@rancher/shell 3.0.12-rc.4 → 3.0.12-rc.5

package/components/form/__tests__/SelectOrCreateAuthSecret.test.ts

@@ -66,4 +66,126 @@ describe('component: SelectOrCreateAuthSecret', () => {
 
     expect(passwordLabeledInput!.props('labelKey')).toBe(expectedLabelKey);
   });
+
+  describe('GitHub App auth', () => {
+    const githubAppSetup = () => mount(SelectOrCreateAuthSecret, {
+      ...requiredSetup(),
+      props: {
+        mode:               _EDIT,
+        namespace:          'default',
+        value:              {},
+        allowGithubApp:     true,
+        registerBeforeHook: () => {},
+      },
+      data() {
+        return { selected: AUTH_TYPE._GITHUB_APP } as any;
+      }
+    });
+
+    it('should render the three GitHub App fields when selected', () => {
+      const wrapper = githubAppSetup();
+
+      expect(wrapper.find('[data-testid="auth-secret-github-app-id"]').exists()).toBe(true);
+      expect(wrapper.find('[data-testid="auth-secret-github-app-installation-id"]').exists()).toBe(true);
+      expect(wrapper.find('[data-testid="auth-secret-github-app-private-key"]').exists()).toBe(true);
+      expect(wrapper.find('[data-testid="auth-secret-github-app-private-key-file"]').exists()).toBe(true);
+    });
+
+    it('should not narrow the select column for GitHub App (keeps span-6)', () => {
+      const wrapper = githubAppSetup();
+
+      expect((wrapper.vm as any).firstCol).toBe('col span-6');
+    });
+
+    it('should emit inputauthval with the GitHub App field values', async() => {
+      const wrapper = githubAppSetup();
+
+      await wrapper.setData({
+        githubAppId:             'app-id',
+        githubAppInstallationId: 'installation-id',
+        githubAppPrivateKey:     'private-key',
+      });
+
+      const emitted = wrapper.emitted('inputauthval') as any[];
+      const last = emitted[emitted.length - 1][0];
+
+      expect(last).toStrictEqual({
+        selected:                AUTH_TYPE._GITHUB_APP,
+        publicKey:               '',
+        privateKey:              '',
+        githubAppId:             'app-id',
+        githubAppInstallationId: 'installation-id',
+        githubAppPrivateKey:     'private-key',
+      });
+    });
+
+    it('should populate the private key when a file is read', async() => {
+      const wrapper = githubAppSetup();
+
+      const fileSelector = wrapper.findComponent({ name: 'FileSelector' });
+
+      await fileSelector.vm.$emit('selected', 'key-from-file');
+
+      expect((wrapper.vm as any).githubAppPrivateKey).toBe('key-from-file');
+    });
+
+    it.each([
+      ['offer', true],
+      ['not offer', false],
+    ])('should %s the GitHub App create option when allowGithubApp is %p', (_, allowGithubApp) => {
+      const wrapper = mount(SelectOrCreateAuthSecret, {
+        ...requiredSetup(),
+        props: {
+          mode:               _EDIT,
+          namespace:          'default',
+          value:              {},
+          allowGithubApp,
+          registerBeforeHook: () => {},
+        },
+      });
+
+      const hasGithubAppOption = (wrapper.vm as any).options
+        .some((o: any) => o.value === AUTH_TYPE._GITHUB_APP);
+
+      expect(hasGithubAppOption).toBe(allowGithubApp);
+    });
+
+    it('should list existing GitHub App secrets but exclude plain Opaque secrets', () => {
+      const githubAppSecret = {
+        _type:          'Opaque',
+        isGithubApp:    true,
+        id:             'default/gh-app',
+        dataPreview:    '3 keys',
+        subTypeDisplay: 'Opaque',
+        metadata:       { name: 'gh-app', namespace: 'default' },
+      };
+      const plainOpaqueSecret = {
+        _type:          'Opaque',
+        isGithubApp:    false,
+        id:             'default/plain',
+        dataPreview:    '1 key',
+        subTypeDisplay: 'Opaque',
+        metadata:       { name: 'plain', namespace: 'default' },
+      };
+
+      const wrapper = mount(SelectOrCreateAuthSecret, {
+        ...requiredSetup(),
+        props: {
+          mode:               _EDIT,
+          namespace:          'default',
+          value:              {},
+          allowGithubApp:     true,
+          registerBeforeHook: () => {},
+        },
+        data() {
+          return { allSecrets: [githubAppSecret, plainOpaqueSecret] } as any;
+        }
+      });
+
+      const optionValues = (wrapper.vm as any).options.map((o: any) => o.value);
+
+      expect(optionValues).toContain('default/gh-app');
+      expect(optionValues).not.toContain('default/plain');
+    });
+  });
 });

