Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expand enforced namespace filtering to multiple namespaces and projects #8757

Merged
merged 10 commits into from
May 18, 2023
Merged

Expand enforced namespace filtering to multiple namespaces and projects #8757

merged 10 commits into from
May 18, 2023

Conversation

richard-cox
Copy link
Member

@richard-cox richard-cox commented Apr 28, 2023
edited by zube bot
Loading

This uses a new endpoint that has yet to merge. See rancher/rancher#40140, rancher/rancher#41536 (merged, but not in v2.7-head yet) feature available in v2.7-head

Summary

Fixes #7618

Occurred changes and/or fixed issues

  • Users can currently enable a performance feature to enforce filtering by a single namespace, and only fetch resources from within that namespace, when there are a lot of resources
  • This feature expands on this to allow users to select projects, and multiple of each

Pertinent Points

  • Incompatible with incremental loading / manual refresh
    • Harder to get counts (need to sum up from different namespaces)
    • Requires use of new steve pagination
  • Enforced NS threshold has been removed
    • The threshold only applies to the primary resource. This has issues when loading a low count primary (daemon sets) which depends on a very high count secondary (pods)
    • Fixing this would involve knowing all secondary resources a list uses, which isn't currently possible (each resource is requested individually, need to know them all first)
  • There is no way to subscribe to changes in multiple namespaces (it's either in one ns or all ns's)
    • We mock this in subscribe by sub'ing to all ns but only persisting changes to resources from within the target namespaces
  • Everything should work with Advanced Worker enabled

Technical notes summary

Areas or cases that should be tested

  • Enabling/Disabling the updated performance setting (only compatible ones should be enabled)
  • All workloads list fetch the correct data (via http request)
    • New endpoint is hit for primary resource type, only resources from selected namespaces/projects are shown
    • New endpoint is hit for all secondary resource types
  • All workloads list update with the correct data (via socket)
    • Changes to resources in the list are automatically shown (when changed via another context/browser/etc)
    • Changes to resource not in the list do not show (creating a new resource not in a selected namespace/project doesn't appear in the list)
  • All of above but with the advanced worker enabled
  • Creating resources works fine
    • Navigate to a create page of a resource (deployment, pod). Resource can be created, user is returned to the resource list and, if the resource was created in a namespace in the filter, the new resource should be shown
  • Edit resources work fine
    • Navigate to an existing resource page (deployment, pod). Resource can be edited, user is returned to the resource list and the edited resource should be shown
  • Both Upstream and Downstream clusters work correctly

@github-actions github-actions bot added this to the v2.7.next2 milestone Apr 28, 2023
@richard-cox richard-cox requested a review from a user May 5, 2023 14:55
@richard-cox richard-cox force-pushed the forced-project-filtering branch from 709e9be to fa94ebd Compare May 12, 2023 14:13
@richard-cox richard-cox marked this pull request as ready for review May 16, 2023 10:52
ghost
ghost previously approved these changes May 18, 2023
View reviewed changes
@richard-cox richard-cox force-pushed the forced-project-filtering branch from 50b3086 to 9a92a0e Compare May 18, 2023 10:22
richard-cox added 10 commits May 18, 2023 14:28
@richard-cox
Expand enforced namespace filtering to multiple namespaces and projects
7e5ad5d 
> This uses a new endpoint that has yet to merge. See rancher/rancher#40140

WIP
- Contains console.warns (via custom logger, can be disabled)
- Waiting for final BE endpoint changes to merge
- Contains TODOs to resolve on final enpoint changes delivered

Pertinent Points
- Incompatible with incremental loading / manual refresh
  - Harder to get counts (need to sum up from different namespaces)
  - Requires use of new steve pagination
- Enforced NS threshold has been removed
  - The threshold only applies to the primary resource. This has issues when loading a low count primary (daemon sets) which depends on a very high count secondary (pods)
  - Fixing this would involve knowing all secondary resources a list uses, which isn't currently possible (each resource is requested individually, need to know them all first)
- There is no way to subscribe to multiple namespaces (one or all)
  - We mock this in subscribe by only persisting changes to resources from within target namespaces
- Everything should work with Advanced Worker enabled
@richard-cox
Changes following BE update and testing
15bc1cd
@richard-cox
Update after BE changes
1708b4d 
- Filtering is now no longer done via `resources.project.cattle.io.`
- No need to update the URL anywhere or massage resources fetched via endpoint
- Also no need to make the planned change to remove `resources.project.cattle.io.` from side nav
@richard-cox
Simplify forced filtering setting
281fb66 
- Given forced filtering is now not resource dependent have a high level utils function to determine if enabled
- This should have opened up the door to setting a nicer default then ALL_USER, however it's actually initially applied somewhere other than ns filter
- Fixed a bug where the all option [] was valid
@richard-cox
Fix issue where no filter options are shown on refresh
12f205b
@richard-cox
Fix linting
6fffc0d
@richard-cox
Remove richards-logger
9fada7f
@richard-cox
Fix churn issue
aa34bd3 
- Moving the store setting to enable/disable filtering in the store to a function in a computed property caused havoc for churn
- Make this much neater by moving flag to the setup stage for both ns filter
@richard-cox
Fix failing tests
936d35b
@richard-cox
Don't allow selection of Not in a Project
5feb263
@richard-cox richard-cox force-pushed the forced-project-filtering branch from 9a92a0e to 5feb263 Compare May 18, 2023 13:29
@richard-cox richard-cox merged commit 762987d into rancher:master May 18, 2023
@richard-cox richard-cox deleted the forced-project-filtering branch May 18, 2023 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees

@richard-cox richard-cox

Labels
None yet
Projects
None yet
Milestone
v2.7.5
Development

Successfully merging this pull request may close these issues.

Expand Require Namespace Filtering to projects and multiple projects/namespaces
1 participant
@richard-cox