If Normandy admin is not available, read from the public Normandy API

[mythmon]

In #297, we're adding the availability of the Normandy Admin to the state. Based on that information, we should fetch data from the read-only server when appropriate. This covers reading the value from state and acting accordingly, and also reacting accordingly to the value changing.

[emceeaich]

This would be useful.

[peterbe]

We chatted about this and made a tentative plan.

In #682 we sprinkled in a bunch of code near actions that are about writing. E.g. creating a recipe, or approval an approval request. Basically, the presence of a button depends on your logged-in state. Also, for pages that you shouldn't be able to reach (like the Add Recipe page) instead of hiding any buttons we show an error. E.g. https://github.com/mozilla/delivery-console/pull/682/files#diff-abfcdeea0dfbf8ee4054cc011c3ca76dR57

In all places where we do that, we should also check that your VPN connection is valid/working. So it'll be something like this:

// Component <AddRecipe/>

render() {
  if (!userProfile) {
    return <AuthenticationAlert description="You must be logged in to create an extension." />
  } else if (!vpnActive) {
    return <AuthenticationAlert description="You must be on the VPN to make any changes" />
  }
  ... // as before
}

[peterbe]

One concern I have is that if you're not on the VPN you might be losing out because what you see is out of date.

According to the docs...

"The public server is served through a CDN with a cache time of a few minutes."

So, if you're not on the VPN, DC will use the "Public Read-only API server" which might always be a bit old.

We could try to use text to explain this to the users. But users don't read. They might; if it's a loud "flash message" near the top of the page.
Our saving grace is that if the VPN isn't working, the little VPN button near the top is going to be red which will raise some thoughts.

[mythmon]

I don't think the CDN delay is a big deal. The cache headers on https://normandy.cdn.mozilla.net/api/v3/recipe/ say it will only be cached for 30 seconds, which doesn't seem like a large burden. (I realize this is contrary to what I wrote in the docs, I was intentionally being vague there).

If this is a problem, I think we could include a small badge that says the data is up-to-date as of the value of the Date header of the request. That might actually be worth doing anyways, because it can help with stale pages that have been open a while.

[peterbe]

It only just now occurred to me the brilliance of the issue title here. The read-only URL would only be used if the read-write URL (aka. through VPN) is NOT available.

That means that we won't have the potential caching problem @mythmon mentioned here. I.e. if you've managed to make a XHR POST over the VPN, then continue to do all reads from the VPN URL henceforth.