package/components/formatter/EtcdSnapshotName.vue

@@ -0,0 +1,73 @@
+<script>
+import { get } from '@shell/utils/object';
+
+export default {
+  props: {
+    value: {
+      type:    String,
+      default: ''
+    },
+    row: {
+      type:     Object,
+      required: true
+    },
+    col: {
+      type:    Object,
+      default: () => ({})
+    },
+    reference: {
+      type:    String,
+      default: null,
+    },
+    getCustomDetailLink: {
+      type:    Function,
+      default: null
+    }
+  },
+
+  computed: {
+    to() {
+      if (this.getCustomDetailLink) {
+        return this.getCustomDetailLink(this.row);
+      }
+      if ( this.row && this.reference ) {
+        return get(this.row, this.reference);
+      }
+
+      return this.row?.detailLocation;
+    },
+
+    showPredatesImportIcon() {
+      return !!this.row?.isSnapshotTooOld;
+    },
+
+    predatesImportMessage() {
+      return this.t('cluster.snapshot.predatesImportTooltip');
+    },
+  }
+};
+</script>
+
+<template>
+  <span>
+    <router-link
+      v-if="to"
+      :to="to"
+    >
+      {{ value }}
+    </router-link>
+    <span v-else>
+      {{ value }}
+      <template v-if="!value && col.dashIfEmpty">
+        <span class="text-muted">&mdash;</span>
+      </template>
+    </span>
+    <i
+      v-if="showPredatesImportIcon"
+      v-clean-tooltip="{ content: predatesImportMessage, triggers: ['hover', 'touch', 'focus'] }"
+      v-stripped-aria-label="predatesImportMessage"
+      tabindex="0"
+      class="icon icon-error text-error ml-5"
+    />
+  </span>
+</template>

package/components/nav/Header.vue

@@ -30,6 +30,7 @@ import {
   RcDropdownTrigger
 } from '@components/RcDropdown';
 import { SLO_AUTH_PROVIDERS } from '@shell/store/auth';
+import { CLUSTER_SHELL } from '@shell/store/features';
 
 export default {
 
@@ -147,10 +148,16 @@ export default {
       return true;
     },
 
+    // Does the user have permissions to use the shell
     shellEnabled() {
       return !!this.currentCluster?.links?.shell;
     },
 
+    // Is the feature flag enabled for cluster shell access?
+    shellFeatureEnabled() {
+      return !!this.$store.getters['features/get'](CLUSTER_SHELL);
+    },
+
     showKubeShell() {
       return !this.rootProduct?.hideKubeShell;
     },
@@ -629,7 +636,7 @@ export default {
           </button>
 
           <button
-            v-if="showKubeShell"
+            v-if="showKubeShell && shellFeatureEnabled"
             id="btn-kubectl"
             v-clean-tooltip="t('nav.shellShortcut', {key: shellShortcut})"
             v-shortkey="{windows: ['ctrl', '`'], mac: ['meta', '`']}"

package/components/templates/default.vue

@@ -25,6 +25,7 @@ import { getClusterFromRoute, getProductFromRoute } from '@shell/utils/router';
 import SideNav from '@shell/components/SideNav';
 import { Layout } from '@shell/types/window-manager';
 import { RcButton } from '@components/RcButton';
+import { CLUSTER_SHELL } from '@shell/store/features';
 
 const SET_LOGIN_ACTION = 'set-as-login';
 
