@rancher/shell 3.0.9-rc.3 → 3.0.9-rc.5

package/list/ext.cattle.io.kubeconfig.vue

@@ -0,0 +1,118 @@
+<script setup lang="ts">
+import { computed } from 'vue';
+import { useStore } from 'vuex';
+import PaginatedResourceTable from '@shell/components/PaginatedResourceTable.vue';
+import { CAPI, MANAGEMENT } from '@shell/config/types';
+import { ActionFindPageArgs } from '@shell/types/store/dashboard-store.types';
+import { FilterArgs, PaginationFilterField, PaginationParamFilter } from '@shell/types/store/pagination.types';
+import { PagTableFetchPageSecondaryResourcesOpts, PagTableFetchSecondaryResourcesOpts, PagTableFetchSecondaryResourcesReturns } from '@shell/types/components/paginatedResourceTable';
+
+defineProps({
+  schema: {
+    type:     Object,
+    required: true
+  },
+
+  useQueryParamsForSimpleFiltering: {
+    type:    Boolean,
+    default: false
+  }
+});
+
+const store = useStore();
+
+const canViewProvClusters = computed<boolean>(() => {
+  return !!store.getters['management/canList'](CAPI.RANCHER_CLUSTER);
+});
+
+const canViewMgmtClusters = computed<boolean>(() => {
+  return !!store.getters['management/canList'](MANAGEMENT.CLUSTER);
+});
+
+/**
+ * Fetch all clusters when not using pagination
+ */
+async function fetchSecondaryResources({ canPaginate }: PagTableFetchSecondaryResourcesOpts): PagTableFetchSecondaryResourcesReturns {
+  if (canPaginate) {
+    return;
+  }
+
+  const promises = [];
+
+  if (canViewProvClusters.value) {
+    promises.push(store.dispatch('management/findAll', { type: CAPI.RANCHER_CLUSTER }));
+  }
+
+  if (canViewMgmtClusters.value) {
+    promises.push(store.dispatch('management/findAll', { type: MANAGEMENT.CLUSTER }));
+  }
+
+  await Promise.all(promises);
+}
+
+/**
+ * Fetch only the clusters referenced by kubeconfigs on the current page
+ *
+ * NOTE: For the time being this isn't validated because ext.cattle.io.kubeconfig is not one of the indexed resources. I'm putting this in for future support since secondary resources are needed.
+ */
+async function fetchPageSecondaryResources({ force, page }: PagTableFetchPageSecondaryResourcesOpts) {
+  if (!page?.length) {
+    return;
+  }
+
+  const uniqueClusterIds = new Set<string>();
+
+  page.forEach((kubeconfig: any) => {
+    const ids = kubeconfig.spec?.clusters || [];
+
+    ids.forEach((id: string) => uniqueClusterIds.add(id));
+  });
+
+  if (uniqueClusterIds.size === 0) {
+    return;
+  }
+
+  const clusterIdArray = Array.from(uniqueClusterIds);
+
+  if (canViewProvClusters.value) {
+    const opt: ActionFindPageArgs = {
+      force,
+      pagination: new FilterArgs({
+        filters: PaginationParamFilter.createMultipleFields(
+          clusterIdArray.map((id) => new PaginationFilterField({
+            field: 'status.clusterName', // Verified it's one of the attribute fields listed in the schema, according to steve-pagination-utils that means it should be filterable
+            value: id
+          }))
+        )
+      })
+    };
+
+    store.dispatch('management/findPage', { type: CAPI.RANCHER_CLUSTER, opt });
+  }
+
+  if (canViewMgmtClusters.value) {
+    const opt: ActionFindPageArgs = {
+      force,
+      pagination: new FilterArgs({
+        filters: PaginationParamFilter.createMultipleFields(
+          clusterIdArray.map((id) => new PaginationFilterField({
+            field: 'metadata.name', // Verified it's one of the attribute fields listed in the schema, according to steve-pagination-utils that means it should be filterable
+            value: id
+          }))
+        )
+      })
+    };
+
+    store.dispatch('management/findPage', { type: MANAGEMENT.CLUSTER, opt });
+  }
+}
+</script>
+
+<template>
+  <PaginatedResourceTable
+    :schema="schema"
+    :use-query-params-for-simple-filtering="useQueryParamsForSimpleFiltering"
+    :fetch-secondary-resources="fetchSecondaryResources"
+    :fetch-page-secondary-resources="fetchPageSecondaryResources"
+  />
+</template>

