mirror of
				https://github.com/onepanelio/onepanel.git
				synced 2025-10-25 06:20:21 +08:00 
			
		
		
		
	refactor: clean up client code
This commit is contained in:
		| @@ -16,6 +16,8 @@ import ( | |||||||
| 	authorizationv1 "k8s.io/api/authorization/v1" | 	authorizationv1 "k8s.io/api/authorization/v1" | ||||||
| ) | ) | ||||||
|  |  | ||||||
|  | const ClientContextKey = "client" | ||||||
|  |  | ||||||
| func getBearerToken(ctx context.Context) (*string, bool) { | func getBearerToken(ctx context.Context) (*string, bool) { | ||||||
| 	md, ok := metadata.FromIncomingContext(ctx) | 	md, ok := metadata.FromIncomingContext(ctx) | ||||||
| 	if !ok { | 	if !ok { | ||||||
| @@ -58,7 +60,7 @@ func getClient(ctx context.Context, kubeConfig *v1.Config, db *v1.DB) (context.C | |||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	return context.WithValue(ctx, "kubeClient", client), nil | 	return context.WithValue(ctx, "client", client), nil | ||||||
| } | } | ||||||
|  |  | ||||||
| func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (allowed bool, err error) { | func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (allowed bool, err error) { | ||||||
|   | |||||||
| @@ -22,7 +22,7 @@ func (a *AuthServer) IsWorkspaceAuthenticated(ctx context.Context, request *api. | |||||||
| 	if ctx == nil { | 	if ctx == nil { | ||||||
| 		return &empty.Empty{}, nil | 		return &empty.Empty{}, nil | ||||||
| 	} | 	} | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	md, ok := metadata.FromIncomingContext(ctx) | 	md, ok := metadata.FromIncomingContext(ctx) | ||||||
| 	if !ok { | 	if !ok { | ||||||
| 		return &empty.Empty{}, errors.New("Error parsing headers.") | 		return &empty.Empty{}, errors.New("Error parsing headers.") | ||||||
| @@ -53,7 +53,7 @@ func (a *AuthServer) IsAuthorized(ctx context.Context, request *api.IsAuthorized | |||||||
| 		return res, status.Error(codes.Unauthenticated, "Unauthenticated.") | 		return res, status.Error(codes.Unauthenticated, "Unauthenticated.") | ||||||
| 	} | 	} | ||||||
| 	//User auth check | 	//User auth check | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	err = a.isValidToken(err, client) | 	err = a.isValidToken(err, client) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -74,7 +74,7 @@ func (a *AuthServer) IsValidToken(ctx context.Context, req *api.IsValidTokenRequ | |||||||
| 		return nil, status.Error(codes.Unauthenticated, "Unauthenticated.") | 		return nil, status.Error(codes.Unauthenticated, "Unauthenticated.") | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
|  |  | ||||||
| 	err = a.isValidToken(err, client) | 	err = a.isValidToken(err, client) | ||||||
| 	if err != nil { | 	if err != nil { | ||||||
|   | |||||||
| @@ -45,7 +45,7 @@ func apiCronWorkflow(cwf *v1.CronWorkflow) (cronWorkflow *api.CronWorkflow) { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (c *CronWorkflowServer) CreateCronWorkflow(ctx context.Context, req *api.CreateCronWorkflowRequest) (*api.CronWorkflow, error) { | func (c *CronWorkflowServer) CreateCronWorkflow(ctx context.Context, req *api.CreateCronWorkflowRequest) (*api.CronWorkflow, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "cronworkflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "cronworkflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -93,7 +93,7 @@ func (c *CronWorkflowServer) CreateCronWorkflow(ctx context.Context, req *api.Cr | |||||||
| } | } | ||||||
|  |  | ||||||
| func (c *CronWorkflowServer) UpdateCronWorkflow(ctx context.Context, req *api.UpdateCronWorkflowRequest) (*api.CronWorkflow, error) { | func (c *CronWorkflowServer) UpdateCronWorkflow(ctx context.Context, req *api.UpdateCronWorkflowRequest) (*api.CronWorkflow, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "cronworkflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "cronworkflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -142,7 +142,7 @@ func (c *CronWorkflowServer) UpdateCronWorkflow(ctx context.Context, req *api.Up | |||||||
| } | } | ||||||
|  |  | ||||||
