From 5e80c4e986952651a272d39cfb18239280db5b0c Mon Sep 17 00:00:00 2001
From: d-gol <dejan.golubovic.27@gmail.com>
Date: Mon, 12 Dec 2022 19:19:15 +0100
Subject: [PATCH] Use corev1 for specifying resources, edit kf install RBAC

---
 .../katib-with-kubeflow/kubeflow-katib-roles.yaml    | 12 ++++++++++++
 pkg/new-ui/v1beta1/backend.go                        |  6 +++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/manifests/v1beta1/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml b/manifests/v1beta1/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml
index 6394146705e..57b0fbaf318 100644
--- a/manifests/v1beta1/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml
+++ b/manifests/v1beta1/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml
@@ -34,6 +34,18 @@ rules:
       - deletecollection
       - patch
       - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - pods/log
+    verbs:
+      - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
diff --git a/pkg/new-ui/v1beta1/backend.go b/pkg/new-ui/v1beta1/backend.go
index 6691ab112b1..53effb75bae 100644
--- a/pkg/new-ui/v1beta1/backend.go
+++ b/pkg/new-ui/v1beta1/backend.go
@@ -605,7 +605,7 @@ func (k *KatibUIHandler) FetchTrialLogs(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	user, err = IsAuthorized(consts.ActionTypeList, namespace, "pods", "", "", schema.GroupVersion{Group: "apps", Version: "v1"}, k.katibClient.GetClient(), r)
+	user, err = IsAuthorized(consts.ActionTypeList, namespace, corev1.ResourcePods.String(), "", "", schema.GroupVersion{Group: "apps", Version: "v1"}, k.katibClient.GetClient(), r)
 	if user == "" && err != nil {
 		log.Printf("No user provided in kubeflow-userid header.")
 		http.Error(w, err.Error(), http.StatusUnauthorized)
@@ -638,13 +638,13 @@ func (k *KatibUIHandler) FetchTrialLogs(w http.ResponseWriter, r *http.Request)
 		return
 	}
 
-	user, err = IsAuthorized(consts.ActionTypeGet, namespace, "pods", "log", podName, schema.GroupVersion{Group: "apps", Version: "v1"}, k.katibClient.GetClient(), r)
+	user, err = IsAuthorized(consts.ActionTypeGet, namespace, corev1.ResourcePods.String(), "log", podName, corev1.SchemeGroupVersion, k.katibClient.GetClient(), r)
 	if user == "" && err != nil {
 		log.Printf("No user provided in kubeflow-userid header.")
 		http.Error(w, err.Error(), http.StatusUnauthorized)
 		return
 	} else if err != nil {
-		log.Printf("The user: %s is not authorized to list pod logs: %s in namespace: %s \n", user, podName, namespace)
+		log.Printf("The user: %s is not authorized to get pod logs: %s in namespace: %s \n", user, podName, namespace)
 		http.Error(w, err.Error(), http.StatusForbidden)
 		return
 	}