dashboard: add authority for archive experiments and events

[WangXiangUSTC]

What problem does this PR solve?

add authority for archive experiments and events

What is changed and how does it work?

when querying the archive experiments and events, will use SelfSubjectAccessReviews to judge whether the token can list the information.

Checklist

Tests

• Unit test
• E2E test
• Manual test (add detailed scripts or steps below)
• No code

Side effects

• Breaking backward compatibility

Related changes

• Need to update the documentation

Does this PR introduce a user-facing change?

NONE

[WangXiangUSTC]

@g1eny0ung I update the HTTP request on front-end at 408ef7d, PTAL

[WangXiangUSTC]

/run-e2e-tests

[codecov-io]

Codecov Report

Merging #1261 (d053930) into master (7e9ff3f) will decrease coverage by 4.20%.
The diff coverage is 52.94%.

@@            Coverage Diff             @@
##           master    #1261      +/-   ##
==========================================
- Coverage   55.78%   51.57%   -4.21%     
==========================================
  Files          68       78      +10     
  Lines        4383     5012     +629     
==========================================
+ Hits         2445     2585     +140     
- Misses       1768     2159     +391     
- Partials      170      268      +98     

Impacted Files	Coverage Δ
api/v1alpha1/common_types.go	0.00% <0.00%> (ø)
api/v1alpha1/common_webhook.go	100.00% <ø> (ø)
api/v1alpha1/dnschaos_type.go	0.00% <0.00%> (ø)
api/v1alpha1/dnschaos_webhook.go	0.00% <0.00%> (ø)
api/v1alpha1/httpchaos_types.go	0.00% <0.00%> (ø)
api/v1alpha1/iochaos_types.go	0.00% <ø> (-40.00%)	⬇️
api/v1alpha1/jvmchaos_webhook.go	0.00% <0.00%> (ø)
api/v1alpha1/kernelchaos_types.go	0.00% <ø> (-20.00%)	⬇️
api/v1alpha1/kernelchaos_webhook.go	100.00% <ø> (+14.81%)	⬆️
api/v1alpha1/kinds.go	27.27% <ø> (+0.60%)	⬆️
... and 128 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ec70532...d053930. Read the comment docs.

[g1eny0ung]

LGTM

[WangXiangUSTC]

@STRRL PTAL

[STRRL]

How about printing some log when utils.CanListChaos return false.

The current implementation is NOT so good for presenting authorization failed with HTTP API:

• It seems just to return empty results(not empty array[]) with HTTP status 200, and the frontend needs more logic to resolve it.
• We should return 403 with authorization failed.

If this implementation is a temporary solution, just appending some logs is OK to me.

[WangXiangUSTC]

How about printing some log when utils.CanListChaos return false.

The current implementation is NOT so good for presenting authorization failed with HTTP API:

• It seems just to return empty results(not empty array[]) with HTTP status 200, and the frontend needs more logic to resolve it.
• We should return 403 with authorization failed.

If this implementation is a temporary solution, just appending some logs is OK to me.

I take the gin.Context as a parameter of CanListChaos, and will take the error info to gin.Context, if CanListChaos return false, will print the error log in dashboard @STRRL

[STRRL]

Oh, I missed it.🙈

But I think making errors in CanListChaos is not so good. 😰 Any operations about HTTP requests/response should be restricted in Controllers.

[cwen0]

Why not implementing a specific middleware to define this authority?

[fewdan]

Is it more reasonable to return some errors here, such as returning error codes (403 and so on?) ?

[WangXiangUSTC]

yes, you are right, I will refine this logic, maybe use the middleware @cwen0 mentioned

[WangXiangUSTC]

Why not implementing a specific middleware to define this authority?

refine this logic by using the middleware in 584aa18, PTAL again @STRRL @cwen0 @g1eny0ung @fewdan

[fewdan]

LGTM

[g1eny0ung]

LGTM

[g1eny0ung]

/merge

[ti-srebot]

/run-all-tests

[WangXiangUSTC]

/run-e2e-tests