* Modify variable access permissions for UI users with write in only certain namespaces
* Addressing some PR comments
* Variables index namespaces on * and ability checks are now namespaced
* Mistook Delete for Destroy, and update unit tests for mult-return allPaths
* Gallery allows picking stuff
* Small fixes
* added sentinel templates
* Can set enforcement level on policies
* Working on the interactive sentinel dev mode
* Very rough development flow on FE
* Changed position in gutter menu
* More sentinel stuff
* PR cleanup: removed testmode, removed unneeded mixins and deps
* Heliosification
* Index-level sentinel policy deletion and page title fixes
* Makes the Canaries sentinel policy real and then comments out the unfinished ones
* rename Access Control to Administration in prep for moving Sentinel Policies and Node Pool admin there
* Sentinel policies moved within the Administration section
* Mirage fixture for sentinel policy endpoints
* Description length check and 500 prevention
* Sync review PR feedback addressed, implied butons on radio cards
* Cull un-used sentinel policies
---------
Co-authored-by: Mike Nomitch <mail@mikenomitch.com>
Adds Namespace UI to Access Control - Also adds two step buttons to other Access Control pages
---------
Co-authored-by: Phil Renaud <phil@riotindustries.com>
* Rename pages to include roles
* Models and adapters
* [ui] Any policy checks in the UI now check for roles' policies as well as token policies (#18346)
* combinedPolicies as a concept
* Classic decorator on role adapter
* We added a new request for roles, so the test based on a specific order of requests got fickle fast
* Mirage roles cluster scaffolded
* Acceptance test for roles and policies on the login page
* Update mirage mock for nodes fetch to account for role policies / empty token.policies
* Roles-derived policies checks
* [ui] Access Control with Roles and Tokens (#18413)
* top level policies routes moved into access control
* A few more routes and name cleanup
* Delog and test fixes to account for new url prefix and document titles
* Overview page
* Tokens and Roles routes
* Tokens helios table
* Add a role
* Hacky role page and deletion
* New policy keyboard shortcut and roles breadcrumb nav
* If you leave New Role but havent made any changes, remove the newly-created record from store
* Roles index list and general role route crud
* Roles index actually links to roles now
* Helios button styles for new roles and policies
* Handle when you try to create a new role without having any policies
* Token editing generally
* Create Token functionality
* Cant delete self-token but management token editing and deleting is fine
* Upgrading helios caused codemirror to explode, shimmed
* Policies table fix
* without bang-element condition, modifier would refire over and over
* Token TTL or Time setting
* time will take you on
* Mirage hooks for create and list roles
* Ensure policy names only use allow characters in mirage mocks
* Mirage mocked roles and policies in the default cluster
* log and lintfix
* chromedriver to 2.1.2
* unused unit tests removed
* Nice profile dropdown
* With the HDS accordion, rename our internal component scss ref
* design revisions after discussion
* Tooltip on deleted-policy tokens
* Two-step button peripheral isDeleting gcode removed
* Never to null on token save
* copywrite headers added and empty routefiles removed
* acceptance test fixes for policies endpoint
* Route for updating a token
* Policies testfixes
* Ember on-click-outside modifier upgraded with general ember-modifier upgrade
* Test adjustments to account for new profile header dropdown
* Test adjustments for tokens via policy pages
* Removed an unused route
* Access Control index page tests
* a11y tests
* Tokens index acceptance tests generally
* Lintfix
* Token edit page tests
* Token editing tests
* New token expiration tests
* Roles Index tests
* Role editing policies tests
* A complete set of Access Control Roles tests
* Policies test
* Be more specific about which row to check for expiration time
* Nil check on expirationTime equality
* Management tokens shouldnt show No Roles/Policies, give them their own designation
* Route guard on selftoken, conditional columns, and afterModel at parent to prevent orphaned policies on tokens/roles from stopping a new save
* Policy unloading on delete and other todos plus autofocus conditionally re-enabled
