@rancher/shell 3.0.12-rc.4 → 3.0.12-rc.5

package/models/provisioning.cattle.io.cluster.js

@@ -1,13 +1,16 @@
 import {
   CAPI, MANAGEMENT, NAMESPACE, NORMAN, SNAPSHOT, LOCAL_CLUSTER,
   CONFIG_MAP, AUTOSCALER_CONFIG_MAP_ID,
-  EVENT
+  EVENT, OPERATION
 } from '@shell/config/types';
 import SteveModel from '@shell/plugins/steve/steve-class';
 import { findBy } from '@shell/utils/array';
 import { get, set } from '@shell/utils/object';
 import { compare } from '@shell/utils/version';
-import { CAPI as CAPI_ANNOTATIONS } from '@shell/config/labels-annotations';
+import { IMPORTED_DAY_2_OPS } from '@shell/config/features';
+import { CAPI as CAPI_ANNOTATIONS, OPERATION_ANNOTATIONS } from '@shell/config/labels-annotations';
+import { SETTING } from '@shell/config/settings';
+import { createOperationCR } from '@shell/utils/operation-cr';
 import jsyaml from 'js-yaml';
 import { defineAsyncComponent, markRaw } from 'vue';
 import stevePaginationUtils from '@shell/plugins/steve/steve-pagination-utils';
@@ -122,10 +125,9 @@ export default class ProvCluster extends SteveModel {
     }
     const ready = this.mgmt?.isReady;
 
+    const canDayTwoOps = ready && this.isDayTwoOpsEnabled && this.canUpdate;
     const canEditRKE2cluster = this.isRke2 && ready && this.canUpdate;
 
-    const canSnapshot = ready && this.isRke2 && this.canUpdate;
-
     const actions = [
       // Note: Actions are not supported in the Steve API, so we check
       // available actions for RKE1 clusters, but not RKE2 clusters.
@@ -153,12 +155,12 @@ export default class ProvCluster extends SteveModel {
         icon:       'icon icon-snapshot',
         bulkAction: 'snapshotBulk',
         bulkable:   true,
-        enabled:    canSnapshot,
+        enabled:    canDayTwoOps,
       }, {
         action:  'restoreSnapshotAction',
         label:   this.$rootGetters['i18n/t']('nav.restoreSnapshot'),
         icon:    'icon icon-backup-restore',
-        enabled: canSnapshot,
+        enabled: canDayTwoOps,
       }, {
         action:  'rotateCertificates',
         label:   this.$rootGetters['i18n/t']('nav.rotateCertificates'),
@@ -168,7 +170,7 @@ export default class ProvCluster extends SteveModel {
         action:  'rotateEncryptionKey',
         label:   this.$rootGetters['i18n/t']('nav.rotateEncryptionKeys'),
         icon:    'icon icon-refresh',
-        enabled: canEditRKE2cluster
+        enabled: canDayTwoOps
       },
       {
         action:  'toggleAutoscalerRunner',
@@ -301,6 +303,35 @@ export default class ProvCluster extends SteveModel {
     return this.mgmt?.isImportedRke2;
   }
 
