github
/
portainer
mirror of https://github.com/portainer/portainer
1
0
Fork 0
Code Issues Releases Wiki Activity

feat(k8s/resource-pool): prevent admins from making changes to "system" namespaces (#4167)

pull/4173/head
Maxime Bajeux 2020-08-07 02:03:00 +02:00 committed by GitHub
parent d85708f6ea
commit b8f8c75380
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/kubernetes/views/resource-pools/edit/resourcePool.html
View File

@ -21,9 +21,9 @@
</div> </div>
</div> </div>
<!-- !name-input --> <!-- !name-input -->
<div ng-if="ctrl.isAdmin" class="col-sm-12 form-section-title">Quota</div> <div ng-if="ctrl.isAdmin && ctrl.isEditable" class="col-sm-12 form-section-title">Quota</div>
<!-- quotas-switch --> <!-- quotas-switch -->
<div ng-if="ctrl.isAdmin" class="form-group"> <div ng-if="ctrl.isAdmin && ctrl.isEditable" class="form-group">
<div class="col-sm-12"> <div class="col-sm-12">
<label class="control-label text-left"> <label class="control-label text-left">
Resource assignment Resource assignment
@ -37,7 +37,7 @@
</span> </span>
</div> </div>
<!-- !quotas-switch --> <!-- !quotas-switch -->
<div ng-if="ctrl.formValues.hasQuota && ctrl.isAdmin"> <div ng-if="ctrl.formValues.hasQuota && ctrl.isAdmin && ctrl.isEditable">
<div class="col-sm-12 form-section-title"> <div class="col-sm-12 form-section-title">
Resource limits Resource limits
</div> </div>
@ -121,10 +121,10 @@
</kubernetes-resource-reservation> </kubernetes-resource-reservation>
</div> </div>
<!-- actions --> <!-- actions -->
<div ng-if="ctrl.isAdmin" class="col-sm-12 form-section-title"> <div ng-if="ctrl.isAdmin && ctrl.isEditable" class="col-sm-12 form-section-title">
Actions Actions
</div> </div>
<div ng-if="ctrl.isAdmin" class="form-group"> <div ng-if="ctrl.isAdmin && ctrl.isEditable" class="form-group">
<div class="col-sm-12"> <div class="col-sm-12">
<button <button
type="button" type="button"

9
app/kubernetes/views/resource-pools/edit/resourcePoolController.js
View File

@ -18,7 +18,8 @@ class KubernetesResourcePoolController {
KubernetesResourcePoolService, KubernetesResourcePoolService,
KubernetesEventService, KubernetesEventService,
KubernetesPodService, KubernetesPodService,
KubernetesApplicationService KubernetesApplicationService,
KubernetesNamespaceHelper
) { ) {
this.$async = $async; this.$async = $async;
this.$state = $state; this.$state = $state;
@ -32,6 +33,7 @@ class KubernetesResourcePoolController {
this.KubernetesEventService = KubernetesEventService; this.KubernetesEventService = KubernetesEventService;
this.KubernetesPodService = KubernetesPodService; this.KubernetesPodService = KubernetesPodService;
this.KubernetesApplicationService = KubernetesApplicationService; this.KubernetesApplicationService = KubernetesApplicationService;
this.KubernetesNamespaceHelper = KubernetesNamespaceHelper;
this.onInit = this.onInit.bind(this); this.onInit = this.onInit.bind(this);
this.createResourceQuotaAsync = this.createResourceQuotaAsync.bind(this); this.createResourceQuotaAsync = this.createResourceQuotaAsync.bind(this);
@ -206,6 +208,11 @@ class KubernetesResourcePoolController {
this.state.memoryUsed = KubernetesResourceReservationHelper.megaBytesValue(quota.MemoryLimitUsed); this.state.memoryUsed = KubernetesResourceReservationHelper.megaBytesValue(quota.MemoryLimitUsed);
} }
this.isEditable = !this.KubernetesNamespaceHelper.isSystemNamespace(this.pool.Namespace.Name);
if (this.pool.Namespace.Name === 'default') {
this.isEditable = false;
}
await this.getEvents(); await this.getEvents();
await this.getApplications(); await this.getApplications();
} catch (err) { } catch (err) {