Add robot permission of helm-chart pull/push

add robot permission of helm-chart pull/push Signed-off-by: Yogi_Wang <yawang@vmware.com>
2024-06-26 06:45:12 +02:00 · 2019-05-23 12:51:58 +08:00 · 2019-05-23 12:51:58 +08:00 · 247d58232a
commit 247d58232a
parent fbec3ee76f
11 changed files with 97 additions and 38 deletions
--- a/src/portal/src/app/account/account-settings/account-settings-modal.component.html
+++ b/src/portal/src/app/account/account-settings/account-settings-modal.component.html
@ -60,13 +60,13 @@
                            </clr-tooltip-content>
                        </clr-tooltip></label>
                    <input type="password" name="cli_password" disabled [ngModel]="'account.oidc_user_meta.secret'" size="33">
-                    <button (click)="generateCli(account.user_id)" class="btn btn-outline btn-sm btn-padding-less" *ngIf="showGenerateCli">
+                    <button (click)="generateCli(account.user_id)" id="generate-cli-btn" class="btn btn-outline btn-sm btn-padding-less" *ngIf="showGenerateCli">
                                {{'PROFILE.ADMIN_CIL_SECRET_BUTTON' | translate}}
                            </button>
                    <div class="rename-tool reset-cli">
                        <hbr-copy-input #copyInput (onCopySuccess)="onSuccess($event)" (onCopyError)="onError($event)"  iconMode="true" [defaultValue]="account.oidc_user_meta.secret"></hbr-copy-input>
                    </div>
-                    <div (click)="showGenerateCliFn()" *ngIf="!showGenerateCli" class="hidden-generate-cli">···</div>
+                    <div (click)="showGenerateCliFn()" *ngIf="!showGenerateCli" id="hidden-generate-cli" class="hidden-generate-cli">···</div>
                </div>
            </section>
        </form>
--- a/src/portal/src/app/project/robot-account/add-robot/add-robot.component.html
+++ b/src/portal/src/app/project/robot-account/add-robot/add-robot.component.html
@ -38,23 +38,50 @@
            [(ngModel)]="robot.description"
            name="robot_desc" id="robot_desc">
        </div>
-        <div class="form-group clr-form-control rule-width">
+        <div class="form-group">
+          <label class="col-md-3">
+            {{'ROBOT_ACCOUNT.PERMISSIONS' | translate}}
+          </label>
+          <label class="clr-col-md-8 no-margin padding-left-0">
          <clr-checkbox-wrapper>
            <input type="checkbox" clrCheckbox [checked]="true"
-              [(ngModel)]="robot.access.isPull" name="isPull"
+              [(ngModel)]="robot.access.isPullImage" name="isPullImage"
              id="permission-pull" class="clr-checkbox">
            <label for="permission-pull" class="clr-control-label">
              {{'ROBOT_ACCOUNT.PULL_PERMISSION' | translate}}
            </label>
          </clr-checkbox-wrapper>
+        </label>
+        <label class="clr-col-md-8 no-margin padding-left-0">
          <clr-checkbox-wrapper>
            <input type="checkbox" clrCheckbox [checked]="true"
-              [(ngModel)]="robot.access.isPush" name="isPush"
+              [(ngModel)]="robot.access.isPushOrPullImage" name="isPushOrPullImage"
              id="permission-push" class="clr-checkbox">
            <label for="permission-push" class="clr-control-label">
              {{'ROBOT_ACCOUNT.PULL_PUSH_PERMISSION' | translate}}
            </label>
          </clr-checkbox-wrapper>
+        </label>
