Add robot permission of helm-chart pull/push

add robot permission of helm-chart pull/push

Signed-off-by: Yogi_Wang <yawang@vmware.com>
This commit is contained in:
Yogi_Wang 2019-05-23 12:51:58 +08:00
parent fbec3ee76f
commit 247d58232a
11 changed files with 97 additions and 38 deletions

View File

@ -60,13 +60,13 @@
</clr-tooltip-content> </clr-tooltip-content>
</clr-tooltip></label> </clr-tooltip></label>
<input type="password" name="cli_password" disabled [ngModel]="'account.oidc_user_meta.secret'" size="33"> <input type="password" name="cli_password" disabled [ngModel]="'account.oidc_user_meta.secret'" size="33">
<button (click)="generateCli(account.user_id)" class="btn btn-outline btn-sm btn-padding-less" *ngIf="showGenerateCli"> <button (click)="generateCli(account.user_id)" id="generate-cli-btn" class="btn btn-outline btn-sm btn-padding-less" *ngIf="showGenerateCli">
{{'PROFILE.ADMIN_CIL_SECRET_BUTTON' | translate}} {{'PROFILE.ADMIN_CIL_SECRET_BUTTON' | translate}}
</button> </button>
<div class="rename-tool reset-cli"> <div class="rename-tool reset-cli">
<hbr-copy-input #copyInput (onCopySuccess)="onSuccess($event)" (onCopyError)="onError($event)" iconMode="true" [defaultValue]="account.oidc_user_meta.secret"></hbr-copy-input> <hbr-copy-input #copyInput (onCopySuccess)="onSuccess($event)" (onCopyError)="onError($event)" iconMode="true" [defaultValue]="account.oidc_user_meta.secret"></hbr-copy-input>
</div> </div>
<div (click)="showGenerateCliFn()" *ngIf="!showGenerateCli" class="hidden-generate-cli">···</div> <div (click)="showGenerateCliFn()" *ngIf="!showGenerateCli" id="hidden-generate-cli" class="hidden-generate-cli">···</div>
</div> </div>
</section> </section>
</form> </form>

View File

@ -38,23 +38,50 @@
[(ngModel)]="robot.description" [(ngModel)]="robot.description"
name="robot_desc" id="robot_desc"> name="robot_desc" id="robot_desc">
</div> </div>
<div class="form-group clr-form-control rule-width"> <div class="form-group">
<label class="col-md-3">
{{'ROBOT_ACCOUNT.PERMISSIONS' | translate}}
</label>
<label class="clr-col-md-8 no-margin padding-left-0">
<clr-checkbox-wrapper> <clr-checkbox-wrapper>
<input type="checkbox" clrCheckbox [checked]="true" <input type="checkbox" clrCheckbox [checked]="true"
[(ngModel)]="robot.access.isPull" name="isPull" [(ngModel)]="robot.access.isPullImage" name="isPullImage"
id="permission-pull" class="clr-checkbox"> id="permission-pull" class="clr-checkbox">
<label for="permission-pull" class="clr-control-label"> <label for="permission-pull" class="clr-control-label">
{{'ROBOT_ACCOUNT.PULL_PERMISSION' | translate}} {{'ROBOT_ACCOUNT.PULL_PERMISSION' | translate}}
</label> </label>
</clr-checkbox-wrapper> </clr-checkbox-wrapper>
</label>
<label class="clr-col-md-8 no-margin padding-left-0">
<clr-checkbox-wrapper> <clr-checkbox-wrapper>
<input type="checkbox" clrCheckbox [checked]="true" <input type="checkbox" clrCheckbox [checked]="true"
[(ngModel)]="robot.access.isPush" name="isPush" [(ngModel)]="robot.access.isPushOrPullImage" name="isPushOrPullImage"
id="permission-push" class="clr-checkbox"> id="permission-push" class="clr-checkbox">
<label for="permission-push" class="clr-control-label"> <label for="permission-push" class="clr-control-label">
{{'ROBOT_ACCOUNT.PULL_PUSH_PERMISSION' | translate}} {{'ROBOT_ACCOUNT.PULL_PUSH_PERMISSION' | translate}}
</label> </label>
</clr-checkbox-wrapper> </clr-checkbox-wrapper>
</label>
<label class="clr-col-md-8 no-margin padding-left-0">
<clr-checkbox-wrapper>
<input type="checkbox" clrCheckbox [checked]="true"
[(ngModel)]="robot.access.isPushChart" name="isPushChart"
id="permission-push-chart" class="clr-checkbox">
<label for="permission-push-chart" class="clr-control-label">
{{'ROBOT_ACCOUNT.PUSH_CHART_PERMISSION' | translate}}
</label>
</clr-checkbox-wrapper>
</label>
<label class="clr-col-md-8 no-margin padding-left-0">
<clr-checkbox-wrapper>
<input type="checkbox" clrCheckbox [checked]="true"
[(ngModel)]="robot.access.isPullChart" name="isPullChart"
id="permission-pull-chart" class="clr-checkbox">
<label for="permission-pull-chart" class="clr-control-label">
{{'ROBOT_ACCOUNT.PULL_CHART_PERMISSION' | translate}}
</label>
</clr-checkbox-wrapper>
</label>
</div> </div>
</section> </section>
</form> </form>