| func (c *CronWorkflowServer) GetCronWorkflow(ctx context.Context, req *api.GetCronWorkflowRequest) (*api.CronWorkflow, error) { | func (c *CronWorkflowServer) GetCronWorkflow(ctx context.Context, req *api.GetCronWorkflowRequest) (*api.CronWorkflow, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "cronworkflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "cronworkflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -155,7 +155,7 @@ func (c *CronWorkflowServer) GetCronWorkflow(ctx context.Context, req *api.GetCr | |||||||
| } | } | ||||||
|  |  | ||||||
| func (c *CronWorkflowServer) ListCronWorkflows(ctx context.Context, req *api.ListCronWorkflowRequest) (*api.ListCronWorkflowsResponse, error) { | func (c *CronWorkflowServer) ListCronWorkflows(ctx context.Context, req *api.ListCronWorkflowRequest) (*api.ListCronWorkflowsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "cronworkflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "cronworkflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -186,7 +186,7 @@ func (c *CronWorkflowServer) ListCronWorkflows(ctx context.Context, req *api.Lis | |||||||
| } | } | ||||||
|  |  | ||||||
| func (c *CronWorkflowServer) DeleteCronWorkflow(ctx context.Context, req *api.DeleteCronWorkflowRequest) (*empty.Empty, error) { | func (c *CronWorkflowServer) DeleteCronWorkflow(ctx context.Context, req *api.DeleteCronWorkflowRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "cronworkflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "cronworkflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
|   | |||||||
| @@ -56,7 +56,7 @@ func NewLabelServer() *LabelServer { | |||||||
| func (s *LabelServer) GetLabels(ctx context.Context, req *api.GetLabelsRequest) (*api.GetLabelsResponse, error) { | func (s *LabelServer) GetLabels(ctx context.Context, req *api.GetLabelsRequest) (*api.GetLabelsResponse, error) { | ||||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||||
|  |  | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", argoResource, "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", argoResource, "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -75,7 +75,7 @@ func (s *LabelServer) GetLabels(ctx context.Context, req *api.GetLabelsRequest) | |||||||
| func (s *LabelServer) AddLabels(ctx context.Context, req *api.AddLabelsRequest) (*api.GetLabelsResponse, error) { | func (s *LabelServer) AddLabels(ctx context.Context, req *api.AddLabelsRequest) (*api.GetLabelsResponse, error) { | ||||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||||
|  |  | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", argoResource, "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", argoResource, "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -99,7 +99,7 @@ func (s *LabelServer) AddLabels(ctx context.Context, req *api.AddLabelsRequest) | |||||||
| func (s *LabelServer) ReplaceLabels(ctx context.Context, req *api.ReplaceLabelsRequest) (*api.GetLabelsResponse, error) { | func (s *LabelServer) ReplaceLabels(ctx context.Context, req *api.ReplaceLabelsRequest) (*api.GetLabelsResponse, error) { | ||||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||||
|  |  | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -123,7 +123,7 @@ func (s *LabelServer) ReplaceLabels(ctx context.Context, req *api.ReplaceLabelsR | |||||||
| func (s *LabelServer) DeleteLabel(ctx context.Context, req *api.DeleteLabelRequest) (*api.GetLabelsResponse, error) { | func (s *LabelServer) DeleteLabel(ctx context.Context, req *api.DeleteLabelRequest) (*api.GetLabelsResponse, error) { | ||||||
| 	argoResource := resourceIdentifierToArgoResource(req.Resource) | 	argoResource := resourceIdentifierToArgoResource(req.Resource) | ||||||
|  |  | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	// update verb here since we are not deleting the resource, but labels | 	// update verb here since we are not deleting the resource, but labels | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", argoResource, "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
|   | |||||||