package/list/group.principal.vue

@@ -2,14 +2,13 @@
 import ResourceTable from '@shell/components/ResourceTable';
 import Loading from '@shell/components/Loading';
 import Masthead from '@shell/components/ResourceList/Masthead';
-import { NORMAN, MANAGEMENT } from '@shell/config/types';
+import { NORMAN, MANAGEMENT, EXT } from '@shell/config/types';
 import AsyncButton from '@shell/components/AsyncButton';
 import { applyProducts } from '@shell/store/type-map';
 import { NAME } from '@shell/config/product/auth';
 import { MODE, _EDIT } from '@shell/config/query-params';
 import { mapState } from 'vuex';
 import { BLANK_CLUSTER } from '@shell/store/store-types.js';
-import { allHash } from '@shell/utils/promise';
 
 export default {
   components: {
@@ -37,21 +36,20 @@ export default {
     const authConfigSchema = this.$store.getters[`management/schemaFor`](MANAGEMENT.AUTH_CONFIG);
     const grbSchema = this.$store.getters['rancher/schemaFor'](NORMAN.GLOBAL_ROLE_BINDING);
 
-    const hash = await allHash({
-      user:      this.$store.dispatch('rancher/request', { url: '/v3/users?limit=0' }),
-      providers: authConfigSchema ? this.$store.dispatch(`management/findAll`, { type: MANAGEMENT.AUTH_CONFIG }) : Promise.resolve([])
-    });
+    const providers = authConfigSchema ? await this.$store.dispatch(`management/findAll`, { type: MANAGEMENT.AUTH_CONFIG }) : [];
 
-    const nonLocalAuthProvider = !!hash.providers.find((p) => p.name !== 'local' && p.enabled === true);
+    const nonLocalAuthProvider = !!providers.find((p) => p.name !== 'local' && p.enabled === true);
 
-    this.canRefreshAccess = nonLocalAuthProvider && !!hash.user?.actions?.refreshauthprovideraccess;
+    this.membershipRefreshRequests = await this.$store.dispatch('management/create', { type: EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS });
+    this.canRefreshMemberships = !!this.membershipRefreshRequests?.canRefreshMemberships;
     this.canCreateGlobalRoleBinding = nonLocalAuthProvider && grbSchema?.collectionMethods?.includes('POST');
   },
   data() {
     return {
       rows:                       [],
+      membershipRefreshRequests:  undefined,
       canCreateGlobalRoleBinding: false,
-      canRefreshAccess:           false,
+      canRefreshMemberships:      false,
       assignLocation:             {
         path:  `/c/${ BLANK_CLUSTER }/${ NAME }/${ NORMAN.SPOOFED.GROUP_PRINCIPAL }/assign-edit`,
         query: { [MODE]: _EDIT }
@@ -86,11 +84,9 @@ export default {
     },
     async refreshGroupMemberships(buttonDone) {
       try {
-        await this.$store.dispatch('rancher/request', {
-          url:    '/v3/users?action=refreshauthprovideraccess',
-          method: 'post',
-          data:   { },
-        });
+        // userId specifies the user ID. Use '*' for all users. Check the schemaDefinition for more details.
+        this.membershipRefreshRequests.spec = { userId: '*' };
+        await this.membershipRefreshRequests.save();
 
         await this.updateGroupPrincipals(true);
 
@@ -125,7 +121,7 @@ export default {
     >
       <template #extraActions>
         <AsyncButton
-          v-if="canRefreshAccess"
+          v-if="canRefreshMemberships"
           mode="refresh"
           :action-label="t('authGroups.actions.refresh')"
           :waiting-label="t('authGroups.actions.refresh')"

package/list/management.cattle.io.user.vue

@@ -1,6 +1,6 @@
 <script>
 import AsyncButton from '@shell/components/AsyncButton';
-import { NORMAN } from '@shell/config/types';
+import { EXT } from '@shell/config/types';
 import { NAME } from '@shell/config/product/auth';
 import ResourceTable from '@shell/components/ResourceTable';
 import Masthead from '@shell/components/ResourceList/Masthead';
@@ -38,14 +38,10 @@ export default {
     }
   },
   async fetch() {
-    const store = this.$store;
-
-    await store.dispatch(`rancher/findAll`, { type: NORMAN.USER });
-
     await this.$fetchType(this.resource);
 
