@stolostron/multicluster-sdk/lib/internal/checkAccess.js

Provides extensions and APIs that dynamic plugins can use to leverage multicluster capabilities provided by Red Hat Advanced Cluster Management.

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkAccess = void 0;
const lodash_1 = __importDefault(require("lodash"));
const fleetK8sCreate_1 = require("../api/fleetK8sCreate");
const models_1 = require("./models");
/**
 * Memoizes the result so it is possible to only make the request once for each access review.
 * This does mean that the user will have to refresh the page to see updates.
 * Function takes in the destructured resource attributes so that the cache keys are stable.
 * `JSON.stringify` is not guaranteed to give the same result for equivalent objects.
 * Impersonate headers are added automatically by `k8sCreate`.
 * @param group resource group.
 * @param resource resource string.
 * @param subresource subresource string.
 * @param verb K8s verb.
 * @param namespace namespace.
 * @param impersonateKey parameter to include in the cache key even though it's not used in the function body.
 * @returns Memoized result of the access review.
 */
exports.checkAccess = lodash_1.default.memoize((group, resource, subresource, verb, name, namespace, cluster) => {
    const reviewNamespace = group === 'project.openshift.io' && resource === 'projects' ? name : namespace;
    const selfSubjectAccessReview = {
        apiVersion: 'authorization.k8s.io/v1',
        kind: 'SelfSubjectAccessReview',
        spec: {
            resourceAttributes: {
                group,
                resource,
                subresource,
                verb,
                name,
                namespace: reviewNamespace,
            },
        },
    };
    return (0, fleetK8sCreate_1.fleetK8sCreate)({
        model: models_1.SelfSubjectAccessReviewModel,
        data: selfSubjectAccessReview,
        cluster,
    });
}, (...args) => args.join('~'));
//# sourceMappingURL=checkAccess.js.map