From ebfb9ab4644a759b59f5b3a3a8c44c9bece16e10 Mon Sep 17 00:00:00 2001
From: testA113 <aliharriss1995@gmail.com>
Date: Fri, 4 Oct 2024 16:04:49 +1300
Subject: [PATCH] return clusterole isSystem label

---
 api/http/models/kubernetes/cluster_roles.go |  2 ++
 api/kubernetes/cli/cluster_role.go          | 29 +++++++++++++++++++++
 api/kubernetes/cli/role.go                  |  6 +++++
 3 files changed, 37 insertions(+)

diff --git a/api/http/models/kubernetes/cluster_roles.go b/api/http/models/kubernetes/cluster_roles.go
index 78fcd909e..ef17890c8 100644
--- a/api/http/models/kubernetes/cluster_roles.go
+++ b/api/http/models/kubernetes/cluster_roles.go
@@ -5,4 +5,6 @@ import "time"
 type K8sClusterRole struct {
 	Name         string    `json:"name"`
 	CreationDate time.Time `json:"creationDate"`
+	Uid          string    `json:"uid"`
+	IsSystem     bool      `json:"isSystem"`
 }
diff --git a/api/kubernetes/cli/cluster_role.go b/api/kubernetes/cli/cluster_role.go
index d5194ccd2..8c46d9b3d 100644
--- a/api/kubernetes/cli/cluster_role.go
+++ b/api/kubernetes/cli/cluster_role.go
@@ -3,6 +3,7 @@ package cli
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	models "github.com/portainer/portainer/api/http/models/kubernetes"
 	rbacv1 "k8s.io/api/rbac/v1"
@@ -39,5 +40,33 @@ func parseClusterRole(clusterRole rbacv1.ClusterRole) models.K8sClusterRole {
 	return models.K8sClusterRole{
 		Name:         clusterRole.Name,
 		CreationDate: clusterRole.CreationTimestamp.Time,
+		Uid:          string(clusterRole.UID),
+		IsSystem:     isSystemClusterRole(&clusterRole),
 	}
 }
+
+func isSystemClusterRole(role *rbacv1.ClusterRole) bool {
+	if role.Namespace == "kube-system" || role.Namespace == "kube-public" ||
+		role.Namespace == "kube-node-lease" || role.Namespace == "portainer" {
+		return true
+	}
+
+	if strings.HasPrefix(role.Name, "system:") {
+		return true
+	}
+
+	if role.Labels != nil {
+		if role.Labels["kubernetes.io/bootstrapping"] == "rbac-defaults" {
+			return true
+		}
+	}
+
+	roles := getPortainerDefaultK8sRoleNames()
+	for i := range roles {
+		if role.Name == roles[i] {
+			return true
+		}
+	}
+
+	return false
+}
diff --git a/api/kubernetes/cli/role.go b/api/kubernetes/cli/role.go
index 3460f45dc..53ed19b15 100644
--- a/api/kubernetes/cli/role.go
+++ b/api/kubernetes/cli/role.go
@@ -108,3 +108,9 @@ func (kcl *KubeClient) upsertPortainerK8sClusterRoles() error {
 
 	return nil
 }
+
+func getPortainerDefaultK8sRoleNames() []string {
+	return []string{
+		string(portainerUserCRName),
+	}
+}