839fdd4819
Add comprehensive RBAC permission checking using Kubernetes SelfSubjectAccessReview API. Hide/disable UI elements based on user permissions for better security and UX. Features: - RBAC module with permission checking utilities - React hooks for permission management (usePermissions, usePermission, etc.) - Permission-aware UI (hide create/delete/re-encrypt buttons) - Decrypt button disabled if no Secret access - Multi-namespace permission support - Fail-safe design (returns false on error) Technical details: - Uses Kubernetes authorization.k8s.io/v1 SelfSubjectAccessReview API - Concurrent permission checks with Promise.all - Automatic loading states and error handling - React cleanup on unmount prevents memory leaks - Type-safe with Result<T, E> types Files: - src/lib/rbac.ts: NEW RBAC checking module (+168 lines) - src/hooks/usePermissions.ts: NEW React hooks (+138 lines) - src/components/SealedSecretList.tsx: Hide create button if no permission - src/components/SealedSecretDetail.tsx: Hide re-encrypt/delete/decrypt based on permissions - PHASE_2.3_COMPLETE.md: Implementation documentation - .claude/agents/: Add 5 new specialized agents (test, accessibility, docs, orchestration) Bundle size: 348.46 kB (96.05 kB gzipped), +1.81 kB (+0.5%) Build time: 3.93s Zero TypeScript/lint errors Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
1 line
9.6 KiB
Plaintext
1 line
9.6 KiB
Plaintext
[{"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/DecryptDialog.tsx":"1","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/EncryptDialog.tsx":"2","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealedSecretDetail.tsx":"3","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealedSecretList.tsx":"4","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealingKeysView.tsx":"5","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SecretDetailsSection.tsx":"6","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SettingsPage.tsx":"7","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/headlamp-plugin.d.ts":"8","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/index.tsx":"9","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/SealedSecretCRD.ts":"10","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/controller.ts":"11","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/crypto.ts":"12","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/types.ts":"13","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/retry.ts":"14","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/validators.ts":"15","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/ControllerStatus.tsx":"16","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/hooks/usePermissions.ts":"17","/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/rbac.ts":"18"},{"size":4252,"mtime":1770861254580,"results":"19","hashOfConfig":"20"},{"size":10175,"mtime":1770863396973,"results":"21","hashOfConfig":"20"},{"size":9222,"mtime":1770864525800,"results":"22","hashOfConfig":"20"},{"size":4037,"mtime":1770864490462,"results":"23","hashOfConfig":"20"},{"size":6497,"mtime":1770863943018,"results":"24","hashOfConfig":"20"},{"size":2032,"mtime":1770858581485,"results":"25","hashOfConfig":"20"},{"size":3449,"mtime":1770863932003,"results":"26","hashOfConfig":"20"},{"size":654,"mtime":1770858275829,"results":"27","hashOfConfig":"20"},{"size":2697,"mtime":1770858849286,"results":"28","hashOfConfig":"20"},{"size":2254,"mtime":1770858403695,"results":"29","hashOfConfig":"20"},{"size":6452,"mtime":1770863898051,"results":"30","hashOfConfig":"20"},{"size":7209,"mtime":1770863322422,"results":"31","hashOfConfig":"20"},{"size":6707,"mtime":1770863305113,"results":"32","hashOfConfig":"20"},{"size":5606,"mtime":1770862923585,"results":"33","hashOfConfig":"20"},{"size":6584,"mtime":1770862946820,"results":"34","hashOfConfig":"20"},{"size":3311,"mtime":1770863913041,"results":"35","hashOfConfig":"20"},{"size":3720,"mtime":1770864547919,"results":"36","hashOfConfig":"20"},{"size":5047,"mtime":1770864455110,"results":"37","hashOfConfig":"20"},{"filePath":"38","messages":"39","suppressedMessages":"40","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},"sz0q8e",{"filePath":"41","messages":"42","suppressedMessages":"43","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"44","messages":"45","suppressedMessages":"46","errorCount":0,"fatalErrorCount":0,"warningCount":1,"fixableErrorCount":0,"fixableWarningCount":1,"source":null},{"filePath":"47","messages":"48","suppressedMessages":"49","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"50","messages":"51","suppressedMessages":"52","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"53","messages":"54","suppressedMessages":"55","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"56","messages":"57","suppressedMessages":"58","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"59","messages":"60","suppressedMessages":"61","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"62","messages":"63","suppressedMessages":"64","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"65","messages":"66","suppressedMessages":"67","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"68","messages":"69","suppressedMessages":"70","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"71","messages":"72","suppressedMessages":"73","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"74","messages":"75","suppressedMessages":"76","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"77","messages":"78","suppressedMessages":"79","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"80","messages":"81","suppressedMessages":"82","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"83","messages":"84","suppressedMessages":"85","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"86","messages":"87","suppressedMessages":"88","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},{"filePath":"89","messages":"90","suppressedMessages":"91","errorCount":0,"fatalErrorCount":0,"warningCount":0,"fixableErrorCount":0,"fixableWarningCount":0},"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/DecryptDialog.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/EncryptDialog.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealedSecretDetail.tsx",["92"],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealedSecretList.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SealingKeysView.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SecretDetailsSection.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/SettingsPage.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/headlamp-plugin.d.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/index.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/SealedSecretCRD.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/controller.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/crypto.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/types.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/retry.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/validators.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/components/ControllerStatus.tsx",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/hooks/usePermissions.ts",[],[],"/Users/cpfarhood/Documents/Repositories/headlamp-sealed-secrets-plugin/headlamp-sealed-secrets/src/lib/rbac.ts",[],[],{"ruleId":"93","severity":1,"message":"94","line":8,"column":1,"nodeType":null,"messageId":"95","endLine":25,"endColumn":49,"fix":"96"},"simple-import-sort/imports","Run autofix to sort these imports!","sort",{"range":"97","text":"98"},[169,965],"import { K8s } from '@kinvolk/headlamp-plugin/lib';\nimport { Link, Loader } from '@kinvolk/headlamp-plugin/lib/CommonComponents';\nimport {\n NameValueTable,\n SectionBox,\n SimpleTable,\n StatusLabel,\n} from '@kinvolk/headlamp-plugin/lib/CommonComponents';\nimport { Box, Button, Dialog, DialogActions, DialogContent, DialogTitle } from '@mui/material';\nimport { useSnackbar } from 'notistack';\nimport React from 'react';\nimport { useParams } from 'react-router-dom';\nimport { usePermissions } from '../hooks/usePermissions';\nimport { getPluginConfig, rotateSealedSecret } from '../lib/controller';\nimport { canDecryptSecrets } from '../lib/rbac';\nimport { SealedSecret } from '../lib/SealedSecretCRD';\nimport { SealedSecretScope } from '../types';\nimport { DecryptDialog } from './DecryptDialog';"] |