-    this.canRefreshAccess = await this.$store.dispatch('rancher/request', { url: '/v3/users?limit=0' })
-      .then((res) => !!res?.actions?.refreshauthprovideraccess);
+    this.membershipRefreshRequests = await this.$store.dispatch('management/create', { type: EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS });
+    this.canRefreshMemberships = !!this.membershipRefreshRequests?.canRefreshMemberships;
   },
 
   data() {
@@ -55,7 +51,8 @@ export default {
 
     return {
       schema,
-      canRefreshAccess: false,
+      membershipRefreshRequests: undefined,
+      canRefreshMemberships:     false
     };
   },
 
@@ -82,28 +79,21 @@ export default {
       // 1) Only show system users in explorer/users and not in auth/users
       // 2) Supplement user with info to enable/disable the refresh group membership action (this is not persisted on save)
       const params = { ...this.$route.params };
-      const requiredUsers = params.product === NAME ? this.rows.filter((a) => !a.isSystem) : this.rows;
-
-      requiredUsers.forEach((r) => {
-        r.canRefreshAccess = this.canRefreshAccess;
-      });
 
-      return requiredUsers;
+      return params.product === NAME ? this.rows.filter((a) => !a.isSystem) : this.rows;
     },
 
     isAdmin() {
       return isAdminUser(this.$store.getters);
-    },
+    }
   },
 
   methods: {
     async refreshGroupMemberships(buttonDone) {
       try {
-        await this.$store.dispatch('rancher/collectionAction', {
-          type:       NORMAN.USER,
-          actionName: 'refreshauthprovideraccess',
-        });
-
+        // userId specifies the user ID. Use '*' for all users. Check the schemaDefinition for more details.
+        this.membershipRefreshRequests.spec = { userId: '*' };
+        await this.membershipRefreshRequests.save();
         buttonDone(true);
       } catch (err) {
         this.$store.dispatch('growl/fromError', { title: this.t('user.list.errorRefreshingGroupMemberships'), err }, { root: true });
@@ -125,7 +115,7 @@ export default {
     >
       <template #extraActions>
         <AsyncButton
-          v-if="canRefreshAccess"
+          v-if="canRefreshMemberships"
           mode="refresh"
           :action-label="t('authGroups.actions.refresh')"
           :waiting-label="t('authGroups.actions.refresh')"

package/machine-config/azure.vue

@@ -209,6 +209,10 @@ export default {
     }
   },
 
+  setup() {
+    return { _EDIT };
+  },
+
   data() {
     return {
       azureEnvironments,
@@ -518,6 +522,11 @@ export default {
     </div>
   </div>
   <div v-else>
+    <Banner
+      v-if="mode === _EDIT && !value.managedDisks"
+      color="warning"
+      :label="t('cluster.machineConfig.azure.managedDisks.deprecationWarning', {}, true)"
+    />
     <div class="row mt-20">
       <div class="col span-6">
         <LabeledSelect
@@ -843,6 +852,11 @@ export default {
             :label="t('cluster.machineConfig.azure.managedDisks.label')"
             :disabled="disabled"
           />
+          <Banner
+            v-if="!value.managedDisks"
+            color="warning"
+            :label="t('cluster.machineConfig.azure.managedDisks.deprecationWarning', {}, true)"
+          />
           <Banner
             v-if="value.availabilityZone && !value.managedDisks"
             color="error"

