Network policy forms: hide unavailable features for admin users #9628
Conversation
frontend/public/models/index.ts
Outdated
| label: 'Network', | ||
| labelPlural: 'Networks', | ||
| apiVersion: 'v1', | ||
| apiGroup: 'operator.openshift.io', |
There was a problem hiding this comment.
If I remember correctly there's also Network in "config.openshift.io" api group that can be used (it also contains CNI type info), do you know if one is more relevant than another?
There was a problem hiding this comment.
I found multiple ways to fetch/guess the network type, but I used this because it's the only method I saw properly documented: https://docs.openshift.com/container-platform/4.7/networking/cluster-network-operator.html#nw-operator-cr_cluster-network-operator
So I decided to use the above documentation as a source of truth. But I might have missed the config.openshift.io api group. Does it provide any benefit with respect to operatior.openshift.io?
There was a problem hiding this comment.
It's documented as well: https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/network-config-openshift-io-v1.html
We might need to ask the SDN team to know more about the difference
| */ | ||
| export const useClusterNetworkFeatures = (): [ClusterNetworkFeatures, boolean] => { | ||
| const [features, setFeatures] = React.useState<ClusterNetworkFeatures>(); | ||
| const [featuresLoaded, setFeaturesLoaded] = React.useState(false); |
There was a problem hiding this comment.
I wonder if we want to distinguish the "not yet loaded" state versus "unknown" state, or we could say it's the same thing. We could argue that features are unknown until they are loaded, and hence remove this featuresLoaded state. What do you think?
There was a problem hiding this comment.
I'm afraid that sometimes this could cause some kind of annoying warning message that is initially shown and immediately hidden after the page is loaded.
The other way, the unsupported fields are initially hidden and immediately shown after the page is loaded. This would give a more "natural" feeling of a page being progressively loaded.
What do you think?
There was a problem hiding this comment.
Yeah, I've tried locally, it generates some blinking effect that isn't very nice indeed. Ok to keep as you did
| const [network, networkLoaded] = useK8sGet<K8sResourceKind>(clusterNetworkModel, networkName); | ||
| React.useEffect(() => { | ||
| const cniType = ClusterNetworkType[network?.spec?.defaultNetwork?.type]; | ||
| setFeatures(featuresDocument[cniType ? cniType : ClusterNetworkType.Unknown]); |
There was a problem hiding this comment.
Nitpicking: if I'm correct, cniType ? cniType : ClusterNetworkType.Unknown can be written cniType ?? ClusterNetworkType.Unknown as well (nullish coalescing) ( I'm being a smart ass but just learned this this week :-) )
There was a problem hiding this comment.
aaah yeah, I actually was looking for something like that but didn't find it. As a non-native TS coder, I was looking for the "elvis operator ?:" but didn't find anything by this term. Thank you!
openshift-ci
bot
added
the
kind/i18n
| </li> | ||
| </ul> | ||
| <p> | ||
| {t('public~More information:')} |
There was a problem hiding this comment.
I would add another sentence to help the user understand what he has to do with this message, something like: "Refer to your cluster administrator to know which network provider is used".
|
/assign @rohitkrai03 |
Related JIRA issue: https://issues.redhat.com/browse/NETOBSERV-27 For a user with sufficient permissions (e.g. admin) using ovn-k network type, all network policy feature are available and no special information is displayed about it. For a user with sufficient permissions (e.g. admin) using openshift-sdn network type, egress section and IP block exceptions are hidden, and no special information is displayed about it. For a user with insufficient permissions to get the network type, all network policy features are visible but an informative message is displayed about potential unavailable features.
The following parts have been hidden for OpenShiftSDN CNI type: - "Exceptions" label in network policy peer IP blocks. - The whole "Egress" section in the new policy form.
Previously, we used operator.openshift.io, but we moved to config because this way we could detect other network types (e.g. Calico).