View File

@ -29,3 +29,9 @@
} }
} }
} }
.padding-left-0 {
padding-left: 0;
}
.no-margin {
margin: 0;
}

View File

@ -31,8 +31,6 @@ export class AddRobotComponent implements OnInit, OnDestroy {
isSubmitOnGoing = false; isSubmitOnGoing = false;
closable: boolean = false; closable: boolean = false;
staticBackdrop: boolean = true; staticBackdrop: boolean = true;
isPull: boolean;
isPush: boolean;
createSuccess: string; createSuccess: string;
isRobotNameValid: boolean = true; isRobotNameValid: boolean = true;
checkOnGoing: boolean = false; checkOnGoing: boolean = false;
@ -122,11 +120,8 @@ export class AddRobotComponent implements OnInit, OnDestroy {
this.robotService this.robotService
.addRobotAccount( .addRobotAccount(
this.projectId, this.projectId,
this.robot.name, this.robot,
this.robot.description, this.projectName
this.projectName,
this.robot.access.isPull,
this.robot.access.isPush
) )
.subscribe( .subscribe(
response => { response => {
@ -162,7 +157,8 @@ export class AddRobotComponent implements OnInit, OnDestroy {
if (this.robot && this.robot.access) { if (this.robot && this.robot.access) {
return ( return (
!this.isValid() || !this.isValid() ||
(!this.robot.access.isPush && !this.robot.access.isPull) (!this.robot.access.isPushOrPullImage && !this.robot.access.isPullImage
&& !this.robot.access.isPullChart && !this.robot.access.isPushChart)
); );
} }
} }

View File

@ -17,27 +17,38 @@ import { map, catchError } from "rxjs/operators";
import { Injectable } from "@angular/core"; import { Injectable } from "@angular/core";
import { HttpClient } from "@angular/common/http"; import { HttpClient } from "@angular/common/http";
import { RobotApiRepository } from "./robot.api.repository"; import { RobotApiRepository } from "./robot.api.repository";
import { Robot } from "./robot";
@Injectable() @Injectable()
export class RobotService { export class RobotService {
constructor( constructor(
private http: HttpClient, private http: HttpClient,
private robotApiRepository: RobotApiRepository private robotApiRepository: RobotApiRepository
) { } ) { }
public addRobotAccount(projecId, name, description, projectName, isPull, isPush): Observable<any> {
/** addRobotAccount
* projecId
* robot: Robot
* projectName
*/
public addRobotAccount(projecId: number, robot: Robot, projectName: string): Observable<any> {
let access = []; let access = [];
if ( isPull ) { if (robot.access.isPullImage) {
access.push({"resource": "/project/" + projecId + "/repository", "action": "pull"}); access.push({ "resource": `/project/${projectName}/repository`, "action": "pull" });
access.push({"resource": "/project/" + projectName + "/repository", "action": "pull"});
} }
if ( isPush ) { if (robot.access.isPushOrPullImage) {
access.push({"resource": "/project/" + projecId + "/repository", "action": "push"}); access.push({ "resource": `/project/${projectName}/repository`, "action": "push" });
access.push({"resource": "/project/" + projectName + "/repository", "action": "push"}); }
if (robot.access.isPullChart) {
access.push({ "resource": `/project/${projectName}/helm-chart`, "action": "read" });
}
if (robot.access.isPushChart) {
access.push({ "resource": `/project/${projectName}/helm-chart-version`, "action": "create" });
} }
let param = { let param = {
name: name, name: robot.name,
description: description, description: robot.description,
access: access access
}; };
return this.robotApiRepository.postRobot(projecId, param); return this.robotApiRepository.postRobot(projecId, param);

