Allow user to gets list of his tenants

[anatolychernov]

Describe the feature

Add "/apis/capsule.clastix.io/v1beta2/tenants" filter which allows user to receives list of his tenants(e.g. kubectl get tenants).
Currently, it's difficult to implement this feature as a new module, because we should pass label selectors to Handle func.
If our tenants have only custom labels we won't be able to use their labels in label selectors.

Is it possible to implement this feature without using label selectors?
Maybe we can try to process this route ("/apis/capsule.clastix.io/v1beta2/tenants") in separate handler?

What would the new user story look like?

How would the new interaction with Capsule-Proxy look like?
Feel free to add a diagram if that helps explain things.

Expected behavior

User executes command 'kubectl get tenants' and receives list of his tenants.

[anatolychernov]

If we make some changes in capsule which let capsule to adds some label when capsule creates tenant we will be able to add a module in capsule-proxy which would use this label when capsule calls 'labels.NewRequirement' func.

E.g., labels.NewRequirement("name", selection.In, tenantNames)

[oliverbaehler]

I would argue to add this feature is safe. What do you think @MaxFedotov @prometherion
If we accept this, I am wondering if we should add it to the Owners-ProxySettings (https://github.com/projectcapsule/capsule/blob/9a8736428821446d5eb6ec6e73edd7ea6b101b7f/api/v1beta2/owner.go#L44). Probably not because you would have to define it for each tenant. But maybe that's the use case for some people?

@anatolychernov Could you implement the feature?

[MaxFedotov]

That's an interesting feature. From one POW if a user is a member of multiple tenants it may be quite beneficial for him to be able to list them. But from the other side, tenants hold a piece of a configuration inside, which cluster-admin may not want to expose to users.

So listing own tenants can be safe, but getting tenant spec should not be allowed by default

[anatolychernov]

Hello,
I'll try to add a new route for processing tenants list.
As I can see MR projectcapsule/capsule#910 has been merged. If I understand I can use label key ("kubernetes.io/metadata.name") to make LabelSelector.

Could you clarify when a new capsule version with MR above will be released?

[oliverbaehler]

@anatolychernov it will take some time until we release 0.5.0, But in the meantime you can develop locally with the build from main. See the following documentation on how to get capsule running with a local kind cluster:

https://github.com/projectcapsule/capsule/blob/main/DEVELOPMENT.md

[anatolychernov]

Hello,

I've created PR.

[oliverbaehler]

Implemented