| @@ -25,7 +25,7 @@ func apiNamespace(ns *v1.Namespace) (namespace *api.Namespace) { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *NamespaceServer) ListNamespaces(ctx context.Context, req *api.ListNamespacesRequest) (*api.ListNamespacesResponse, error) { | func (s *NamespaceServer) ListNamespaces(ctx context.Context, req *api.ListNamespacesRequest) (*api.ListNamespacesResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, "", "list", "", "namespaces", "") | 	allowed, err := auth.IsAuthorized(client, "", "list", "", "namespaces", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -72,7 +72,7 @@ func (s *NamespaceServer) ListNamespaces(ctx context.Context, req *api.ListNames | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *NamespaceServer) CreateNamespace(ctx context.Context, createNamespace *api.CreateNamespaceRequest) (*api.Namespace, error) { | func (s *NamespaceServer) CreateNamespace(ctx context.Context, createNamespace *api.CreateNamespaceRequest) (*api.Namespace, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, "", "create", "", "namespaces", "") | 	allowed, err := auth.IsAuthorized(client, "", "create", "", "namespaces", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
|   | |||||||
| @@ -23,7 +23,7 @@ func apiSecret(s *v1.Secret) *api.Secret { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) CreateSecret(ctx context.Context, req *api.CreateSecretRequest) (*empty.Empty, error) { | func (s *SecretServer) CreateSecret(ctx context.Context, req *api.CreateSecretRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "", "secrets", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "", "secrets", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -40,7 +40,7 @@ func (s *SecretServer) CreateSecret(ctx context.Context, req *api.CreateSecretRe | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) SecretExists(ctx context.Context, req *api.SecretExistsRequest) (secretExists *api.SecretExistsResponse, err error) { | func (s *SecretServer) SecretExists(ctx context.Context, req *api.SecretExistsRequest) (secretExists *api.SecretExistsResponse, err error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "", "secrets", req.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "", "secrets", req.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -58,7 +58,7 @@ func (s *SecretServer) SecretExists(ctx context.Context, req *api.SecretExistsRe | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) GetSecret(ctx context.Context, req *api.GetSecretRequest) (*api.Secret, error) { | func (s *SecretServer) GetSecret(ctx context.Context, req *api.GetSecretRequest) (*api.Secret, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "", "secrets", req.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "", "secrets", req.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -72,7 +72,7 @@ func (s *SecretServer) GetSecret(ctx context.Context, req *api.GetSecretRequest) | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) ListSecrets(ctx context.Context, req *api.ListSecretsRequest) (*api.ListSecretsResponse, error) { | func (s *SecretServer) ListSecrets(ctx context.Context, req *api.ListSecretsRequest) (*api.ListSecretsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "", "secrets", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "", "secrets", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -95,7 +95,7 @@ func (s *SecretServer) ListSecrets(ctx context.Context, req *api.ListSecretsRequ | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) DeleteSecret(ctx context.Context, req *api.DeleteSecretRequest) (deleted *api.DeleteSecretResponse, err error) { | func (s *SecretServer) DeleteSecret(ctx context.Context, req *api.DeleteSecretRequest) (deleted *api.DeleteSecretResponse, err error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -113,7 +113,7 @@ func (s *SecretServer) DeleteSecret(ctx context.Context, req *api.DeleteSecretRe | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) DeleteSecretKey(ctx context.Context, req *api.DeleteSecretKeyRequest) (deleted *api.DeleteSecretKeyResponse, err error) { | func (s *SecretServer) DeleteSecretKey(ctx context.Context, req *api.DeleteSecretKeyRequest) (deleted *api.DeleteSecretKeyResponse, err error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.SecretName) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.SecretName) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -139,7 +139,7 @@ func (s *SecretServer) DeleteSecretKey(ctx context.Context, req *api.DeleteSecre | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) AddSecretKeyValue(ctx context.Context, req *api.AddSecretKeyValueRequest) (updated *api.AddSecretKeyValueResponse, err error) { | func (s *SecretServer) AddSecretKeyValue(ctx context.Context, req *api.AddSecretKeyValueRequest) (updated *api.AddSecretKeyValueResponse, err error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.Secret.