@@ -140,6 +141,7 @@ export default {
       debugger;
     },
 
+    // Open the shell for the current cluster if the user has permissions and the feature is enabled (invoked via keyboard shortcut)
     async toggleShell() {
       const clusterId = this.$route.params.cluster;
 
@@ -147,6 +149,11 @@ export default {
         return;
       }
 
+      // Cluster shell is disabled via feature flag
+      if (!this.$store.getters['features/get'](CLUSTER_SHELL)) {
+        return;
+      }
+
       const cluster = await this.$store.dispatch('management/find', {
         type: MANAGEMENT.CLUSTER,
         id:   clusterId,

package/config/features.js

@@ -4,3 +4,4 @@ export const ONE_WAY = [
 
 export const HARVESTER_NAME = 'harvester';
 export const SCHEDULING_CUSTOMIZATION = 'cluster-agent-scheduling-customization';
+export const IMPORTED_DAY_2_OPS = 'imported-day-2-ops';

package/config/labels-annotations.js

@@ -150,6 +150,8 @@ export const RKE = { EXTERNAL_IP: 'rke.cattle.io/external-ip' };
 
 export const SNAPSHOT = { CLUSTER_NAME: 'rke.cattle.io/cluster-name' };
 
+export const OPERATION_ANNOTATIONS = { ENABLED: 'operations.cattle.io/ops-enabled' };
+
 export const ISTIO = { AUTO_INJECTION: 'istio-injection' };
 
 const CATTLE_REGEX = /cattle\.io\//;

package/config/product/manager.js

@@ -10,6 +10,7 @@ import {
   HCI,
   MANAGEMENT,
   SNAPSHOT,
+  OPERATION,
   VIRTUAL_TYPES,
   HOSTED_PROVIDER,
   SAVED_COUNTS
@@ -80,6 +81,11 @@ export function init(store) {
   configureType(SNAPSHOT, { depaginate: true });
   configureType(CATALOG.CLUSTER_REPO, { listCreateButtonLabelKey: 'catalog.repo.add' });
 
+  // Day 2 operation CRDs - read-only, not user-creatable or editable
+  configureType(OPERATION.ETCD_SNAPSHOT, { isCreatable: false, isEditable: false });
+  configureType(OPERATION.ETCD_SNAPSHOT_RESTORE, { isCreatable: false, isEditable: false });
+  configureType(OPERATION.ENCRYPTION_KEY_ROTATE, { isCreatable: false, isEditable: false });
+
   configureType(CAPI.RANCHER_CLUSTER, {
     showListMasthead: false, namespaced: false, alias: [HCI.CLUSTER]
   });

package/config/secret.ts

@@ -13,3 +13,13 @@ export const SECRET_TYPES = {
   RKE_AUTH_CONFIG:   'rke.cattle.io/auth-config',
   FLEET_OCI_STORAGE: 'fleet.cattle.io/bundle-oci-storage/v1alpha1'
 };
+
+/**
+ * Data keys for a Fleet GitHub App authentication secret (stored as an Opaque secret).
+ * Shared so the create flows stay in sync.
+ */
+export const GITHUB_APP_SECRET_KEYS = {
+  APP_ID:          'github_app_id',
+  INSTALLATION_ID: 'github_app_installation_id',
+  PRIVATE_KEY:     'github_app_private_key',
+};

