK8sAccessSystemNamespaces = this.Authentication.hasAuthorizations(['K8sAccessSystemNamespaces']);
+      const namespaces = data.items.filter((item) => !KubernetesNamespaceHelper.isSystemNamespace(item.metadata.name) || hasK8sAccessSystemNamespaces);
+      // parse the namespaces
+      const visibleNamespaces = namespaces.map((item) => KubernetesNamespaceConverter.apiToNamespace(item));
+      updateNamespaces(visibleNamespaces);
+      return visibleNamespaces;
    } catch (err) {
      throw new PortainerError('Unable to retrieve namespaces', err);
    }