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "", "secrets", req.Secret.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -163,7 +163,7 @@ func (s *SecretServer) AddSecretKeyValue(ctx context.Context, req *api.AddSecret | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *SecretServer) UpdateSecretKeyValue(ctx context.Context, req *api.UpdateSecretKeyValueRequest) (updated *api.UpdateSecretKeyValueResponse, err error) { | func (s *SecretServer) UpdateSecretKeyValue(ctx context.Context, req *api.UpdateSecretKeyValueRequest) (updated *api.UpdateSecretKeyValueResponse, err error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "", "secrets", req.Secret.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "", "secrets", req.Secret.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
|   | |||||||
| @@ -1,5 +1,15 @@ | |||||||
| package server | package server | ||||||
|  |  | ||||||
|  | import ( | ||||||
|  | 	"context" | ||||||
|  | 	v1 "github.com/onepanelio/core/pkg" | ||||||
|  | 	"github.com/onepanelio/core/server/auth" | ||||||
|  | ) | ||||||
|  |  | ||||||
| const ( | const ( | ||||||
| 	TimeLayout = "2006-01-02 15:04:05" | 	TimeLayout = "2006-01-02 15:04:05" | ||||||
| ) | ) | ||||||
|  |  | ||||||
|  | func getClient(ctx context.Context) *v1.Client { | ||||||
|  | 	return ctx.Value(auth.ClientContextKey).(*v1.Client) | ||||||
|  | } | ||||||
|   | |||||||
| @@ -64,7 +64,7 @@ func apiWorkflowExecution(wf *v1.WorkflowExecution) (workflow *api.WorkflowExecu | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) CreateWorkflowExecution(ctx context.Context, req *api.CreateWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | func (s *WorkflowServer) CreateWorkflowExecution(ctx context.Context, req *api.CreateWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -93,7 +93,7 @@ func (s *WorkflowServer) CreateWorkflowExecution(ctx context.Context, req *api.C | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) CloneWorkflowExecution(ctx context.Context, req *api.CloneWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | func (s *WorkflowServer) CloneWorkflowExecution(ctx context.Context, req *api.CloneWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -108,7 +108,7 @@ func (s *WorkflowServer) CloneWorkflowExecution(ctx context.Context, req *api.Cl | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) AddWorkflowExecutionStatistics(ctx context.Context, req *api.AddWorkflowExecutionStatisticRequest) (*empty.Empty, error) { | func (s *WorkflowServer) AddWorkflowExecutionStatistics(ctx context.Context, req *api.AddWorkflowExecutionStatisticRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	phase := v1alpha1.NodeFailed | 	phase := v1alpha1.NodeFailed | ||||||
| 	if req.Statistics.WorkflowStatus == "Succeeded" { | 	if req.Statistics.WorkflowStatus == "Succeeded" { | ||||||
| 		phase = v1alpha1.NodeSucceeded | 		phase = v1alpha1.NodeSucceeded | ||||||
| @@ -133,7 +133,7 @@ func (s *WorkflowServer) AddWorkflowExecutionStatistics(ctx context.Context, req | |||||||
| // instead pass in the cron workflow uid, we can load the cron workflow from db that way and get | // instead pass in the cron workflow uid, we can load the cron workflow from db that way and get | ||||||
| // all required data. | // all required data. | ||||||
| func (s *WorkflowServer) CronStartWorkflowExecutionStatistic(ctx context.Context, req *api.CronStartWorkflowExecutionStatisticRequest) (*empty.Empty, error) { | func (s *WorkflowServer) CronStartWorkflowExecutionStatistic(ctx context.Context, req *api.CronStartWorkflowExecutionStatisticRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
