feat: enhance namespace handling and resource access in Kubernetes#1082
Open
FinnGrndl wants to merge 4 commits into
Open
feat: enhance namespace handling and resource access in Kubernetes#1082FinnGrndl wants to merge 4 commits into
FinnGrndl wants to merge 4 commits into
Conversation
- Add support for multiple fallback namespaces in resource access checks. - Implement caching for resource permissions with namespace scope. - Update server to manage user-specific namespace preferences, including initial configuration from command-line flags. - Introduce union indexers for resource caches to handle multi-namespace scenarios. - Enhance resource cache to support multiple namespaces for scoped resources, allowing for more granular access control. - Add tests to verify the behavior of new namespace handling features and ensure correctness of resource access logic.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 2fa1467. Configure here.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Description
Brief description of the changes in this PR.
Type of change
How has this been tested?
Describe the tests you ran to verify your changes.
Checklist
Related issues
Note
Medium Risk
Changes informer wiring and RBAC scope discovery for namespace-restricted users, which affects what data appears in the cache and UI; scope is broad across bootstrap, k8s permissions, and k8score cache but is covered by new tests and guarded startup validation for
--namespace-scope.Overview
Adds
--namespaces(and persistednamespacesin~/.radar/config.json) so operators can seed multiple initial namespace picks when cluster-wide namespace listing is denied. CLI/desktop/explorer resolve--namespacevs--namespaceswith mutual-exclusion when both are set explicitly;--namespace-scopestill allows only one namespace and rejects multiple--namespacesvalues at startup.RBAC probing now records every namespace where a kind is listable (
ScopeNamespaces) instead of stopping at the first grant, and the sharedResourceCachecan run per-namespace informers merged through a union indexer so listers cover several namespaces. Startup/browser/desktop redirects pass a?namespaces=query when that list is configured.The server seeds per-user namespace preferences from
--namespaces(auth sessions) or from saved local picks when present; clearing a pick stores an empty selection instead of deleting the key so configured defaults are not re-applied unintentionally.Reviewed by Cursor Bugbot for commit e641f69. Bugbot is set up for automated code reviews on this repo. Configure here.