CONSOLE-4734: Multi-group impersonation Combined #15612
Conversation
…tion Support multiple Impersonate-Group subprotocols on WebSocket connections. Maintains backward compatibility for single-group impersonation.
…nation Handle X-Console-Impersonate-Groups header by splitting comma-separated groups into multiple Impersonate-Group headers for Kubernetes API.
Update GraphQL context to support array-valued headers for multi-group
impersonation. Change headers type from map[string]string to map[string]interface{}
to support both single string values and []string arrays.
Update fetch utilities to handle multi-group impersonation: - Support array-valued Impersonate-Group headers - Convert array to X-Console-Impersonate-Groups for fetch() API compatibility - Add UserWithGroups kind support in header generation
…ation Add multi-group support to Redux actions: - Update startImpersonate to accept groups parameter - Encode multiple groups as WebSocket subprotocols in UserWithGroups mode - Pass groups to beginImpersonate action - Expose store and UIActions for testing (temporary)
Add modal component for multi-group user impersonation: - TypeScript React component with group selection - Multi-select group input with search/filter - Chip display for selected groups - Form validation for username - Internationalization support
Integrate multi-group impersonation into the UI: - Update impersonation banner to display multiple groups - Add modal trigger in masthead toolbar - Update user component to show impersonated user - Add feature flag checks in app component - Add masthead menu items for start/stop impersonation - Add enabled parameter to usePackageManifestCheck hook
|
@Leo6Leo: This pull request references CONSOLE-4734 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Leo6Leo The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| window.store = store; | ||
| } | ||
|
|
||
| // Temporary: Expose store for testing multi-group impersonation |
There was a problem hiding this comment.
This need to get removed whenever the PR is ready to get merged.
… in the multi-group impersonation modal.
|
/cc @logonoff |
…y logonoff Co-authored-by: logonoff <git@logonoff.co>
|
Frontend test is failing |
|
@Leo6Leo: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Description
As a cluster administrator want to impersonate a user with multiple group memberships simultaneously, so that I can accurately reproduce their effective permissions and troubleshoot RBAC issues.
The feature flag
bridge/impersonate-enabledin localStorage will keep the feature hidden/display from users until all frontend and backend components are complete and merged.The flag is disabled by default.