Add feature hide-menu for embedded screens on Operator UI (#1604)

* Add feature hide-menu for embedded screens on Operator UI

Signed-off-by: Daniel Valdivia <[email protected]>

Author: dvaldivia

Dockerfile

@@ -29,7 +29,7 @@ WORKDIR /go/src/github.com/minio/console/
 ENV CGO_ENABLED=0
 
 COPY --from=uilayer /app/build /go/src/github.com/minio/console/portal-ui/build
-RUN go build -ldflags "-w -s" -a -o console ./cmd/console
+RUN go build --tags=kqueue,operator -ldflags "-w -s" -a -o console ./cmd/console
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.5
 MAINTAINER MinIO Development "[email protected]"

models/login_request.go

@@ -83,7 +83,7 @@ func login(credentials restapi.ConsoleCredentialsI) (*string, error) {
 		return nil, err
 	}
 	// if we made it here, the consoleCredentials work, generate a jwt with claims
-	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey())
+	token, err := auth.NewEncryptedTokenForClient(&tokens, credentials.GetAccountAccessKey(), nil)
 	if err != nil {
 		LogError("error authenticating user: %v", err)
 		return nil, errInvalidCredentials

models/principal.go

@@ -123,9 +123,12 @@ func serveProxy(responseWriter http.ResponseWriter, req *http.Request) {
 			return
 		}
 
-		data := map[string]string{
-			"accessKey": string(tenantConfiguration["accesskey"]),
-			"secretKey": string(tenantConfiguration["secretkey"]),
+		data := map[string]interface{}{
+			"accessKey": tenantConfiguration["accesskey"],
+			"secretKey": tenantConfiguration["secretkey"],
+			"features": map[string]bool{
+				"hide_menu": true,
+			},
 		}
 		payload, _ := json.Marshal(data)
 

operatorapi/embedded_spec.go

@@ -66,6 +66,12 @@ type TokenClaims struct {
 	STSSecretAccessKey string `json:"stsSecretAccessKey,omitempty"`
 	STSSessionToken    string `json:"stsSessionToken,omitempty"`
 	AccountAccessKey   string `json:"accountAccessKey,omitempty"`
+	HideMenu           bool   `json:"hm,omitempty"`
+}
+
+// SessionFeatures represents features stored in the session
+type SessionFeatures struct {
+	HideMenu bool
 }
 
 // SessionTokenAuthenticate takes a session token, decode it, extract claims and validate the signature
@@ -96,14 +102,18 @@ func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
 
 // NewEncryptedTokenForClient generates a new session token with claims based on the provided STS credentials, first
 // encrypts the claims and the sign them
-func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string) (string, error) {
+func NewEncryptedTokenForClient(credentials *credentials.Value, accountAccessKey string, features *SessionFeatures) (string, error) {
 	if credentials != nil {
-		encryptedClaims, err := encryptClaims(&TokenClaims{
+		tokenClaims := &TokenClaims{
 			STSAccessKeyID:     credentials.AccessKeyID,
 			STSSecretAccessKey: credentials.SecretAccessKey,
 			STSSessionToken:    credentials.SessionToken,
 			AccountAccessKey:   accountAccessKey,
-		})
+		}
+		if features != nil {
+			tokenClaims.HideMenu = features.HideMenu
+		}
+		encryptedClaims, err := encryptClaims(tokenClaims)
 		if err != nil {
 			return "", err
 		}

operatorapi/operator_login.go

@@ -36,14 +36,14 @@ func TestNewJWTWithClaimsForClient(t *testing.T) {
 	funcAssert := assert.New(t)
 	// Test-1 : NewEncryptedTokenForClient() is generated correctly without errors
 	function := "NewEncryptedTokenForClient()"
-	token, err := NewEncryptedTokenForClient(creds, "")
+	token, err := NewEncryptedTokenForClient(creds, "", nil)
 	if err != nil || token == "" {
 		t.Errorf("Failed on %s:, error occurred: %s", function, err)
 	}
 	// saving token for future tests
 	goodToken = token
 	// Test-2 : NewEncryptedTokenForClient() throws error because of empty credentials
-	if _, err = NewEncryptedTokenForClient(nil, ""); err != nil {
+	if _, err = NewEncryptedTokenForClient(nil, "", nil); err != nil {
 		funcAssert.Equal("provided credentials are empty", err.Error())
 	}
 }

operatorapi/proxy.go

@@ -129,8 +129,7 @@ export const IAM_PAGES = {
   TOOLS_LOGS: "/tools/logs",
   TOOLS_AUDITLOGS: "/tools/audit-logs",
   TOOLS_TRACE: "/tools/trace",
-  METRICS: "/tools/metrics",
-  DASHBOARD: "/tools/dashboard",
+  DASHBOARD: "/tools/metrics",
   TOOLS_HEAL: "/tools/heal",
   TOOLS_WATCH: "/tools/watch",
   /* Health */
@@ -178,6 +177,8 @@ export const IAM_PAGES = {
     "/namespaces/:tenantNamespace/tenants/:tenantName/summary",
   NAMESPACE_TENANT_METRICS:
     "/namespaces/:tenantNamespace/tenants/:tenantName/metrics",
+  NAMESPACE_TENANT_TRACE:
+    "/namespaces/:tenantNamespace/tenants/:tenantName/trace",
   NAMESPACE_TENANT_POOLS:
     "/namespaces/:tenantNamespace/tenants/:tenantName/pools",
   NAMESPACE_TENANT_VOLUMES:
@@ -297,9 +298,6 @@ export const IAM_PAGES_PERMISSIONS = {
   [IAM_PAGES.DASHBOARD]: [
     IAM_SCOPES.ADMIN_SERVER_INFO, // displays dashboard information
   ],
-  [IAM_PAGES.METRICS]: [
-    IAM_SCOPES.ADMIN_SERVER_INFO, // displays dashboard information
-  ],
   [IAM_PAGES.POLICIES_VIEW]: [
     IAM_SCOPES.ADMIN_DELETE_POLICY,
     IAM_SCOPES.ADMIN_LIST_GROUPS,

pkg/auth/token.go

@@ -14,7 +14,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import React from "react";
+import React, { Fragment } from "react";
 import { Theme } from "@mui/material/styles";
 import { connect } from "react-redux";
 import Grid from "@mui/material/Grid";
@@ -38,6 +38,7 @@ interface IPageHeader {
   managerObjects?: IFileItem[];
   toggleList: typeof toggleList;
   middleComponent?: React.ReactNode;
+  features: string[];
 }
 
 const styles = (theme: Theme) =>
@@ -88,7 +89,11 @@ const PageHeader = ({
   managerObjects,
   toggleList,
   middleComponent,
+  features,
 }: IPageHeader) => {
+  if (features.includes("hide-menu")) {
+    return <Fragment />;
+  }
   return (
     <Grid
       container
@@ -157,6 +162,7 @@ const mapState = (state: AppState) => ({
   sidebarOpen: state.system.sidebarOpen,
   operatorMode: state.system.operatorMode,
   managerObjects: state.objectBrowser.objectManager.objectsToManage,
+  features: state.console.session.features,
 });
 
 const mapDispatchToProps = {