Since prometheus is being used in the dashboard page we need to make
sure every role has prometheus read only access so that the dashboard
page can load the utilization metrics.
I also saw permission issue with the osd settings endpoint when its
trying to get the nearfull/full ratio. so instead of failing the entire
page i am proceeding with a chart that doesn't have those details when
the user doesn't have permission to access the config opt.
Multisite page was not accessible in the case of rgw-manager or
read-only user because its trying to show the status of rgw module. This
si also now gracefully handled to show the alert only when the user has
sufficient permission.
Fixes: https://tracker.ceph.com/issues/70331
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit
f4bc03e4040ca32591d9b46b79309b162c3942db)
Conflicts:
src/pybind/mgr/dashboard/frontend/src/app/ceph/dashboard-v3/dashboard/dashboard-v3.component.ts
- kept changes only relavant to bug fix and ignored the other changes
like h/w monitoring
src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw-multisite-details/rgw-multisite-details.component.html
- ignored multisite wizard changes
src/pybind/mgr/dashboard/frontend/src/app/core/navigation/administration/administration.component.html
- kept the current changes since carbon is not there in squid which
means this issue is not present
src/pybind/mgr/dashboard/frontend/src/app/core/navigation/navigation/navigation.component.html
- kept the current changes for the same reason above
src/pybind/mgr/dashboard/services/access_control.py
- ignored the SMB role manager and kept only what's available in squid
@Input()
data: any;
@Input()
- highThreshold: number;
+ highThreshold = 0;
@Input()
- lowThreshold: number;
+ lowThreshold = 0;
color: string;
const percentAvailable = this.calcPercentage(data.max - data.current, data.max);
const percentUsed = this.calcPercentage(data.current, data.max);
- if (fullRatioPercent >= 0 && percentUsed >= fullRatioPercent) {
+ if (fullRatioPercent > 0 && percentUsed >= fullRatioPercent) {
this.color = 'chart-color-red';
- } else if (nearFullRatioPercent >= 0 && percentUsed >= nearFullRatioPercent) {
+ } else if (nearFullRatioPercent > 0 && percentUsed >= nearFullRatioPercent) {
this.color = 'chart-color-yellow';
} else {
this.color = 'chart-color-blue';
}
- if (fullRatioPercent >= 0 && nearFullRatioPercent >= 0) {
+ if (fullRatioPercent > 0 && nearFullRatioPercent > 0) {
chart.dataset[0].data = [
Math.round(nearFullRatioPercent),
Math.round(Math.abs(nearFullRatioPercent - fullRatioPercent)),
[fullHeight]="true"
aria-label="Capacity card">
<ng-container class="ms-4 me-4"
- *ngIf="capacity && osdSettings">
+ *ngIf="capacity">
<cd-dashboard-pie [data]="{max: capacity.total_bytes, current: capacity.total_used_raw_bytes}"
[lowThreshold]="osdSettings.nearfull_ratio"
[highThreshold]="osdSettings.full_ratio">
import { PrometheusAlertService } from '~/app/shared/services/prometheus-alert.service';
import { OrchestratorService } from '~/app/shared/api/orchestrator.service';
import { AlertClass } from '~/app/shared/enum/health-icon.enum';
+import { OsdSettings } from '~/app/shared/models/osd-settings';
@Component({
selector: 'cd-dashboard-v3',
export class DashboardV3Component extends PrometheusListHelper implements OnInit, OnDestroy {
detailsCardData: DashboardDetails = {};
osdSettingsService: any;
- osdSettings: any;
+ osdSettings = new OsdSettings();
interval = new Subscription();
permissions: Permissions;
enabledFeature$: FeatureTogglesMap$;
super.ngOnInit();
this.interval = this.refreshIntervalService.intervalData$.subscribe(() => {
this.getHealth();
- this.getCapacityCardData();
+ this.getCapacity();
+ if (this.permissions.configOpt.read) this.getOsdSettings();
});
this.getPrometheusData(this.prometheusService.lastHourDateObject);
this.getDetailsCardData();
);
}
- getCapacityCardData() {
+ private getCapacity() {
+ this.capacityService = this.healthService.getClusterCapacity().subscribe((data: any) => {
+ this.capacity = data;
+ });
+ }
+
+ private getOsdSettings() {
this.osdSettingsService = this.osdService
.getOsdSettings()
.pipe(take(1))
- .subscribe((data: any) => {
+ .subscribe((data: OsdSettings) => {
this.osdSettings = data;
});