+        <label class="clr-col-md-8 no-margin padding-left-0">
+          <clr-checkbox-wrapper>
+            <input type="checkbox" clrCheckbox [checked]="true"
+              [(ngModel)]="robot.access.isPushChart" name="isPushChart"
+              id="permission-push-chart" class="clr-checkbox">
+            <label for="permission-push-chart" class="clr-control-label">
+              {{'ROBOT_ACCOUNT.PUSH_CHART_PERMISSION' | translate}}
+            </label>
+          </clr-checkbox-wrapper>
+        </label>
+        <label class="clr-col-md-8 no-margin padding-left-0">
+          <clr-checkbox-wrapper>
+            <input type="checkbox" clrCheckbox [checked]="true"
+              [(ngModel)]="robot.access.isPullChart" name="isPullChart"
+              id="permission-pull-chart" class="clr-checkbox">
+            <label for="permission-pull-chart" class="clr-control-label">
+              {{'ROBOT_ACCOUNT.PULL_CHART_PERMISSION' | translate}}
+            </label>
+          </clr-checkbox-wrapper>
+        </label>
        </div>
      </section>
    </form>
--- a/src/portal/src/app/project/robot-account/add-robot/add-robot.component.scss
+++ b/src/portal/src/app/project/robot-account/add-robot/add-robot.component.scss
@ -29,3 +29,9 @@
    }
  }
 }
+.padding-left-0 {
+  padding-left: 0;
+}
+.no-margin {
+  margin: 0;
+}
--- a/src/portal/src/app/project/robot-account/add-robot/add-robot.component.ts
+++ b/src/portal/src/app/project/robot-account/add-robot/add-robot.component.ts
@ -31,8 +31,6 @@ export class AddRobotComponent implements OnInit, OnDestroy {
  isSubmitOnGoing = false;
  closable: boolean = false;
  staticBackdrop: boolean = true;
-  isPull: boolean;
-  isPush: boolean;
  createSuccess: string;
  isRobotNameValid: boolean = true;
  checkOnGoing: boolean = false;
@ -122,11 +120,8 @@ export class AddRobotComponent implements OnInit, OnDestroy {
    this.robotService
      .addRobotAccount(
        this.projectId,
-        this.robot.name,
-        this.robot.description,
-        this.projectName,
-        this.robot.access.isPull,
-        this.robot.access.isPush
+        this.robot,
+        this.projectName
      )
      .subscribe(
        response => {
@ -162,7 +157,8 @@ export class AddRobotComponent implements OnInit, OnDestroy {
    if (this.robot && this.robot.access) {
      return (
        !this.isValid() ||
-        (!this.robot.access.isPush && !this.robot.access.isPull)
+        (!this.robot.access.isPushOrPullImage && !this.robot.access.isPullImage
+          && !this.robot.access.isPullChart && !this.robot.access.isPushChart)
      );
    }
  }
--- a/src/portal/src/app/project/robot-account/robot-account.service.ts
+++ b/src/portal/src/app/project/robot-account/robot-account.service.ts
@ -17,27 +17,38 @@ import { map, catchError } from "rxjs/operators";
 import { Injectable } from "@angular/core";
 import { HttpClient } from "@angular/common/http";
 import { RobotApiRepository } from "./robot.api.repository";
+import { Robot } from "./robot";
@Injectable()
 export class RobotService {
  constructor(
    private http: HttpClient,
    private robotApiRepository: RobotApiRepository
-  ) {}
-  public addRobotAccount(projecId, name, description, projectName, isPull, isPush): Observable<any> {
+  ) { }
+
+  /** addRobotAccount
+   * projecId
+   * robot: Robot
+   * projectName
+   */