+  get isImportedRke2K3s() {
+    return this.isImportedRke2 || this.isImportedK3s;
+  }
+
+  /**
+   * Whether day 2 operations (snapshot, restore, cert rotation, encryption key rotation)
+   * are enabled for this cluster.
+   */
+  get isDayTwoOpsEnabled() {
+    return !!(this.isRke2 || this.isImportedWithDayTwoOps);
+  }
+
+  get isDayTwoOpsFeatureEnabled() {
+    return this.$rootGetters['management/byId'](MANAGEMENT.FEATURE, IMPORTED_DAY_2_OPS)?.enabled || false;
+  }
+
+  /**
+   * Whether this is an imported RKE2/K3s cluster with day 2 operations enabled.
+   */
+  get isImportedWithDayTwoOps() {
+    const annotationExists = typeof this.metadata?.annotations?.[OPERATION_ANNOTATIONS.ENABLED] !== 'undefined';
+    const annotationEnabled = this.mgmt?.metadata?.annotations?.[OPERATION_ANNOTATIONS.ENABLED] === 'true';
+    const globalDefaultIsTrue = this.$rootGetters['management/byId'](MANAGEMENT.SETTING, SETTING.IMPORTED_CLUSTER_DAY2_OPS_DEFAULT)?.value === 'true';
+    const annotationOrGlobalEnabled = annotationEnabled || (!annotationExists && globalDefaultIsTrue);
+    const canGetOpSchema = this.$getters['schemaFor'](OPERATION.ETCD_SNAPSHOT);
+
+    return !this.isLocal && canGetOpSchema && this.isDayTwoOpsFeatureEnabled && this.isImportedRke2K3s && annotationOrGlobalEnabled;
+  }
+
   get isK3s() {
     return this.mgmt?.isK3s;
   }
@@ -565,6 +596,21 @@ export default class ProvCluster extends SteveModel {
         url:    `/v3/clusters/${ escape(this.mgmt.id) }?action=backupEtcd`,
         method: 'post',
       }, { root: true });
+    } else if ( this.isImportedWithDayTwoOps ) {
+      // For imported clusters with day 2 ops, create an operation CRD
+      const namespace = this.mgmt?.id;
+      const safePrefix = this.mgmt?.metadata?.name || this.mgmt?.id;
+      const spec = {
+        clusterRef: {
+          apiVersion: 'management.cattle.io/v3',
+          kind:       'Cluster',
+          name:       this.mgmt?.id,
+        }
+      };
+
+      return createOperationCR(this.$dispatch, OPERATION.ETCD_SNAPSHOT, spec, namespace, safePrefix);
+    } else if (this.isImportedRke2K3s && !this.isDayTwoOpsFeatureEnabled) {
+      throw new Error(this.$rootGetters['i18n/t']('cluster.snapshot.day2OpsNotEnabled'));
     } else {
       const now = this.spec?.rkeConfig?.etcdSnapshotCreate?.generation || 0;
       const args = { generation: now + 1 };
@@ -582,6 +628,11 @@ export default class ProvCluster extends SteveModel {
   get etcdSnapshots() {
     const allSnapshots = this.$rootGetters['management/all']({ type: SNAPSHOT });
 
+    if (this.isImportedWithDayTwoOps) {
+      return allSnapshots
+        .filter((s) => s.metadata.namespace === this.mgmt?.id && s.spec?.clusterName === this.mgmt?.metadata?.name );
+    }
+
     return allSnapshots
       .filter((s) => s.metadata.namespace === this.namespace && s.clusterName === this.name );
   }
@@ -593,8 +644,7 @@ export default class ProvCluster extends SteveModel {
   rotateCertificates(cluster = this) {
     this.$dispatch('promptModal', {
       componentProps: { cluster },
-
-      component: 'RotateCertificatesDialog'
+      component:      'RotateCertificatesDialog'
     });
   }
 

package/models/rke.cattle.io.etcdsnapshot.js

@@ -1,6 +1,6 @@
 import NormanModel from '@shell/plugins/steve/norman-class';
 import { SNAPSHOT } from '@shell/config/labels-annotations';
-import { CAPI } from '@shell/config/types';
+import { CAPI, DEFAULT_WORKSPACE } from '@shell/config/types';
 import { get } from '@shell/utils/object';
 import { base64Decode } from '@shell/utils/crypto';
 import { ucFirst } from '@shell/utils/string';
@@ -11,13 +11,11 @@ export default class EtcdBackup extends NormanModel {
    * Restrict actions for snapshots to restore only
    */
   get _availableActions() {
-    const enabled = this.snapshotFile?.status === STATES_ENUM.SUCCESSFUL;
-
     return [{
-      action: 'promptRestore',
-      enabled,
-      icon:   'icon icon-backup-restore',
-      label:  'Restore'
+      action:  'promptRestore',
+      enabled: this.restoreEnabled,
+      icon:    'icon icon-backup-restore',
+      label:   'Restore'
     }];
   }
 
@@ -30,7 +28,7 @@ export default class EtcdBackup extends NormanModel {
   }
 
   get clusterId() {
-    return this.cluster.id;
+    return this.cluster?.id;
   }
 
   get name() {
@@ -38,7 +36,9 @@ export default class EtcdBackup extends NormanModel {
   }
 
   get cluster() {
-    return this.$rootGetters['management/byId'](CAPI.RANCHER_CLUSTER, `${ this.metadata.namespace }/${ this.clusterName }`);
+    const ns = this.metadata?.namespace || DEFAULT_WORKSPACE;
+
+    return this.$rootGetters['management/byId'](CAPI.RANCHER_CLUSTER, `${ ns }/${ this.clusterName }`);
   }
 
   get rke2() {
@@ -49,6 +49,14 @@ export default class EtcdBackup extends NormanModel {
     return this.snapshotFile?.name || this.name;
   }
 
