Fix: Enable users to use Archived Workflows functionality when RBAC i…

…s Namespace delegated (argoproj#10399) Signed-off-by: Julie Vogelmani <julie_vogelman@intuit.com>
akuity · Jan 31, 2023 · 038be17 · 038be17
1 parent 3b2626f
commit 038be17
Show file tree

Hide file tree

Showing 14 changed files with 566 additions and 91 deletions.
diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
@@ -84,6 +84,11 @@
             "type": "string",
             "name": "namePrefix",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
           }
         ],
         "responses": {
@@ -108,6 +113,13 @@
           "ArchivedWorkflowService"
         ],
         "operationId": "ArchivedWorkflowService_ListArchivedWorkflowLabelKeys",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
+          }
+        ],
         "responses": {
           "200": {
             "description": "A successful response.",
@@ -186,6 +198,11 @@
             "description": "The continue option should be set when retrieving more results from the server. Since this value is\nserver defined, clients may only use the continue value from a previous query result with identical\nquery parameters (except for the value of continue) and the server may reject a continue value it\ndoes not recognize. If the specified continue value is no longer valid whether due to expiration\n(generally five to fifteen minutes) or a configuration change on the server, the server will\nrespond with a 410 ResourceExpired error together with a continue token. If the client needs a\nconsistent list, it must restart their list without the continue field. Otherwise, the client may\nsend another list request with the token received with the 410 error, the server will respond with\na list starting from the next key, but from the latest snapshot, which is inconsistent from the\nprevious list results - objects that are created, modified, or deleted after the first list request\nwill be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last\nresourceVersion value returned by the server and not miss any modifications.",
             "name": "listOptions.continue",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
           }
         ],
         "responses": {
@@ -216,6 +233,11 @@
             "name": "uid",
             "in": "path",
             "required": true
+          },
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
           }
         ],
         "responses": {
@@ -244,6 +266,11 @@
             "name": "uid",
             "in": "path",
             "required": true
+          },
+          {
+            "type": "string",
+            "name": "namespace",
+            "in": "query"
           }
         ],
         "responses": {

diff --git a/cmd/argo/commands/archive/list.go b/cmd/argo/commands/archive/list.go
@@ -30,7 +30,7 @@ func NewListCommand() *cobra.Command {
 			serviceClient, err := apiClient.NewArchivedWorkflowServiceClient()
 			errors.CheckError(err)
 			namespace := client.Namespace()
-			workflows, err := listArchivedWorkflows(ctx, serviceClient, "metadata.namespace="+namespace, selector, chunkSize)
+			workflows, err := listArchivedWorkflows(ctx, serviceClient, namespace, selector, chunkSize)
 			errors.CheckError(err)
 			err = printer.PrintWorkflows(workflows, os.Stdout, printer.PrintOpts{Output: output, Namespace: true, UID: true})
 			errors.CheckError(err)
@@ -42,16 +42,15 @@ func NewListCommand() *cobra.Command {
 	return command
 }
 
-func listArchivedWorkflows(ctx context.Context, serviceClient workflowarchivepkg.ArchivedWorkflowServiceClient, fieldSelector string, labelSelector string, chunkSize int64) (wfv1.Workflows, error) {
+func listArchivedWorkflows(ctx context.Context, serviceClient workflowarchivepkg.ArchivedWorkflowServiceClient, namespace string, labelSelector string, chunkSize int64) (wfv1.Workflows, error) {
 	listOpts := &metav1.ListOptions{
-		FieldSelector: fieldSelector,
 		LabelSelector: labelSelector,
 		Limit:         chunkSize,
 	}
 	var workflows wfv1.Workflows
 	for {
 		log.WithField("listOpts", listOpts).Debug()
-		resp, err := serviceClient.ListArchivedWorkflows(ctx, &workflowarchivepkg.ListArchivedWorkflowsRequest{ListOptions: listOpts})
+		resp, err := serviceClient.ListArchivedWorkflows(ctx, &workflowarchivepkg.ListArchivedWorkflowsRequest{Namespace: namespace, ListOptions: listOpts})
 		if err != nil {
 			return nil, err
 		}

diff --git a/pkg/apiclient/workflowarchive/workflow-archive.pb.go b/pkg/apiclient/workflowarchive/workflow-archive.pb.go
diff --git a/pkg/apiclient/workflowarchive/workflow-archive.pb.gw.go b/pkg/apiclient/workflowarchive/workflow-archive.pb.gw.go
diff --git a/pkg/apiclient/workflowarchive/workflow-archive.proto b/pkg/apiclient/workflowarchive/workflow-archive.proto
@@ -10,19 +10,24 @@ package workflowarchive;
 message ListArchivedWorkflowsRequest {
   k8s.io.apimachinery.pkg.apis.meta.v1.ListOptions listOptions = 1;
   string namePrefix = 2;
+  string namespace = 3;
 }
 message GetArchivedWorkflowRequest {
   string uid = 1;
+  string namespace = 2;
 }
 message DeleteArchivedWorkflowRequest {
   string uid = 1;
+  string namespace = 2;
 }
 message ArchivedWorkflowDeletedResponse {
 }
 message ListArchivedWorkflowLabelKeysRequest {
+  string namespace = 1;
 }
 message ListArchivedWorkflowLabelValuesRequest {
   k8s.io.apimachinery.pkg.apis.meta.v1.ListOptions listOptions = 1;
+  string namespace = 2;
 }
 message RetryArchivedWorkflowRequest {
   string uid = 1;