View File

@ -6,16 +6,20 @@ export class Robot {
expires_at: number; expires_at: number;
disabled: boolean; disabled: boolean;
access: { access: {
isPull: boolean; isPullImage: boolean;
isPush: boolean; isPushOrPullImage: boolean;
isPushChart: boolean;
isPullChart: boolean;
}; };
constructor () { constructor () {
this.access = <any>{}; this.access = <any>{};
// this.access[0].action = true; // this.access[0].action = true;
this.access.isPull = true; this.access.isPullImage = true;
this.access.isPush = true; this.access.isPushOrPullImage = true;
this.access.isPushChart = false;
this.access.isPullChart = false;
} }
} }

View File

@ -294,6 +294,7 @@
}, },
"ROBOT_ACCOUNT": { "ROBOT_ACCOUNT": {
"NAME": "Name", "NAME": "Name",
"PERMISSIONS": "Permissions",
"TOKEN": "Token", "TOKEN": "Token",
"NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT", "NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT",
"ENABLED_STATE": "Enabled state", "ENABLED_STATE": "Enabled state",
@ -309,8 +310,10 @@
"ENABLE_ACCOUNT": "Enable Account", "ENABLE_ACCOUNT": "Enable Account",
"DELETE": "Delete", "DELETE": "Delete",
"CREAT_ROBOT_ACCOUNT": "Creat Robot Account", "CREAT_ROBOT_ACCOUNT": "Creat Robot Account",
"PULL_PERMISSION": "Permission for Pull", "PULL_PERMISSION": "Image pull",
"PULL_PUSH_PERMISSION": "Permission for Push / Pull", "PULL_PUSH_PERMISSION": "Image pull / push",
"PUSH_CHART_PERMISSION": "Helm chart push",
"PULL_CHART_PERMISSION": "Helm chart pull",
"FILTER_PLACEHOLDER": "Filter Robot Accounts", "FILTER_PLACEHOLDER": "Filter Robot Accounts",
"ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.", "ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.",
"ACCOUNT_EXISTING": "Robot Account is already exists.", "ACCOUNT_EXISTING": "Robot Account is already exists.",

View File

@ -295,6 +295,7 @@
}, },
"ROBOT_ACCOUNT": { "ROBOT_ACCOUNT": {
"NAME": "Name", "NAME": "Name",
"PERMISSIONS": "Permissions",
"TOKEN": "Token", "TOKEN": "Token",
"NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT", "NEW_ROBOT_ACCOUNT": "NEW ROBOT ACCOUNT",
"ENABLED_STATE": "Enabled state", "ENABLED_STATE": "Enabled state",
@ -310,8 +311,10 @@
"ENABLE_ACCOUNT": "Enable Account", "ENABLE_ACCOUNT": "Enable Account",
"DELETE": "Delete", "DELETE": "Delete",
"CREAT_ROBOT_ACCOUNT": "Creat Robot Account", "CREAT_ROBOT_ACCOUNT": "Creat Robot Account",
"PULL_PERMISSION": "Permission for Pull", "PULL_PERMISSION": "Image pull",
"PULL_PUSH_PERMISSION": "Permission for Push / Pull", "PULL_PUSH_PERMISSION": "Image pull / push",
"PUSH_CHART_PERMISSION": "Helm chart push",
"PULL_CHART_PERMISSION": "Helm chart pull",
"FILTER_PLACEHOLDER": "Filter Robot Accounts", "FILTER_PLACEHOLDER": "Filter Robot Accounts",
"ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.", "ROBOT_NAME": "Cannot contain special characters(~#$%) and maximum length should be 255 characters.",
"ACCOUNT_EXISTING": "Robot Account is already exists.", "ACCOUNT_EXISTING": "Robot Account is already exists.",