| @@ -148,7 +148,7 @@ func (s *WorkflowServer) CronStartWorkflowExecutionStatistic(ctx context.Context | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) GetWorkflowExecution(ctx context.Context, req *api.GetWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | func (s *WorkflowServer) GetWorkflowExecution(ctx context.Context, req *api.GetWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -171,7 +171,7 @@ func (s *WorkflowServer) GetWorkflowExecution(ctx context.Context, req *api.GetW | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) WatchWorkflowExecution(req *api.WatchWorkflowExecutionRequest, stream api.WorkflowService_WatchWorkflowExecutionServer) error { | func (s *WorkflowServer) WatchWorkflowExecution(req *api.WatchWorkflowExecutionRequest, stream api.WorkflowService_WatchWorkflowExecutionServer) error { | ||||||
| 	client := stream.Context().Value("kubeClient").(*v1.Client) | 	client := getClient(stream.Context()) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return err | 		return err | ||||||
| @@ -195,7 +195,7 @@ func (s *WorkflowServer) WatchWorkflowExecution(req *api.WatchWorkflowExecutionR | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) GetWorkflowExecutionLogs(req *api.GetWorkflowExecutionLogsRequest, stream api.WorkflowService_GetWorkflowExecutionLogsServer) error { | func (s *WorkflowServer) GetWorkflowExecutionLogs(req *api.GetWorkflowExecutionLogsRequest, stream api.WorkflowService_GetWorkflowExecutionLogsServer) error { | ||||||
| 	client := stream.Context().Value("kubeClient").(*v1.Client) | 	client := getClient(stream.Context()) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return err | 		return err | ||||||
| @@ -225,7 +225,7 @@ func (s *WorkflowServer) GetWorkflowExecutionLogs(req *api.GetWorkflowExecutionL | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) GetWorkflowExecutionMetrics(ctx context.Context, req *api.GetWorkflowExecutionMetricsRequest) (*api.GetWorkflowExecutionMetricsResponse, error) { | func (s *WorkflowServer) GetWorkflowExecutionMetrics(ctx context.Context, req *api.GetWorkflowExecutionMetricsRequest) (*api.GetWorkflowExecutionMetricsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -252,7 +252,7 @@ func (s *WorkflowServer) GetWorkflowExecutionMetrics(ctx context.Context, req *a | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) ListWorkflowExecutions(ctx context.Context, req *api.ListWorkflowExecutionsRequest) (*api.ListWorkflowExecutionsResponse, error) { | func (s *WorkflowServer) ListWorkflowExecutions(ctx context.Context, req *api.ListWorkflowExecutionsRequest) (*api.ListWorkflowExecutionsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -284,7 +284,7 @@ func (s *WorkflowServer) ListWorkflowExecutions(ctx context.Context, req *api.Li | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) ResubmitWorkflowExecution(ctx context.Context, req *api.ResubmitWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | func (s *WorkflowServer) ResubmitWorkflowExecution(ctx context.Context, req *api.ResubmitWorkflowExecutionRequest) (*api.WorkflowExecution, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -299,7 +299,7 @@ func (s *WorkflowServer) ResubmitWorkflowExecution(ctx context.Context, req *api | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) TerminateWorkflowExecution(ctx context.Context, req *api.TerminateWorkflowExecutionRequest) (*empty.Empty, error) { | func (s *WorkflowServer) TerminateWorkflowExecution(ctx context.Context, req *api.TerminateWorkflowExecutionRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflows", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflows", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -314,7 +314,7 @@ func (s *WorkflowServer) TerminateWorkflowExecution(ctx context.Context, req *ap | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) GetArtifact(ctx context.Context, req *api.GetArtifactRequest) (*api.ArtifactResponse, error) { | func (s *WorkflowServer) GetArtifact(ctx context.Context, req *api.GetArtifactRequest) (*api.ArtifactResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -331,7 +331,7 @@ func (s *WorkflowServer) GetArtifact(ctx context.Context, req *api.GetArtifactRe | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) ListFiles(ctx context.Context, req *api.ListFilesRequest) (*api.ListFilesResponse, error) { | func (s *WorkflowServer) ListFiles(ctx context.Context, req *api.ListFilesRequest) (*api.ListFilesResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -375,7 +375,7 @@ func (s *WorkflowServer) ListFiles(ctx context.Context, req *api.ListFilesReques | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowServer) UpdateWorkflowExecutionStatus(ctx context.Context, req *api.UpdateWorkflowExecutionStatusRequest) (*empty.Empty, error) { | func (s *WorkflowServer) UpdateWorkflowExecutionStatus(ctx context.Context, req *api.UpdateWorkflowExecutionStatusRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflows", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflows", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