package/config/settings.ts

@@ -67,6 +67,7 @@ export const SETTING = {
   UI_DASHBOARD_HARVESTER_LEGACY_PLUGIN:          'ui-dashboard-harvester-legacy-plugin',
   UI_OFFLINE_PREFERRED:                          'ui-offline-preferred',
   SYSTEM_DEFAULT_REGISTRY:                       'system-default-registry',
+  SYSTEM_DEFAULT_REGISTRY_PULL_SECRETS:          'system-default-registry-pull-secrets',
   UI_ISSUES:                                     'ui-issues',
   PL:                                            'ui-pl',
   PL_RANCHER_VALUE:                              'rancher',
@@ -124,6 +125,7 @@ export const SETTING = {
    */
   DYNAMIC_CONTENT_ENABLED:                       'ui-content-enabled',
   DYNAMIC_CONTENT_ENDPOINT:                      'ui-content-endpoint',
+  IMPORTED_CLUSTER_DAY2_OPS_DEFAULT:             'imported-cluster-day2-ops-enabled'
 } as const;
 
 // These are the settings that are allowed to be edited via the UI
@@ -163,6 +165,7 @@ export const ALLOWED_SETTINGS: GlobalSetting = {
   [SETTING.SERVER_URL]:                           { kind: 'url', canReset: true },
   [SETTING.RKE_METADATA_CONFIG]:                  { kind: 'json' },
   [SETTING.SYSTEM_DEFAULT_REGISTRY]:              {},
+  [SETTING.SYSTEM_DEFAULT_REGISTRY_PULL_SECRETS]: {},
   [SETTING.UI_DASHBOARD_INDEX]:                   {},
   [SETTING.UI_OFFLINE_PREFERRED]:                 {
     kind:    'enum',
@@ -184,12 +187,12 @@ export const ALLOWED_SETTINGS: GlobalSetting = {
     ruleSet: [{ name: 'minValue', factoryArg: 1 }]
   },
   [SETTING.IMPORTED_CLUSTER_VERSION_MANAGEMENT]:           { kind: 'boolean' },
+  [SETTING.IMPORTED_CLUSTER_DAY2_OPS_DEFAULT]:             { kind: 'boolean' },
   // Configuration setup for agent configuration. Setting this up will activate the specific banner configuration.
   [SETTING.CLUSTER_AGENT_DEFAULT_PRIORITY_CLASS]:          { kind: 'json', agent: AGENT_CONFIGURATION_TYPES.CLUSTER },
   [SETTING.CLUSTER_AGENT_DEFAULT_POD_DISTRIBUTION_BUDGET]: { kind: 'json', agent: AGENT_CONFIGURATION_TYPES.CLUSTER },
   [SETTING.FLEET_AGENT_DEFAULT_PRIORITY_CLASS]:            { kind: 'json', agent: AGENT_CONFIGURATION_TYPES.FLEET },
-  [SETTING.FLEET_AGENT_DEFAULT_POD_DISTRIBUTION_BUDGET]:   { kind: 'json', agent: AGENT_CONFIGURATION_TYPES.FLEET }
-
+  [SETTING.FLEET_AGENT_DEFAULT_POD_DISTRIBUTION_BUDGET]:   { kind: 'json', agent: AGENT_CONFIGURATION_TYPES.FLEET },
 };
 
 /**
@@ -206,6 +209,7 @@ export const PROVISIONING_SETTINGS = [
   SETTING.CLUSTER_AGENT_DEFAULT_POD_DISTRIBUTION_BUDGET,
   SETTING.FLEET_AGENT_DEFAULT_PRIORITY_CLASS,
   SETTING.FLEET_AGENT_DEFAULT_POD_DISTRIBUTION_BUDGET,
+  SETTING.IMPORTED_CLUSTER_DAY2_OPS_DEFAULT
 ];
 
 /**

package/config/types.js

@@ -219,6 +219,12 @@ export const LONGHORN_VERSION_V2 = 'LonghornV2';
 
 export const SNAPSHOT = 'rke.cattle.io.etcdsnapshot';
 