View File

@ -286,6 +286,7 @@
}, },
"ROBOT_ACCOUNT": { "ROBOT_ACCOUNT": {
"NAME": "Nom", "NAME": "Nom",
"PERMISSIONS": "Permissions",
"TOKEN": "gage ", "TOKEN": "gage ",
"NEW_ROBOT_ACCOUNT": "nouveau robot compte ", "NEW_ROBOT_ACCOUNT": "nouveau robot compte ",
"ENABLED_STATE": "état d 'activation", "ENABLED_STATE": "état d 'activation",
@ -301,8 +302,10 @@
"ENABLE_ACCOUNT": "permettre à compte ", "ENABLE_ACCOUNT": "permettre à compte ",
"DELETE": "Supprimer", "DELETE": "Supprimer",
"CREAT_ROBOT_ACCOUNT": "créat robot compte ", "CREAT_ROBOT_ACCOUNT": "créat robot compte ",
"PULL_PERMISSION": "Permission for Pull", "PULL_PERMISSION": "Image pull",
"PULL_PUSH_PERMISSION": "Permission for Push / Pull", "PULL_PUSH_PERMISSION": "Image pull / push",
"PUSH_CHART_PERMISSION": "Helm chart push",
"PULL_CHART_PERMISSION": "Helm chart pull",
"FILTER_PLACEHOLDER": "Filter Robot Accounts", "FILTER_PLACEHOLDER": "Filter Robot Accounts",
"ROBOT_NAME": "ne peut pas contenir de caractères spéciaux(~#$%) et la longueur maximale devrait être de 255 caractères.", "ROBOT_NAME": "ne peut pas contenir de caractères spéciaux(~#$%) et la longueur maximale devrait être de 255 caractères.",
"ACCOUNT_EXISTING": "le robot est existe déjà.", "ACCOUNT_EXISTING": "le robot est existe déjà.",

View File

@ -292,6 +292,7 @@
}, },
"ROBOT_ACCOUNT": { "ROBOT_ACCOUNT": {
"NAME": "Nome", "NAME": "Nome",
"PERMISSIONS": "Permissions",
"TOKEN": "Token", "TOKEN": "Token",
"NEW_ROBOT_ACCOUNT": "Novo robô conta", "NEW_ROBOT_ACCOUNT": "Novo robô conta",
"ENABLED_STATE": "Enabled state", "ENABLED_STATE": "Enabled state",
@ -307,8 +308,10 @@
"ENABLE_ACCOUNT": "Ativar conta", "ENABLE_ACCOUNT": "Ativar conta",
"DELETE": "Remover", "DELETE": "Remover",
"CREAT_ROBOT_ACCOUNT": "CRIA robô conta", "CREAT_ROBOT_ACCOUNT": "CRIA robô conta",
"PULL_PERMISSION": "Permission for Pull", "PULL_PERMISSION": "Image pull",
"PULL_PUSH_PERMISSION": "Permission for Push / Pull", "PULL_PUSH_PERMISSION": "Image pull / push",
"PUSH_CHART_PERMISSION": "Helm chart push",
"PULL_CHART_PERMISSION": "Helm chart pull",
"FILTER_PLACEHOLDER": "Filtro robot accounts", "FILTER_PLACEHOLDER": "Filtro robot accounts",
"ROBOT_NAME": "Não Pode conter caracteres especiais(~#$%) e comprimento máximo deveria ser 255 caracteres.", "ROBOT_NAME": "Não Pode conter caracteres especiais(~#$%) e comprimento máximo deveria ser 255 caracteres.",
"ACCOUNT_EXISTING": "Robô conta já existe.", "ACCOUNT_EXISTING": "Robô conta já existe.",

View File

@ -293,6 +293,7 @@
}, },
"ROBOT_ACCOUNT": { "ROBOT_ACCOUNT": {
"NAME": "姓名", "NAME": "姓名",
"PERMISSIONS": "权限",
"TOKEN": "令牌", "TOKEN": "令牌",
"NEW_ROBOT_ACCOUNT": "添加机器人账户", "NEW_ROBOT_ACCOUNT": "添加机器人账户",
"ENABLED_STATE": "启用状态", "ENABLED_STATE": "启用状态",
@ -308,8 +309,10 @@
"ENABLE_ACCOUNT": "启用账户", "ENABLE_ACCOUNT": "启用账户",
"DELETE": "删除", "DELETE": "删除",
"CREAT_ROBOT_ACCOUNT": "创建机器人账户", "CREAT_ROBOT_ACCOUNT": "创建机器人账户",
"PULL_PERMISSION": "Pull 权限", "PULL_PERMISSION": "Pull 镜像",
"PULL_PUSH_PERMISSION": "Push / Pull 权限", "PULL_PUSH_PERMISSION": "Push和Pull 镜像",
"PUSH_CHART_PERMISSION": "推送Chart",
"PULL_CHART_PERMISSION": "拉取Chart",
"FILTER_PLACEHOLDER": "过滤机器人账户", "FILTER_PLACEHOLDER": "过滤机器人账户",
"ROBOT_NAME": "不能包含特殊字符(~#$%)且长度不能超过255.", "ROBOT_NAME": "不能包含特殊字符(~#$%)且长度不能超过255.",
"ACCOUNT_EXISTING": "机器人账户已经存在.", "ACCOUNT_EXISTING": "机器人账户已经存在.",