* Invalid policies non-links now a concept for Roles index
* HDS style links to make job.variables.alert links look like links again
* Mirage finding looks weird so making model async in hash even though redundant
* Drop rsvp
* RSVP wasnt the problem, cached lookups were
* remove old todo comments
* de-log
* Bones of a component that has job variable awareness
* Got vars listed woo
* Variables as its own subnav and some pathLinkedVariable perf fixes
* Automatic Access to Variables alerter
* Helper and component to conditionally render the right link
* A bit of cleanup post-template stuff
* testfix for looping right-arrow keynav bc we have a new subnav section
* A very roundabout way of ensuring that, if a job exists when saving a variable with a pathLinkedEntity of that job, its saved right through to the job itself
* hacky but an async version of pathLinkedVariable
* model-driven and async fetcher driven with cleanup
* Only run the update-job func if jobname is detected in var path
* Test cases begun
* Management token for variables to appear in tests
* Its a management token so it gets to see the clients tab under system jobs
* Pre-review cleanup
* More tests
* Number of requests test and small fix to groups-by-way-or-resource-arrays elsewhere
* Variable intro text tests
* Variable name re-use
* Simplifying our wording a bit
* parse json vs plainId
* Addressed PR feedback, including de-waterfalling
* Fix for wildcard DC sys/sysbatch jobs
* A few extra modules for wildcard DC in systemish jobs
* doesMatchPattern moved to its own util as match-glob
* DC glob lookup using matchGlob
* PR feedback
* basic-functionality demo for token CRUD
* Styling for tokens crud
* Tokens crud styles
* Expires, not expiry
* Mobile styles etc
* Refresh and redirect rules for policy save and token creation
* Delete method and associated serializer change
* Ability-checking for tokens
* Update policies acceptance tests to reflect new redirect rules
* Token ability unit tests
* Mirage config methods for token crud
* Token CRUD acceptance tests
* A couple visual diff snapshots
* Add and Delete abilities referenced for token operations
* Changing timeouts and adding a copy to clipboard action
* replaced accessor with secret when copying to clipboard
* PR comments addressed
* Simplified error passing for policy editor
ACL Policies aren't required to have any `namespace` blocks, and this is
particularly common with the anonymous policy. If a user visits the web UI
without a token already in their local storage and the anonymous policy has no
`namespace` blocks, the UI will hit unhandled exceptions when rendering the
sidebar or jobs page.
Filter for the case where there's no `namespace` block.
* Changelog and lintfix
* Changelog removed
* Forbidden state on individual variables
* CanRead checked on variable path links
* Mirage fixture with lesser secure variables access, temporary fix for * namespaces
* Read flow acceptance tests
* Unit tests for variable.canRead
* lintfix
* TODO squashed, thanks Jai
* explicitly link mirage fixture vars to jobs via namespace
* Typofix; delete to read
* Linking the original alloc
* Percy snapshots uniquely named
* Guarantee that the alloc we depend on has tasks within it
* Logging variables
* Trying to skip delete
* Now without create flow either
* Dedicated cluster fixture for testing variables
* Disambiguate percy calls
* Check against all your policies' namespaces' secvars' paths' capabilities to see if you can list vars
* Changelog and lintfix
* Unit tests for list-vars
* Removed unused computed dep
* Changelog removed
* refact: namespace should be bound property
* chore: pass bound namespace property in template
* chore: update tests to account for bound namespace refactoring
* test: add test coverage for factoring namespace in path matching algo
* variables.new initialized
* Hacky but savey
* Variable wildcard route and multiple creatable at a time
* multiple KVs per variable
* PR Prep cleanup and lintfix
* Delog
* Data mocking in mirage for variables
* Linting fixes
* Re-implement absent params
* Adapter and model tests
* Moves the path-as-id logic to a serializer instead of adapter
* Classic to serializer and lint cleanup
* Pluralized save button (#13140)
* Autofocus modifier and better Add More button UX (#13145)
* Secure Variables: show/hide functionality when adding new values (#13137)