+export const OPERATION = {
+  ETCD_SNAPSHOT:         'operation.cattle.io.etcdsnapshotsave',
+  ETCD_SNAPSHOT_RESTORE: 'operation.cattle.io.etcdsnapshotrestore',
+  ENCRYPTION_KEY_ROTATE: 'operation.cattle.io.encryptionkeyrotation',
+};
+
 // --------------------------------------
 // 2. Only if Rancher is installed
 // --------------------------------------
@@ -400,6 +406,7 @@ export const AUTH_TYPE = {
   _S3:                '_S3',
   _RKE:               '_RKE',
   _IMAGE_PULL_SECRET: '_IPS',
+  _GITHUB_APP:        '_GITHUB_APP',
 };
 
 export const LOCAL_CLUSTER = 'local';

package/detail/provisioning.cattle.io.cluster.vue

@@ -6,7 +6,9 @@ import SortableTable from '@shell/components/SortableTable';
 import CopyCode from '@shell/components/CopyCode';
 import Tab from '@shell/components/Tabbed/Tab';
 import { allHash } from '@shell/utils/promise';
-import { CAPI, MANAGEMENT, NORMAN, SNAPSHOT } from '@shell/config/types';
+import {
+  CAPI, MANAGEMENT, NORMAN, SNAPSHOT, OPERATION
+} from '@shell/config/types';
 import {
   STATE, NAME as NAME_COL, AGE, INTERNAL_EXTERNAL_IP, STATE_NORMAN, ROLES, MACHINE_NODE_OS, MANAGEMENT_NODE_OS, NAME,
 } from '@shell/config/table-headers';
@@ -149,6 +151,21 @@ export default {
       fetchOne.snapshots = this.$store.dispatch('management/findAll', { type: SNAPSHOT });
     }
 
+    // Fetch operation CRDs for clusters with day 2 ops enabled
+    if ( this.value.isImportedWithDayTwoOps ) {
+      const operationTypes = [
+        OPERATION.ETCD_SNAPSHOT,
+        OPERATION.ETCD_SNAPSHOT_RESTORE,
+        OPERATION.ENCRYPTION_KEY_ROTATE,
+      ];
+
+      for (const opType of operationTypes) {
+        if (this.$store.getters['management/canList'](opType)) {
+          fetchOne[`operations_${ opType }`] = this.$store.dispatch('management/findAll', { type: opType });
+        }
+      }
+    }
+
     if ( this.value.isImported || this.value.isCustom || this.value.isHostedKubernetesProvider ) {
       fetchOne.clusterToken = this.value.getOrCreateToken();
     }
@@ -292,6 +309,7 @@ export default {
         registration: true, // in this component
         snapshots:    true, // in this component
         autoscaler:   true, // in this component
+        operations:   true, // in this component
         related:      true, // in ResourceTabs
         events:       true, // in ResourceTabs
         conditions:   true, // in ResourceTabs
@@ -477,13 +495,54 @@ export default {
     showSnapshots() {
       if (this.value.isRke1) {
         return false;
-      } else if (this.value.isRke2) {
+      } else if (this.value.isRke2 || (this.value.isImported && this.value.isDayTwoOpsEnabled)) {
         return this.$store.getters['management/canList'](SNAPSHOT) && this.extDetailTabs.snapshots;
       }
 
