mnl/VM-Operator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 4 Wiki Activity Actions

Use UserLoggedIn condition for access control.

Browse source
This commit is contained in:
Michael Lipp 2025-03-04 23:39:22 +01:00
parent 04ccdd7dee
commit 940913cf89
2 changed files with 18 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
dev-example/test-vm.tpl.yaml
View file

@ -8,12 +8,11 @@ metadata:
spec: spec:
image: image:
# repository: docker-registry.lan.mnl.de
# path: vmoperator/org.jdrupes.vmoperator.runner.qemu-arch
# pullPolicy: Always # pullPolicy: Always
# repository: ghcr.io # repository: ghcr.io
# path: mnlipp/org.jdrupes.vmoperator.runner.qemu-alpine # path: mnlipp/org.jdrupes.vmoperator.runner.qemu-alpine
# version: "3.0.0" # version: "3.0.0"
# source: docker-registry.lan.mnl.de/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:feature-auto-login
source: registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:feature-auto-login source: registry.mnl.de/org/jdrupes/vm-operator/org.jdrupes.vmoperator.runner.qemu-arch:feature-auto-login
pullPolicy: Always pullPolicy: Always

27
org.jdrupes.vmoperator.vmaccess/src/org/jdrupes/vmoperator/vmaccess/browser/VmAccess-functions.ts
View file

@ -73,8 +73,9 @@ window.orgJDrupesVmOperatorVmAccess.initPreview = (previewDom: HTMLElement,
const configured = computed(() => previewApi.vmDefinition.spec); const configured = computed(() => previewApi.vmDefinition.spec);
const busy = computed(() => previewApi.vmDefinition.spec const busy = computed(() => previewApi.vmDefinition.spec
&& (previewApi.vmDefinition.spec.vm.state === 'Running' && (previewApi.vmDefinition.spec.vm.state === 'Running'
&& (previewApi.poolName && ((previewApi.poolName
? !previewApi.vmDefinition.vmopAgent && previewApi.vmDefinition.userLoginRequested)
? !previewApi.vmDefinition.userLoggedIn
: !previewApi.vmDefinition.running) : !previewApi.vmDefinition.running)
|| previewApi.vmDefinition.spec.vm.state === 'Stopped' || previewApi.vmDefinition.spec.vm.state === 'Stopped'
&& previewApi.vmDefinition.running)); && previewApi.vmDefinition.running));
@ -87,7 +88,8 @@ window.orgJDrupesVmOperatorVmAccess.initPreview = (previewDom: HTMLElement,
previewApi.vmDefinition.spec.vm.state !== 'Stopped' previewApi.vmDefinition.spec.vm.state !== 'Stopped'
&& previewApi.vmDefinition.running); && previewApi.vmDefinition.running);
const running = computed(() => previewApi.vmDefinition.running); const running = computed(() => previewApi.vmDefinition.running);
const vmopAgent = computed(() => previewApi.vmDefinition.vmopAgent); const userLoginRequested = computed(() => previewApi.vmDefinition.userLoginRequested);
const userLoggedIn = computed(() => previewApi.vmDefinition.userLoggedIn);
const inUse = computed(() => previewApi.vmDefinition.usedBy != ''); const inUse = computed(() => previewApi.vmDefinition.usedBy != '');
const permissions = computed(() => previewApi.permissions); const permissions = computed(() => previewApi.permissions);
const osicon = computed(() => { const osicon = computed(() => {
@ -123,8 +125,8 @@ window.orgJDrupesVmOperatorVmAccess.initPreview = (previewDom: HTMLElement,
}; };
return { localize, resourceBase, vmAction, poolName, vmName, return { localize, resourceBase, vmAction, poolName, vmName,
configured, busy, startable, stoppable, running, vmopAgent, configured, busy, startable, stoppable, running, userLoggedIn,
inUse, permissions, osicon }; userLoginRequested, inUse, permissions, osicon };
}, },
template: ` template: `
<table> <table>
@ -132,8 +134,9 @@ window.orgJDrupesVmOperatorVmAccess.initPreview = (previewDom: HTMLElement,
<tr> <tr>
<td rowspan="2" style="position: relative"><span <td rowspan="2" style="position: relative"><span
style="position: absolute;" :class="{ busy: busy }" style="position: absolute;" :class="{ busy: busy }"
><img role=button :aria-disabled="(poolName ><img role=button :aria-disabled="
? !vmopAgent : !running) ((poolName && userLoginRequested)
? !userLoggedIn : !running)
|| !permissions.includes('accessConsole')" || !permissions.includes('accessConsole')"
v-on:click="vmAction('openConsole')" v-on:click="vmAction('openConsole')"
:src="resourceBase + (running :src="resourceBase + (running
@ -210,15 +213,17 @@ JGConsole.registerConletFunction("org.jdrupes.vmoperator.vmaccess.VmAccess",
vmDefinition.currentCpus = vmDefinition.status.cpus; vmDefinition.currentCpus = vmDefinition.status.cpus;
vmDefinition.currentRam = Number(vmDefinition.status.ram); vmDefinition.currentRam = Number(vmDefinition.status.ram);
vmDefinition.usedBy = vmDefinition.status.consoleClient || ""; vmDefinition.usedBy = vmDefinition.status.consoleClient || "";
// safety fallbacks
vmDefinition.userLoginRequested = true;
vmDefinition.userLoggedIn = false;
vmDefinition.status.conditions.forEach((condition: any) => { vmDefinition.status.conditions.forEach((condition: any) => {
if (condition.type === "Running") { if (condition.type === "Running") {
vmDefinition.running = condition.status === "True"; vmDefinition.running = condition.status === "True";
vmDefinition.runningConditionSince vmDefinition.runningConditionSince
= new Date(condition.lastTransitionTime); = new Date(condition.lastTransitionTime);
} else if (condition.type === "VmopAgentConnected") { } else if (condition.type === "UserLoggedIn") {
vmDefinition.vmopAgent = condition.status === "True"; vmDefinition.userLoggedIn = condition.status === "True";
vmDefinition.vmopAgentConditionSince vmDefinition.userLoginRequested = condition.reason !== "NotRequested";
= new Date(condition.lastTransitionTime);
} }
}) })
} else { } else {