+  public addRobotAccount(projecId: number, robot: Robot, projectName: string): Observable<any> {
    let access = [];
-    if ( isPull ) {
-      access.push({"resource": "/project/" + projecId + "/repository", "action": "pull"});
-      access.push({"resource": "/project/" + projectName + "/repository", "action": "pull"});
+    if (robot.access.isPullImage) {
+      access.push({ "resource": `/project/${projectName}/repository`, "action": "pull" });
    }
-    if ( isPush ) {
-      access.push({"resource": "/project/" + projecId + "/repository", "action": "push"});
-      access.push({"resource": "/project/" + projectName + "/repository", "action": "push"});
+    if (robot.access.isPushOrPullImage) {
+      access.push({ "resource": `/project/${projectName}/repository`, "action": "push" });
+    }
+    if (robot.access.isPullChart) {
+      access.push({ "resource": `/project/${projectName}/helm-chart`, "action": "read" });
+    }
+    if (robot.access.isPushChart) {
+      access.push({ "resource": `/project/${projectName}/helm-chart-version`, "action": "create" });
    }

    let param = {
-      name: name,
-      description: description,
-      access: access
+      name: robot.name,
+      description: robot.description,
+      access
    };

    return this.robotApiRepository.postRobot(projecId, param);
--- a/src/portal/src/app/project/robot-account/robot.ts
+++ b/src/portal/src/app/project/robot-account/robot.ts
@ -6,16 +6,20 @@ export class Robot {
  expires_at: number;
  disabled: boolean;
  access: {
-    isPull: boolean;
-    isPush: boolean;
+    isPullImage: boolean;
+    isPushOrPullImage: boolean;
+    isPushChart: boolean;
+    isPullChart: boolean;
  };


  constructor () {
    this.access = <any>{};
    // this.access[0].action = true;
-    this.access.isPull = true;
-    this.access.isPush = true;
+    this.access.isPullImage = true;
+    this.access.isPushOrPullImage = true;
+    this.access.isPushChart = false;
+    this.access.isPullChart = false;
  }
 }

--- a/src/portal/src/i18n/lang/en-us-lang.json
+++ b/src/portal/src/i18n/lang/en-us-lang.json
@ -294,6 +294,7 @@
    },
    "ROBOT_ACCOUNT": {
        "NAME": "Name",
+        "PERMISSIONS": "Permissions",
        "TOKEN": "Token",
        "NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT",
        "ENABLED_STATE": "Enabled state",
@ -309,8 +310,10 @@
        "ENABLE_ACCOUNT": "Enable Account",
        "DELETE": "Delete",
        "CREAT_ROBOT_ACCOUNT": "Creat Robot Account",
-        "PULL_PERMISSION": "Permission for Pull",
-        "PULL_PUSH_PERMISSION": "Permission for Push / Pull",
+        "PULL_PERMISSION": "Image pull",
+        "PULL_PUSH_PERMISSION": "Image pull / push",
+        "PUSH_CHART_PERMISSION": "Helm chart push",
+        "PULL_CHART_PERMISSION": "Helm chart pull",
        "FILTER_PLACEHOLDER": "Filter Robot Accounts",
        "ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.",
        "ACCOUNT_EXISTING": "Robot Account is already exists.",
--- a/src/portal/src/i18n/lang/es-es-lang.json
+++ b/src/portal/src/i18n/lang/es-es-lang.json
@ -295,6 +295,7 @@
    },
    "ROBOT_ACCOUNT": {
        "NAME": "Name",
+        "PERMISSIONS": "Permissions",
        "TOKEN": "Token",
        "NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT",
        "ENABLED_STATE": "Enabled state",
@ -310,8 +311,10 @@
        "ENABLE_ACCOUNT": "Enable Account",
        "DELETE": "Delete",