|   | |||||||
| @@ -56,7 +56,7 @@ func apiWorkflowTemplate(wft *v1.WorkflowTemplate) *api.WorkflowTemplate { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) CreateWorkflowTemplate(ctx context.Context, req *api.CreateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | func (s *WorkflowTemplateServer) CreateWorkflowTemplate(ctx context.Context, req *api.CreateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -77,7 +77,7 @@ func (s *WorkflowTemplateServer) CreateWorkflowTemplate(ctx context.Context, req | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) CreateWorkflowTemplateVersion(ctx context.Context, req *api.CreateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | func (s *WorkflowTemplateServer) CreateWorkflowTemplateVersion(ctx context.Context, req *api.CreateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", req.WorkflowTemplate.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", req.WorkflowTemplate.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -107,7 +107,7 @@ func (s *WorkflowTemplateServer) CreateWorkflowTemplateVersion(ctx context.Conte | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) UpdateWorkflowTemplateVersion(ctx context.Context, req *api.UpdateWorkflowTemplateVersionRequest) (*api.WorkflowTemplate, error) { | func (s *WorkflowTemplateServer) UpdateWorkflowTemplateVersion(ctx context.Context, req *api.UpdateWorkflowTemplateVersionRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflowtemplates", req.WorkflowTemplate.Name) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflowtemplates", req.WorkflowTemplate.Name) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -128,7 +128,7 @@ func (s *WorkflowTemplateServer) UpdateWorkflowTemplateVersion(ctx context.Conte | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) GetWorkflowTemplate(ctx context.Context, req *api.GetWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | func (s *WorkflowTemplateServer) GetWorkflowTemplate(ctx context.Context, req *api.GetWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -149,7 +149,7 @@ func (s *WorkflowTemplateServer) GetWorkflowTemplate(ctx context.Context, req *a | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) CloneWorkflowTemplate(ctx context.Context, req *api.CloneWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | func (s *WorkflowTemplateServer) CloneWorkflowTemplate(ctx context.Context, req *api.CloneWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
|  |  | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| @@ -187,7 +187,7 @@ func (s *WorkflowTemplateServer) CloneWorkflowTemplate(ctx context.Context, req | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) ListWorkflowTemplateVersions(ctx context.Context, req *api.ListWorkflowTemplateVersionsRequest) (*api.ListWorkflowTemplateVersionsResponse, error) { | func (s *WorkflowTemplateServer) ListWorkflowTemplateVersions(ctx context.Context, req *api.ListWorkflowTemplateVersionsRequest) (*api.ListWorkflowTemplateVersionsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -210,7 +210,7 @@ func (s *WorkflowTemplateServer) ListWorkflowTemplateVersions(ctx context.Contex | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) ListWorkflowTemplates(ctx context.Context, req *api.ListWorkflowTemplatesRequest) (*api.ListWorkflowTemplatesResponse, error) { | func (s *WorkflowTemplateServer) ListWorkflowTemplates(ctx context.Context, req *api.ListWorkflowTemplatesRequest) (*api.ListWorkflowTemplatesResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -242,7 +242,7 @@ func (s *WorkflowTemplateServer) ListWorkflowTemplates(ctx context.Context, req | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkflowTemplateServer) ArchiveWorkflowTemplate(ctx context.Context, req *api.ArchiveWorkflowTemplateRequest) (*api.ArchiveWorkflowTemplateResponse, error) { | func (s *WorkflowTemplateServer) ArchiveWorkflowTemplate(ctx context.Context, req *api.ArchiveWorkflowTemplateRequest) (*api.ArchiveWorkflowTemplateResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