+  get restoreEnabled() {
+    return this.snapshotFile?.status === STATES_ENUM.SUCCESSFUL && !this.isSnapshotTooOld;
+  }
+
+  get isSnapshotTooOld() {
+    return this.snapshotFile?.createdAt <= this.cluster?.metadata?.creationTimestamp;
+  }
+
   get errorMessage() {
     const inError = get(this, 'snapshotFile.status') === STATES_ENUM.FAILED;
 

package/models/secret.js

@@ -1,5 +1,6 @@
 import r from 'jsrsasign';
 import { CERTMANAGER, KUBERNETES, UI_PROJECT_SECRET, UI_PROJECT_SECRET_COPY } from '@shell/config/labels-annotations';
+import { GITHUB_APP_SECRET_KEYS } from '@shell/config/secret';
 import { base64Decode, base64Encode } from '@shell/utils/crypto';
 import { removeObjects } from '@shell/utils/array';
 import { MANAGEMENT, SERVICE_ACCOUNT, VIRTUAL_TYPES } from '@shell/config/types';
@@ -57,6 +58,14 @@ export default class Secret extends SteveModel {
     return this._type === TYPES.SSH && !!this.data && 'known_hosts' in this.data;
   }
 
+  // A GitHub App auth secret is an Opaque secret holding the GitHub App data keys
+  get isGithubApp() {
+    return this._type === TYPES.OPAQUE && !!this.data &&
+      GITHUB_APP_SECRET_KEYS.APP_ID in this.data &&
+      GITHUB_APP_SECRET_KEYS.INSTALLATION_ID in this.data &&
+      GITHUB_APP_SECRET_KEYS.PRIVATE_KEY in this.data;
+  }
+
   get issuer() {
     const { metadata:{ annotations = {} } } = this;
 
@@ -237,6 +246,11 @@ export default class Secret extends SteveModel {
       return this.sshUser;
     } else if ( this._type === TYPES.SERVICE_ACCT ) {
       return this.metadata?.annotations?.['kubernetes.io/service-account.name'];
+    } else if ( this.isGithubApp ) {
+      const appId = base64Decode(this.data[GITHUB_APP_SECRET_KEYS.APP_ID]);
+      const installationId = base64Decode(this.data[GITHUB_APP_SECRET_KEYS.INSTALLATION_ID]);
+
+      return `${ appId } / ${ installationId }`;
     }
 
     return this.keysDisplay;
@@ -274,6 +288,11 @@ export default class Secret extends SteveModel {
 
   get subTypeDisplay() {
     const type = this._type || '';
+
+    if ( this.isGithubApp ) {
+      return this.$rootGetters['i18n/withFallback'](`secret.githubApp.label`, null, 'GitHub App');
+    }
+
     const fallback = type.replace(/^kubernetes.io\//, '');
 
     return this.$rootGetters['i18n/withFallback'](`secret.types."${ type }"`, null, fallback);

package/models/workload.js

@@ -10,6 +10,7 @@ import { matching } from '@shell/utils/selector-typed';
 import { defineAsyncComponent, markRaw } from 'vue';
 import { useResourceCardRow } from '@shell/components/Resource/Detail/Card/StateCard/composables';
 import { colorForState as colorForStateFn, stateDisplay as stateDisplayFn } from '@shell/plugins/dashboard-store/resource-class';
+import { POD_SHELL } from '@shell/store/features';
 
 export const defaultContainer = {
   imagePullPolicy: 'Always',
@@ -28,6 +29,7 @@ export default class Workload extends WorkloadService {
   get _availableActions() {
     let out = super._availableActions;
     const type = this._type ? this._type : this.type;
+    const podShellFeatureEnabled = !!this.$rootGetters['features/get'](POD_SHELL);
 
     const editYaml = findBy(out, 'action', 'goToEditYaml');
     const index = editYaml ? out.indexOf(editYaml) : 0;
@@ -76,13 +78,16 @@ export default class Workload extends WorkloadService {
 
     insertAt(out, 0, { divider: true }) ;
 
-    insertAt(out, 0, {
-      action:  'openShell',
-      enabled: !!this.links.view,
-      icon:    'icon icon-chevron-right',
-      label:   this.t('action.openShell'),
-      total:   1,
-    });
+    // Only add the menu item for the pod shell if the feature flag is enabled
+    if (podShellFeatureEnabled) {
+      insertAt(out, 0, {
+        action:  'openShell',
+        enabled: !!this.links.view,
+        icon:    'icon icon-chevron-right',
+        label:   this.t('action.openShell'),
+        total:   1,
+      });
+    }
 
     const toFilter = ['cloneYaml'];
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rancher/shell",
-  "version": "3.0.12-rc.4",
+  "version": "3.0.12-rc.5",
   "description": "Rancher Dashboard Shell",
   "repository": "https://github.com/rancher/dashboard",
   "license": "Apache-2.0",