dashboard icon indicating copy to clipboard operation
dashboard copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

If user does not have permission for the resource, the action should be not shown.

Open shu-mutou opened this issue 5 years ago • 5 comments

Environment

Installation method: minikube v1.4.0 and development container for dashboard
Kubernetes version: 1.16.0
Dashboard version: master
Operating system: Ubuntu 18.04 LTS
Node.js version ('node --version' output): 11.15.0
Go version ('go version' output): 1.12.6
Steps to reproduce

Add kubernetes-dashboard resources into minikube.

  1. Deploy dashboard and resources needed with running kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml into minikube.
  2. Attach cluster-admin ClusterRole with kubernetes-dashboard ServiceAccount in new ClusterRoleBinding labeled k8s-app: kubernetes-dashboard.
  3. Edit type as NodePort in dashboard-metrics-scraper of Service

Run dashboard.

  1. Run dashboard using development container according to Getting started.

Show dashboard in browser.

  1. Get token for kubernetes-dashboard ServiceAccount.
  2. Log in with the token above.
  3. Show secret list.
  4. Right click kubernetes-dashboard-certs or kubernetes-dashboard-key-holder.
Observed result

They have Edit menu, but it could not get its YAML in edit view. And got 401 error in browser console.

Expected result

If user does not have permission for the resource, it's better to hide Edit menu.

Comments

shu-mutou avatar Oct 02 '19 03:10 shu-mutou

Yes, this is really a problem that causes the user experience to be bad. But this means that we need to cache user information or permissions after the user logs in, and then do permission judgment. I had already submitted some pr(#4496 and #4480 ) for get list/detail of Role、ClusterRole、ClusterRoleBinding、RoleBinding,maybe can be used in this problem.

zehuaiWANG avatar Nov 04 '19 01:11 zehuaiWANG

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

fejta-bot avatar Feb 02 '20 01:02 fejta-bot

/remove-lifecycle stale

pierluigilenoci avatar Feb 03 '20 09:02 pierluigilenoci

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

fejta-bot avatar May 03 '20 09:05 fejta-bot

/lifecycle frozen

maciaszczykm avatar May 04 '20 07:05 maciaszczykm