- this.capacityService = this.healthService.getClusterCapacity().subscribe((data: any) => {
- this.capacity = data;
- });
}
public getPrometheusData(selectedTime: any) {
<cd-rgw-multisite-tabs></cd-rgw-multisite-tabs>
<div>
- <cd-alert-panel *ngIf="!rgwModuleStatus"
+ <!-- Show the alert only when the user has the permission to configure -->
+ <cd-alert-panel *ngIf="permissions.configOpt.create && !rgwModuleStatus"
type="info"
spacingClass="mb-3"
class="d-flex align-items-center"
Cluster->Services</a>
</cd-alert-panel>
<cd-table-actions class="btn-group mb-4 me-2"
- [permission]="permission"
+ [permission]="permissions.rgw"
[selection]="selection"
[tableActions]="createTableActions">
</cd-table-actions>
<cd-table-actions class="btn-group mb-4 me-2 secondary"
- [permission]="permission"
+ [permission]="permissions.rgw"
[btnColor]="'light'"
[selection]="selection"
[tableActions]="migrateTableAction">
</cd-table-actions>
<cd-table-actions class="btn-group mb-4 me-2"
- [permission]="permission"
+ [permission]="permissions.rgw"
[btnColor]="'light'"
[selection]="selection"
[tableActions]="importAction">
</cd-table-actions>
<cd-table-actions class="btn-group mb-4 me-2"
- [permission]="permission"
+ [permission]="permissions.rgw"
[btnColor]="'light'"
[selection]="selection"
[tableActions]="exportAction">
import { NotificationType } from '~/app/shared/enum/notification-type.enum';
import { CdTableAction } from '~/app/shared/models/cd-table-action';
import { CdTableSelection } from '~/app/shared/models/cd-table-selection';
-import { Permission } from '~/app/shared/models/permissions';
+import { Permissions } from '~/app/shared/models/permissions';
import { AuthStorageService } from '~/app/shared/services/auth-storage.service';
import { ModalService } from '~/app/shared/services/modal.service';
import { NotificationService } from '~/app/shared/services/notification.service';
blockUI: NgBlockUI;
icons = Icons;
- permission: Permission;
+ permissions: Permissions;
selection = new CdTableSelection();
createTableActions: CdTableAction[];
migrateTableAction: CdTableAction[];
public mgrModuleService: MgrModuleService,
private notificationService: NotificationService
) {
- this.permission = this.authStorageService.getPermissions().rgw;
+ this.permissions = this.authStorageService.getPermissions();
}
openModal(entity: any, edit = false) {
},
(_error) => {}
);
- this.mgrModuleService.list().subscribe((moduleData: any) => {
- this.rgwModuleData = moduleData.filter((module: object) => module['name'] === 'rgw');
- if (this.rgwModuleData.length > 0) {
- this.rgwModuleStatus = this.rgwModuleData[0].enabled;
- }
- });
+
+ // Only get the module status if you can read from configOpt
+ if (this.permissions.configOpt.read) {
+ this.mgrModuleService.list().subscribe((moduleData: any) => {
+ this.rgwModuleData = moduleData.filter((module: object) => module['name'] === 'rgw');
+ if (this.rgwModuleData.length > 0) {
+ this.rgwModuleStatus = this.rgwModuleData[0].enabled;
+ }
+ });
+ }
}
- /* setConfigValues() {
- this.rgwDaemonService
- .setMultisiteConfig(
- this.defaultsInfo['defaultRealmName'],
- this.defaultsInfo['defaultZonegroupName'],
- this.defaultsInfo['defaultZoneName']
- )
- .subscribe(() => {});
- }*/
ngOnDestroy() {
this.sub.unsubscribe();
Scope.RBD_MIRRORING: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.GRAFANA: [_P.READ],
Scope.NVME_OF: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
+ Scope.PROMETHEUS: [_P.READ]
})
'rgw-manager', 'allows full permissions for the rgw scope', {
Scope.RGW: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.GRAFANA: [_P.READ],
+ Scope.PROMETHEUS: [_P.READ]
})
'pool-manager', 'allows full permissions for the pool scope', {
Scope.POOL: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.GRAFANA: [_P.READ],
+ Scope.PROMETHEUS: [_P.READ]
})
# CephFS manager role provides all permissions for CephFS related scopes
'cephfs-manager', 'allows full permissions for the cephfs scope', {
Scope.CEPHFS: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.GRAFANA: [_P.READ],
+ Scope.PROMETHEUS: [_P.READ]
})
GANESHA_MGR_ROLE = Role(
Scope.CEPHFS: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.RGW: [_P.READ, _P.CREATE, _P.UPDATE, _P.DELETE],
Scope.GRAFANA: [_P.READ],
+ Scope.PROMETHEUS: [_P.READ]
})
projects / ceph.git / commitdiff