       return false;
     },
 
+    showOperations() {
+      return this.value.isImportedWithDayTwoOps && this.extDetailTabs.operations;
+    },
+
+    clusterOperations() {
+      if (!this.value.isImportedWithDayTwoOps) {
+        return [];
+      }
+
+      const mgmtId = this.value.mgmt?.id;
+      const operationTypes = [
+        OPERATION.ETCD_SNAPSHOT,
+        OPERATION.ETCD_SNAPSHOT_RESTORE,
+        OPERATION.ENCRYPTION_KEY_ROTATE,
+      ];
+
+      const allOps = [];
+
+      for (const opType of operationTypes) {
+        const resources = this.$store.getters['management/all'](opType) || [];
+
+        allOps.push(...resources.filter((op) => op.spec?.clusterRef?.name === mgmtId));
+      }
+
+      return allOps;
+    },
+
+    operationHeaders() {
+      return [
+        STATE,
+        NAME,
+        {
+          name:     'type',
+          labelKey: 'tableHeaders.type',
+          value:    'type',
+          sort:     'type',
+        },
+        AGE,
+      ];
+    },
+
     isRke1() {
       return this.value.isRke1;
     },
@@ -566,7 +625,10 @@ export default {
         {
           ...STATE_NORMAN, value: 'snapshotFile.status', formatterOpts: { arbitrary: true }
         },
-        NAME,
+        {
+          ...NAME,
+          formatter: 'EtcdSnapshotName',
+        },
         {
           name:      'size',
           labelKey:  'tableHeaders.size',
@@ -1150,6 +1212,20 @@ export default {
               </template>
             </SortableTable>
           </Tab>
+          <Tab
+            v-if="showOperations"
+            name="operations"
+            :label="t('cluster.tabs.operations')"
+            :weight="0"
+          >
+            <SortableTable
+              :headers="operationHeaders"
+              default-sort-by="age"
+              :table-actions="false"
+              :rows="clusterOperations"
+              :search="false"
+            />
+          </Tab>
           <AutoscalerTab
             v-if="showAutoScalerTab"
             :value="value"

package/dialog/RotateEncryptionKeyDialog.vue

@@ -1,5 +1,5 @@
 <script>
-import { SNAPSHOT } from '@shell/config/types';
+import { SNAPSHOT, OPERATION } from '@shell/config/types';
 import AsyncButton from '@shell/components/AsyncButton';
 import { Card } from '@components/Card';
 import { Banner } from '@components/Banner';
@@ -10,7 +10,7 @@ import day from 'dayjs';
 import { escapeHtml } from '@shell/utils/string';
 import { DATE_FORMAT, TIME_FORMAT } from '@shell/store/prefs';
 import { set } from '@shell/utils/object';
-
+import { createOperationCR } from '@shell/utils/operation-cr';
 export default {
   emits: ['close'],
 
@@ -66,6 +66,10 @@ export default {
     async getEtcdBackups() {
       let etcdBackups = await this.$store.dispatch('management/findAll', { type: SNAPSHOT });
 
+      if (this.cluster.isImportedWithDayTwoOps) {
+        return etcdBackups
+          .filter((backup) => backup.metadata.namespace === this.cluster.mgmt?.id && backup.spec?.clusterName === this.cluster.mgmt?.metadata?.name );
+      }
       etcdBackups = etcdBackups.filter((backup) => backup.clusterId === this.cluster.id);
 
       return etcdBackups;
@@ -82,12 +86,32 @@ export default {
 
     async apply(buttonDone) {
       try {
-        const currentGeneration = this.cluster.spec?.rkeConfig?.rotateEncryptionKeys?.generation || 0;
-
-        // To rotate the encryption keys, increment
-        // rkeConfig.rotateEncyrptionKeys.generation in the YAML.
-        set(this.cluster, 'spec.rkeConfig.rotateEncryptionKeys.generation', currentGeneration + 1);
-        await this.cluster.save();
+        const isImportedWithDayTwoOps = this.cluster?.isImportedWithDayTwoOps || this.cluster?.mgmt?.isDayTwoOpsEnabled;
+
+        if (isImportedWithDayTwoOps) {
+          if (!isImportedWithDayTwoOps) {
+            throw new Error(this.t('promptRotateEncryptionKey.error.unableToResolveTargetCluster'));
+          }
+          // For imported clusters with day 2 ops, create an encryption key rotation operation CR
+          const namespace = this.cluster.mgmt?.id;
+          const safePrefix = this.cluster.mgmt?.id;
+          const spec = {
+            clusterRef: {
+              apiVersion: 'management.cattle.io/v3',
+              kind:       'Cluster',
+              name:       this.cluster.mgmt?.id,
+            }
+          };
+
+          createOperationCR(this.$store.dispatch, OPERATION.ENCRYPTION_KEY_ROTATE, spec, namespace, safePrefix);
+        } else {
+          const currentGeneration = this.cluster.spec?.rkeConfig?.rotateEncryptionKeys?.generation || 0;
+
+          // To rotate the encryption keys, increment
+          // rkeConfig.rotateEncyrptionKeys.generation in the YAML.
+          set(this.cluster, 'spec.rkeConfig.rotateEncryptionKeys.generation', currentGeneration + 1);
+          await this.cluster.save();
+        }
 