|   | |||||||
| @@ -62,7 +62,7 @@ func NewWorkspaceServer() *WorkspaceServer { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) CreateWorkspace(ctx context.Context, req *api.CreateWorkspaceRequest) (*api.Workspace, error) { | func (s *WorkspaceServer) CreateWorkspace(ctx context.Context, req *api.CreateWorkspaceRequest) (*api.Workspace, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "apps", "statefulsets", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "apps", "statefulsets", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -107,7 +107,7 @@ func (s *WorkspaceServer) CreateWorkspace(ctx context.Context, req *api.CreateWo | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) GetWorkspace(ctx context.Context, req *api.GetWorkspaceRequest) (*api.Workspace, error) { | func (s *WorkspaceServer) GetWorkspace(ctx context.Context, req *api.GetWorkspaceRequest) (*api.Workspace, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "apps", "statefulsets", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "apps", "statefulsets", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -138,7 +138,7 @@ func (s *WorkspaceServer) GetWorkspace(ctx context.Context, req *api.GetWorkspac | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) UpdateWorkspaceStatus(ctx context.Context, req *api.UpdateWorkspaceStatusRequest) (*empty.Empty, error) { | func (s *WorkspaceServer) UpdateWorkspaceStatus(ctx context.Context, req *api.UpdateWorkspaceStatusRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
| @@ -153,7 +153,7 @@ func (s *WorkspaceServer) UpdateWorkspaceStatus(ctx context.Context, req *api.Up | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) UpdateWorkspace(ctx context.Context, req *api.UpdateWorkspaceRequest) (*empty.Empty, error) { | func (s *WorkspaceServer) UpdateWorkspace(ctx context.Context, req *api.UpdateWorkspaceRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
| @@ -176,7 +176,7 @@ func (s *WorkspaceServer) UpdateWorkspace(ctx context.Context, req *api.UpdateWo | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) ListWorkspaces(ctx context.Context, req *api.ListWorkspaceRequest) (*api.ListWorkspaceResponse, error) { | func (s *WorkspaceServer) ListWorkspaces(ctx context.Context, req *api.ListWorkspaceRequest) (*api.ListWorkspaceResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "statefulsets", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "statefulsets", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -212,7 +212,7 @@ func (s *WorkspaceServer) ListWorkspaces(ctx context.Context, req *api.ListWorks | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) PauseWorkspace(ctx context.Context, req *api.PauseWorkspaceRequest) (*empty.Empty, error) { | func (s *WorkspaceServer) PauseWorkspace(ctx context.Context, req *api.PauseWorkspaceRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
| @@ -224,7 +224,7 @@ func (s *WorkspaceServer) PauseWorkspace(ctx context.Context, req *api.PauseWork | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) ResumeWorkspace(ctx context.Context, req *api.ResumeWorkspaceRequest) (*empty.Empty, error) { | func (s *WorkspaceServer) ResumeWorkspace(ctx context.Context, req *api.ResumeWorkspaceRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "apps", "statefulsets", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
| @@ -236,7 +236,7 @@ func (s *WorkspaceServer) ResumeWorkspace(ctx context.Context, req *api.ResumeWo | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceServer) DeleteWorkspace(ctx context.Context, req *api.DeleteWorkspaceRequest) (*empty.Empty, error) { | func (s *WorkspaceServer) DeleteWorkspace(ctx context.Context, req *api.DeleteWorkspaceRequest) (*empty.Empty, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "apps", "statefulsets", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "apps", "statefulsets", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return &empty.Empty{}, err | 		return &empty.Empty{}, err | ||||||