* Flight Icons added and show hide functionality
* PR cleanup
* Linting cleanup
* Position of icon moved to the right of input
* PR feedback addressed
* Delete button and stylistic changes to show hide
* Hmm, eslint doesnt like jsdoc-usage as only reason for import
* More closely match the button styles and delete test
* Simplified new.js model
* Secure Variables: /variables/*path/edit route and functionality (#13170)
* Variable edit page init
* Significant change to where we house model methods
* Lintfix
* Edit a variable tests
* Remove redundant tests
* Asserts expected
* Mirage factory updated to reflect model state
* Route init
* Bones of a mirage-mocked secure variables policy
* Functinoing policy for list vars
* Delog and transition on route
* Basic guard test
* Page guard tests for secure variables
* Cleanup and unit tests for variables ability
* Linter cleanup
* Set expectations for test assertions
* PR feedback addressed
* Read label changed to View per suggestion
* Allow running jobs from a namespace-limited token
* qpNamespace cleanup
* Looks like parse can deal with a * namespace
* A little diff cleanup
* Defensive destructuring
* Removing accidental friendly-fire on can-scale
* Testfix: Job run buttons from jobs index
* Testfix: activeRegion job adapter string
* Testfix: unit tests for job abilities correctly reflect the any-namespace rule
* Testfix: job editor test looks for requests with namespace applied on plan
* ui: add parameterized dispatch interface
This commit adds a new interface for dispatching parameteried jobs, if
the user has the right permissions. The UI can be accessed by viewing a
parameterized job and clicking on the "Dispatch Job" button located in
the "Job Launches" section.
* fix failing lint test
* clean up dispatch and remove meta
This commit cleans up a few things that had typos and
inconsistent naming. In line with this, the custom
`meta` view was removed in favor of using the
included `AttributesTable`.
* ui: encode dispatch job payload and start adding tests
* ui: remove unused test imports
* ui: redesign job dispatch form
* ui: initial acceptance tests for dispatch job
* ui: generate parameterized job children with correct id format
* ui: fix job dispatch breadcrumb link
* ui: refactor job dispatch component into glimmer component and add form validation
* ui: remove unused CSS class
* ui: align job dispatch button
* ui: handle namespace-specific requests on job dispatch
* ui: rename payloadMissing to payloadHasError
* ui: don't re-fetch job spec on dispatch job
* ui: keep overview tab selected on job dispatch page
* ui: fix task and task-group linting
* ui: URL encode job id on dispatch job tests
* ui: fix error when job meta is null
* ui: handle job dispatch from adapter
* ui: add more tests for dispatch job page
* ui: add "job dispatch" capability check
* ui: update job dispatch from code review
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
This rethinks namespaces as a filter on list pages rather than a global setting.
The biggest net-new feature here is being able to select All (*) to list all jobs
or CSI volumes across namespaces.
Without this, visiting any job detail page on Nomad OSS would crash with
an error like this:
Error: Ember Data Request GET
/v1/recommendations?job=ping%F0%9F%A5%B3&namespace=default returned a
404 Payload (text/xml)
The problem was twofold.
1. The recommendation ability didn’t include anything about checking
whether the feature was present. This adds a request to
/v1/operator/license on application load to determine which features are
present and store them in the system service. The ability now looks for
'Dynamic Application Sizing' in that feature list.
2. Second, I didn’t check permissions at all in the job-fetching or job
detail templates.
Manual interventions:
• decorators on the same line for service and controller
injections and most computed property macros
• preserving import order when possible, both per-line
and intra-line
• moving new imports to the bottom
• removal of classic decorator for trivial cases
• conversion of init to constructor when appropriate
This builds on API changes in #6017 and #6021 to conditionally turn off the
“Run Job” button based on the current token’s capabilities, or the capabilities
of the anonymous policy if no token is present.
If you try to visit the job-run route directly, it redirects to the job list.