         this.close(buttonDone);
       } catch (err) {
@@ -128,7 +152,7 @@ export default {
           <Banner
             v-else
             color="error"
-            label-key="promptRotateEncryptionKey.error"
+            label-key="promptRotateEncryptionKey.error.noBackup"
           />
         </div>
       </div>

package/dialog/__tests__/RotateEncryptionKeyDialog.test.ts

@@ -0,0 +1,78 @@
+import { shallowMount } from '@vue/test-utils';
+import RotateEncryptionKeyDialog from '@shell/dialog/RotateEncryptionKeyDialog.vue';
+import { OPERATION } from '@shell/config/types';
+import { createOperationCR } from '@shell/utils/operation-cr';
+
+jest.mock('@shell/utils/operation-cr', () => ({ createOperationCR: jest.fn() }));
+
+describe('component: RotateEncryptionKeyDialog', () => {
+  const t = (key: string) => key;
+
+  const createWrapper = (cluster: any, dispatch = jest.fn()) => {
+    return shallowMount(RotateEncryptionKeyDialog, {
+      propsData: { cluster },
+      global:    {
+        mocks: {
+          t,
+          $store: {
+            dispatch,
+            getters: {
+              isRancher:   true,
+              'prefs/get': jest.fn((key: string) => (key.includes('date') ? 'YYYY-MM-DD' : 'HH:mm:ss')),
+            }
+          },
+        },
+        directives: { 'clean-html': true }
+      }
+    });
+  };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should create operation CR for imported day 2 ops clusters', async() => {
+    (createOperationCR as jest.Mock).mockResolvedValue(undefined);
+
+    const cluster = {
+      isImportedWithDayTwoOps: true,
+      mgmt:                    { id: 'c-m-1' },
+      save:                    jest.fn(),
+      spec:                    { rkeConfig: {} }
+    };
+    const dispatch = jest.fn();
+    const buttonDone = jest.fn();
+    const wrapper = createWrapper(cluster, dispatch);
+
+    await wrapper.vm.apply(buttonDone);
+
+    expect(createOperationCR).toHaveBeenCalledWith(dispatch, OPERATION.ENCRYPTION_KEY_ROTATE, {
+      clusterRef: {
+        apiVersion: 'management.cattle.io/v3',
+        kind:       'Cluster',
+        name:       'c-m-1',
+      }
+    }, 'c-m-1', 'c-m-1');
+    expect(cluster.save).not.toHaveBeenCalled();
+    expect(buttonDone).toHaveBeenCalledWith(true);
+  });
+
+  it('should update generation and save for non-day-2 clusters', async() => {
+    const save = jest.fn().mockResolvedValue(undefined);
+    const cluster = {
+      isImportedWithDayTwoOps: false,
+      mgmt:                    { id: 'c-m-1' },
+      save,
+      spec:                    { rkeConfig: { rotateEncryptionKeys: { generation: 4 } } }
+    };
+    const buttonDone = jest.fn();
+    const wrapper = createWrapper(cluster);
+
+    await wrapper.vm.apply(buttonDone);
+
+    expect(createOperationCR).not.toHaveBeenCalled();
+    expect(cluster.spec.rkeConfig.rotateEncryptionKeys.generation).toBe(5);
+    expect(save).toHaveBeenCalledWith();
+    expect(buttonDone).toHaveBeenCalledWith(true);
+  });
+});