Kept the alert title as a single-line message, and move the rest of the message into the alert body.
|
/label qe-approved |
openshift-ci
bot
added
the
qe-approved
|
/retest |
|
/lgtm |
|
Pinging @rohitkrai03 for a review, as indicated by the openshift-ci bot. |
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
removed
the
needs-rebase
| import { useK8sGet } from '@console/internal/components/utils/k8s-get-hook'; | ||
| import { NetworkPolicyForm } from '../../components/network-policies/network-policy-form'; | ||
|
|
||
| jest.mock('react-i18next', () => { |
There was a problem hiding this comment.
We have a global mock for this now that you should be able use: https://github.com/openshift/console/blob/master/frontend/__mocks__/react-i18next.ts
| import { NetworkPolicyPeerIPBlock } from '../../components/network-policies/network-policy-peer-ipblock'; | ||
|
|
||
| const i18nNS = 'public'; | ||
| jest.mock('react-i18next', () => { |
There was a problem hiding this comment.
Sam comment here. You should be able to use the global mock.
| const namespace = getActiveNamespace(); | ||
|
|
||
| const namespaceProps = { | ||
| namespace: getActiveNamespace(), |
There was a problem hiding this comment.
Prefer useActiveNamespace hook.
| return ( | ||
| <div className="co-m-pane__body co-m-pane__form"> | ||
| <h1 className="co-m-pane__heading co-m-pane__heading--baseline"> | ||
| <div className="co-m-pane__name">{t('public~Create NetworkPolicy')}</div> | ||
| <div className="co-m-pane__heading-link"> | ||
| <Link | ||
| to={`/k8s/ns/${namespace}/networkpolicies/~new`} | ||
| to={`/k8s/ns/${namespaceProps.namespace}/networkpolicies/~new`} |
There was a problem hiding this comment.
I would build the base URL with resourcePathFromModel then append /~new. (Eventually we'll add a cluster path section, so better to use the utility.)
| @@ -8,15 +8,16 @@ import './_create-network-policy.scss'; | |||
|
|
|||
| export const CreateNetworkPolicy: React.FunctionComponent<{}> = () => { | |||
There was a problem hiding this comment.
nit: Other parts of the console use the shorthand React.FC. Not important to change for this PR, but it would be good to stay consistent.
| networkFeatures?.PolicyPeerIPBlockExceptions === undefined && ( | ||
| <Alert | ||
| variant="info" | ||
| title={<p>{t('public~When using the OpenShift SDN cluster network provider:')}</p>} |
There was a problem hiding this comment.
I think the alert title gets a heading element, in which case you wouldn't want to use p. Does this change the padding for the layout?
| @@ -332,3 +369,5 @@ export const NetworkPolicyForm: React.FunctionComponent<NetworkPolicyFormProps> | |||
| </Form> | |||
| ); | |||
| }; | |||
|
|
|||
| export const NetworkPolicyForm = connectToFlags(FLAGS.OPENSHIFT)(NetworkPolicyFormComponent); | |||
frontend/public/models/index.ts
Outdated
| apiVersion: 'v1', | ||
| apiGroup: 'config.openshift.io', | ||
| plural: 'networks', | ||
| abbr: '', |
There was a problem hiding this comment.
You'll want to define an abbr that is used in the badge to the left of links. Even if you don't have a details page for this resource, the badge can still show up (e.g. in the search page).
frontend/packages/console-app/src/components/network-policies/network-policy-form.tsx
Show resolved
Hide resolved
|
/test e2e-gcp-console |
|
/cc @spadgett |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jotak, mariomac, nathan-weinberg, spadgett The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/docs-approved |
|
/label px-approved |
openshift-ci
bot
added
the
px-approved
/label docs-approved |
openshift-ci
bot
added
the
docs-approved
Related JIRA issue: https://issues.redhat.com/browse/NETOBSERV-27
For a user with sufficient permissions (e.g. admin) using ovn-k8s network type,
all network policy features are available and no special information is
displayed about it.
For a user with sufficient permissions (e.g. admin) using openshift-sdn network
type, egress section and IP block exceptions are hidden, and no special
information is displayed about it.
For a user with insufficient permissions to get the network type, all network
policy features are visible but an informative message is displayed about
potential unavailable features.