feat: ui experiment#397
Draft
trevex wants to merge 32 commits into
Draft
Conversation
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…n in the rendertask hashes
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
| // Try to serve the file directly | ||
| f, err := fsys.Open(r.URL.Path) |
… helm-template and ui-e2e test
#499) … helm-template and ui-e2e test ## What Implements user impersonation ("Preview as") in the solar-ui BFF and frontend. Closes #432 ## Why Platform admins need to preview the UI as other users to validate that RBAC restrictions are working correctly, without logging out and back in as a different user. ## Testing - Manual: logged in as admin@solar.local against `make ui-dev` cluster, verified /api/auth/impersonation-targets returns the configured personas, impersonation activates/clears correctly, permissions reflect the persona's RBAC, and isAdmin remains true on the real identity while impersonating - Playwright e2e: new impersonation.spec.ts covering unauthenticated 401s, admin access, the activate → check permissions → clear lifecycle, and invalid input rejection. run via `make ui-test-e2e` ## Notes for reviewers **How admin access works:** The BFF uses its own service-account credentials to list ClusterRoleBindings labeled solar.opendefense.cloud/admin=true and checks the session's username/groups against subjects. This avoids issuing a SelfSubjectAccessReview as the logged-in user (which would fail in impersonate auth-mode) and is immune to active impersonation state. **New RBAC resources (via Helm):** - admin-clusterrolebinding.yaml: solar-ui:admin ClusterRole + CRB, populated from values.ui.admin.subjects with admin label used to distinguish admins in the BFF - impersonation-clusterrolebinding.yaml: solar-ui:impersonate:$username ClusterRoles + CRBs, populated from values.ui.impersonation.targets with impersonatable label - rbac.yaml: grants the BFF SA list on clusterroles and clusterrolebindings (needed for admin check and impersonatable discovery) ## Checklist - [*] Tests added/updated - [*] No breaking changes (or upgrade path documented above) - [*] Readable commit history (squashed and cleaned up as desired) - [*] AI code review considered and comments resolved <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Administrators can now impersonate other users to preview and test their experience * Admin role support integrated with Kubernetes RBAC * Routes and navigation now protected based on user permissions * **Documentation** * Added UI access control configuration guide * **Tests** * Added impersonation workflow tests <!-- end of auto-generated comment: release notes by coderabbit.ai -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.