        "CREAT_ROBOT_ACCOUNT": "Creat Robot Account",
-        "PULL_PERMISSION": "Permission for Pull",
-        "PULL_PUSH_PERMISSION": "Permission for Push / Pull",
+        "PULL_PERMISSION": "Image pull",
+        "PULL_PUSH_PERMISSION": "Image pull / push",
+        "PUSH_CHART_PERMISSION": "Helm chart push",
+        "PULL_CHART_PERMISSION": "Helm chart pull",
        "FILTER_PLACEHOLDER": "Filter Robot Accounts",
        "ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.",
        "ACCOUNT_EXISTING": "Robot Account is already exists.",
--- a/src/portal/src/i18n/lang/fr-fr-lang.json
+++ b/src/portal/src/i18n/lang/fr-fr-lang.json
@ -286,6 +286,7 @@
    },
    "ROBOT_ACCOUNT": {
        "NAME": "Nom",
+        "PERMISSIONS": "Permissions",
        "TOKEN": "gage ",
        "NEW_ROBOT_ACCOUNT": "nouveau robot compte ",
        "ENABLED_STATE": "état d 'activation",
@ -301,8 +302,10 @@
        "ENABLE_ACCOUNT": "permettre à compte ",
        "DELETE": "Supprimer",
        "CREAT_ROBOT_ACCOUNT": "créat robot compte ",
-        "PULL_PERMISSION": "Permission for Pull",
-        "PULL_PUSH_PERMISSION": "Permission for Push / Pull",
+        "PULL_PERMISSION": "Image pull",
+        "PULL_PUSH_PERMISSION": "Image pull / push",
+        "PUSH_CHART_PERMISSION": "Helm chart push",
+        "PULL_CHART_PERMISSION": "Helm chart pull",
        "FILTER_PLACEHOLDER": "Filter Robot Accounts",
        "ROBOT_NAME": "ne peut pas contenir de caractères spéciaux(~#$%) et la longueur maximale devrait être de 255 caractères.",
        "ACCOUNT_EXISTING": "le robot est existe déjà.",
--- a/src/portal/src/i18n/lang/pt-br-lang.json
+++ b/src/portal/src/i18n/lang/pt-br-lang.json
@ -292,6 +292,7 @@
    },
    "ROBOT_ACCOUNT": {
        "NAME": "Nome",
+        "PERMISSIONS": "Permissions",
        "TOKEN": "Token",
        "NEW_ROBOT_ACCOUNT": "Novo robô conta",
        "ENABLED_STATE": "Enabled state",
@ -307,8 +308,10 @@
        "ENABLE_ACCOUNT": "Ativar conta",
        "DELETE": "Remover",
        "CREAT_ROBOT_ACCOUNT": "CRIA robô conta",
-        "PULL_PERMISSION": "Permission for Pull",
-        "PULL_PUSH_PERMISSION": "Permission for Push / Pull",
+        "PULL_PERMISSION": "Image pull",
+        "PULL_PUSH_PERMISSION": "Image pull / push",
+        "PUSH_CHART_PERMISSION": "Helm chart push",
+        "PULL_CHART_PERMISSION": "Helm chart pull",
        "FILTER_PLACEHOLDER": "Filtro robot accounts",
        "ROBOT_NAME": "Não Pode conter caracteres especiais(~#$%) e comprimento máximo deveria ser 255 caracteres.",
        "ACCOUNT_EXISTING": "Robô conta já existe.",
--- a/src/portal/src/i18n/lang/zh-cn-lang.json
+++ b/src/portal/src/i18n/lang/zh-cn-lang.json
@ -293,6 +293,7 @@
    },
    "ROBOT_ACCOUNT": {
        "NAME": "姓名",
+        "PERMISSIONS": "权限",
        "TOKEN": "令牌",
        "NEW_ROBOT_ACCOUNT": "添加机器人账户",
        "ENABLED_STATE": "启用状态",
@ -308,8 +309,10 @@
        "ENABLE_ACCOUNT": "启用账户",
        "DELETE": "删除",
        "CREAT_ROBOT_ACCOUNT": "创建机器人账户",
-        "PULL_PERMISSION": "Pull 权限",
-        "PULL_PUSH_PERMISSION": "Push / Pull 权限",
+        "PULL_PERMISSION": "Pull 镜像",
+        "PULL_PUSH_PERMISSION": "Push和Pull 镜像",
+        "PUSH_CHART_PERMISSION": "推送Chart",
+        "PULL_CHART_PERMISSION": "拉取Chart",
        "FILTER_PLACEHOLDER": "过滤机器人账户",
        "ROBOT_NAME": "不能包含特殊字符(~#$%)且长度不能超过255.",
        "ACCOUNT_EXISTING": "机器人账户已经存在.",