|   | |||||||
| @@ -37,7 +37,7 @@ func NewWorkspaceTemplateServer() *WorkspaceTemplateServer { | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s WorkspaceTemplateServer) GenerateWorkspaceTemplateWorkflowTemplate(ctx context.Context, req *api.GenerateWorkspaceTemplateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | func (s WorkspaceTemplateServer) GenerateWorkspaceTemplateWorkflowTemplate(ctx context.Context, req *api.GenerateWorkspaceTemplateWorkflowTemplateRequest) (*api.WorkflowTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -64,7 +64,7 @@ func (s WorkspaceTemplateServer) GenerateWorkspaceTemplateWorkflowTemplate(ctx c | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) CreateWorkspaceTemplate(ctx context.Context, req *api.CreateWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | func (s *WorkspaceTemplateServer) CreateWorkspaceTemplate(ctx context.Context, req *api.CreateWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -86,7 +86,7 @@ func (s *WorkspaceTemplateServer) CreateWorkspaceTemplate(ctx context.Context, r | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) UpdateWorkspaceTemplate(ctx context.Context, req *api.UpdateWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | func (s *WorkspaceTemplateServer) UpdateWorkspaceTemplate(ctx context.Context, req *api.UpdateWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflowtemplates", req.Uid) | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "update", "argoproj.io", "workflowtemplates", req.Uid) | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -108,7 +108,7 @@ func (s *WorkspaceTemplateServer) UpdateWorkspaceTemplate(ctx context.Context, r | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) GetWorkspaceTemplate(ctx context.Context, req *api.GetWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | func (s *WorkspaceTemplateServer) GetWorkspaceTemplate(ctx context.Context, req *api.GetWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "get", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -123,7 +123,7 @@ func (s *WorkspaceTemplateServer) GetWorkspaceTemplate(ctx context.Context, req | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) ListWorkspaceTemplates(ctx context.Context, req *api.ListWorkspaceTemplatesRequest) (*api.ListWorkspaceTemplatesResponse, error) { | func (s *WorkspaceTemplateServer) ListWorkspaceTemplates(ctx context.Context, req *api.ListWorkspaceTemplatesRequest) (*api.ListWorkspaceTemplatesResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "create", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -155,7 +155,7 @@ func (s *WorkspaceTemplateServer) ListWorkspaceTemplates(ctx context.Context, re | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) ListWorkspaceTemplateVersions(ctx context.Context, req *api.ListWorkspaceTemplateVersionsRequest) (*api.ListWorkspaceTemplateVersionsResponse, error) { | func (s *WorkspaceTemplateServer) ListWorkspaceTemplateVersions(ctx context.Context, req *api.ListWorkspaceTemplateVersionsRequest) (*api.ListWorkspaceTemplateVersionsResponse, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "list", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
| @@ -178,7 +178,7 @@ func (s *WorkspaceTemplateServer) ListWorkspaceTemplateVersions(ctx context.Cont | |||||||
| } | } | ||||||
|  |  | ||||||
| func (s *WorkspaceTemplateServer) ArchiveWorkspaceTemplate(ctx context.Context, req *api.ArchiveWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | func (s *WorkspaceTemplateServer) ArchiveWorkspaceTemplate(ctx context.Context, req *api.ArchiveWorkspaceTemplateRequest) (*api.WorkspaceTemplate, error) { | ||||||
| 	client := ctx.Value("kubeClient").(*v1.Client) | 	client := getClient(ctx) | ||||||
| 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "workflowtemplates", "") | 	allowed, err := auth.IsAuthorized(client, req.Namespace, "delete", "argoproj.io", "workflowtemplates", "") | ||||||
| 	if err != nil || !allowed { | 	if err != nil || !allowed { | ||||||
| 		return nil, err | 		return nil, err | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 rushtehrani
					rushtehrani