-
Notifications
You must be signed in to change notification settings - Fork 706
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid re-auth on All Namespaces when selecting catalog #1600
Conversation
children={ | ||
<div> | ||
<h5>Unable to fetch catalog</h5> | ||
There was an error fetching the catalog. Please choose a namespace above to which you have access. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this could be misleading if the error is because any other reason, I would add a condition:
There was an error fetching the catalog. {namespace === definedNamespaces.all && "Please choose a namespace above to which you have access."}
Or check if the error is a Forbidden error
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, let me do that. Updated to only show the extra text if it is a ForbiddenError (which is a nicer error to return in the action anyway). Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just one minor comment
I am okay if you want to set the default to true already |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The correct solution, IMO, is to select the first namespace to which the user has access as the default, but we can't do this until allowNamespaceDiscovery is always on (?)
I am okay if you want to set the default to true already
I was still worried about it being a switch (ie. what will we do when people explicitly set it to false), but I guess with this PR at least show useful information.
children={ | ||
<div> | ||
<h5>Unable to fetch catalog</h5> | ||
There was an error fetching the catalog. Please choose a namespace above to which you have access. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, let me do that. Updated to only show the extra text if it is a ForbiddenError (which is a nicer error to return in the action anyway). Thanks.
The simple part of this PR was just switching the
authGate
to return a Forbidden rather than Unauthorized when a user requests the charts for a namespace to which they don't have access. This stopped the frontend from logging out, but a little more work was needed to display an error with an action the user can take.This issue does not arise normally, because we already check whether a user has access to a namespace when selecting the namespace (ie. before we even attempt to get charts for the namespace), but because we currently use
All Namespaces
as the default when a user logs in, even though the user may not have access to resources across all namespaces, the issue appears when logging in as such a user and then selecting the catalog.The correct solution, IMO, is to select the first namespace to which the user has access as the default, but we can't do this until
allowNamespaceDiscovery
is always on (?). Without that ability yet, I've instead displayed an error with an action for the user to take (selecting another namespace to which they have access). See what you think.