From ce5703bee61d0f313996d216bccb03421c04fb97 Mon Sep 17 00:00:00 2001 From: Victor Rubezhny Date: Fri, 3 Nov 2023 17:52:34 +0100 Subject: [PATCH] Creating project into sandbox has user limitation #3336 Fixes: #3336 Signed-off-by: Victor Rubezhny --- package.json | 4 ++-- src/explorer.ts | 2 ++ src/oc/ocWrapper.ts | 19 +++++++++++++++++++ test/integration/ocWrapper.test.ts | 13 +++++++++++++ 4 files changed, 36 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index bb0f6114f..bbd17097d 100644 --- a/package.json +++ b/package.json @@ -1521,7 +1521,7 @@ }, { "command": "openshift.project.create", - "when": "view == openshiftProjectExplorer && viewItem == openshift.k8sContext", + "when": "view == openshiftProjectExplorer && viewItem == openshift.k8sContext && canCreateNamespace", "group": "c1" }, { @@ -1667,7 +1667,7 @@ }, { "command": "openshift.project.set", - "when": "view == openshiftProjectExplorer && viewItem == openshift.k8sContext || viewItem == openshift.project", + "when": "view == openshiftProjectExplorer && (viewItem == openshift.k8sContext || viewItem == openshift.project) && canCreateNamespace", "group": "inline" }, { diff --git a/src/explorer.ts b/src/explorer.ts index 97cb97ef2..f01c73a88 100644 --- a/src/explorer.ts +++ b/src/explorer.ts @@ -179,6 +179,8 @@ export class OpenShiftExplorer implements TreeDataProvider, Dispos result = [this.kubeContext]; if (this.kubeContext) { const config = getKubeConfigFiles(); + const canCreateNamespace = await Oc.Instance.canCreateNamespace(); + void commands.executeCommand('setContext', 'canCreateNamespace', canCreateNamespace); result.unshift({label: process.env.KUBECONFIG ? 'Custom KubeConfig' : 'Default KubeConfig', description: config.join(':')}) } } catch (err) { diff --git a/src/oc/ocWrapper.ts b/src/oc/ocWrapper.ts index 22e15b690..90025e973 100644 --- a/src/oc/ocWrapper.ts +++ b/src/oc/ocWrapper.ts @@ -175,6 +175,25 @@ export class Oc { return false; } + /** + * Returns true if the current user is authorized to create a namespace on the cluster, and false otherwise. + * + * @returns true if the current user is authorized to create namespace on the cluster, and false otherwise + */ + public async canCreateNamespace(): Promise { + try { + const result = await CliChannel.getInstance().executeTool( + new CommandText('oc', 'auth can-i create projectrequests'), + ); + if (result.stdout === 'yes') { + return true; + } + } catch { + //ignore + } + return false; + } + /** * Deletes all deployments in the current namespace that have a label "component" with a value `componentName`. * diff --git a/test/integration/ocWrapper.test.ts b/test/integration/ocWrapper.test.ts index 1cf480e36..9ffb1be3b 100644 --- a/test/integration/ocWrapper.test.ts +++ b/test/integration/ocWrapper.test.ts @@ -63,6 +63,19 @@ suite('./oc/ocWrapper.ts', function () { } }); + test('canCreateNamespace()', async function () { + const canCreateNamespace1 = await Oc.Instance.canCreateNamespace(); + expect(canCreateNamespace1).to.exist; + expect(canCreateNamespace1).to.equal(true); + if (isOpenShift) { + await Oc.Instance.logout(); + const canCreateNamespace2 = await Oc.Instance.canCreateNamespace(); + expect(canCreateNamespace2).to.exist; + expect(canCreateNamespace2).to.equal(false); + await Oc.Instance.loginWithUsernamePassword(clusterUrl, username, password); + } + }); + suite('create, list, and delete kubernetes objects', function () { const serviceName = 'my-test-service'; const projectName = 'my-test-service-project2';