package/mixins/__tests__/chart.test.ts

@@ -322,5 +322,152 @@ describe('chartMixin', () => {
         icon: 'icon-upgrade-alt',
       });
     });
+
+    it('should return "upgrade" action when upgrading from a pre-release to a stable version with "up" build metadata', () => {
+      const wrapper = mount(DummyComponent, {
+        data: () => ({
+          existing: { spec: { chart: { metadata: { version: '108.0.0+up0.25.0-rc.4' } } } },
+          version:  { version: '108.0.0+up0.25.0' }
+        }),
+        global: {
+          mocks: {
+            $store: mockStore,
+            $route: { query: {} }
+          }
+        }
+      });
+
+      expect(wrapper.vm.action).toStrictEqual({
+        name: 'upgrade',
+        tKey: 'upgrade',
+        icon: 'icon-upgrade-alt',
+      });
+    });
+
+    it('should return "upgrade" action when upgrading with build metadata change', () => {
+      const wrapper = mount(DummyComponent, {
+        data: () => ({
+          existing: { spec: { chart: { metadata: { version: '1.0.0+1' } } } },
+          version:  { version: '1.0.0+2' }
+        }),
+        global: {
+          mocks: {
+            $store: mockStore,
+            $route: { query: {} }
+          }
+        }
+      });
+
+      expect(wrapper.vm.action).toStrictEqual({
+        name: 'upgrade',
+        tKey: 'upgrade',
+        icon: 'icon-upgrade-alt',
+      });
+    });
+  });
+
+  describe('mappedVersions', () => {
+    it('should return versions sorted by semver (descending)', () => {
+      const versions = [
+        { version: '0.1.0', created: '2026-01-01' },
+        { version: '0.2.0-rc1', created: '2026-01-01' },
+        { version: '0.2.0', created: '2026-01-01' },
+        { version: '1.2.3', created: '2026-01-01' },
+        { version: '1.2.3-dev', created: '2026-01-01' },
+        { version: '10.0.0', created: '2026-01-01' },
+        { version: '2.0.0', created: '2026-01-01' },
+        { version: '2.0.0-rc2', created: '2026-01-01' },
+        { version: '2.0.0-rc1', created: '2026-01-01' },
+        { version: '2.0.0-beta.1', created: '2026-01-01' },
+        { version: '2.0.0-alpha', created: '2026-01-01' },
+        { version: '3.0.0-rc.3', created: '2026-01-01' },
+        { version: '3.0.0-rc.2', created: '2026-01-01' },
+        { version: '3.0.0-rc.10', created: '2026-01-01' },
+        { version: '108.0.0+up0.25.0-rc.4', created: '2026-01-01' },
+        { version: '108.0.0+up0.25.0', created: '2026-01-01' },
+        { version: '1.0.0-alpha.beta', created: '2026-01-01' },
+        { version: '1.0.0-alpha.1', created: '2026-01-01' },
+        { version: '1.0.0-alpha.2', created: '2026-01-01' },
+        { version: '1.0.0-alpha', created: '2026-01-01' },
+        { version: '1.0.0-beta.11', created: '2026-01-01' },
+        { version: '1.0.0-beta.2', created: '2026-01-01' },
+        { version: '1.0.0-beta', created: '2026-01-01' },
+        { version: '1.0.0+build.1', created: '2026-01-01' },
+        { version: '1.0.0+build.2', created: '2026-01-01' },
+        { version: '1.0.0+up1.0.0', created: '2026-01-01' },
+        { version: '1.0.0+upFoo', created: '2026-01-01' },
+        { version: '108.0.0+up0.25.0-rc.5', created: '2026-01-01' },
+        { version: '108.0.0+up0.25.1', created: '2026-01-01' },
+        { version: '0.0.1', created: '2026-01-01' }
+      ];
+
+      const mockStore = {
+        dispatch: jest.fn(() => Promise.resolve()),
+        getters:  {
+          currentCluster:  () => {},
+          isRancher:       () => true,
+          'catalog/repo':  () => () => 'repo',
+          'catalog/chart': () => ({ versions }),
+          'prefs/get':     () => (key: string) => true,
+          'i18n/t':        () => jest.fn()
+        }
+      };
+
+      const DummyComponent = {
+        mixins:   [ChartMixin],
+        template: '<div></div>',
+      };
+
+      const wrapper = mount(
+        DummyComponent,
+        {
+          data() {
+            return { chart: { versions } };
+          },
+          global: {
+            mocks: {
+              $store: mockStore,
+              $route: { query: { version: '10.0.0' } }
+            }
+          }
+        });
+
+      // mappedVersions is a computed property, so we access it directly
+      const result = wrapper.vm.mappedVersions;
+      const resultVersions = result.map((v: any) => v.version);
+
+      expect(resultVersions).toStrictEqual([
+        '108.0.0+up0.25.1',
+        '108.0.0+up0.25.0',
+        '108.0.0+up0.25.0-rc.5',
+        '108.0.0+up0.25.0-rc.4',
+        '10.0.0',
+        '3.0.0-rc.10',
+        '3.0.0-rc.3',
+        '3.0.0-rc.2',
+        '2.0.0',
+        '2.0.0-rc2',
+        '2.0.0-rc1',
+        '2.0.0-beta.1',
+        '2.0.0-alpha',
+        '1.2.3',
+        '1.2.3-dev',
+        '1.0.0+up1.0.0',
+        '1.0.0+upFoo',
+        '1.0.0+build.2',
+        '1.0.0+build.1',
+        '1.0.0-beta.11',
+        '1.0.0-beta.2',
+        '1.0.0-beta',
+        '1.0.0-alpha.beta',
+        '1.0.0-alpha.2',
+        '1.0.0-alpha.1',
+        '1.0.0-alpha',
+        '0.2.0',
+        '0.2.0-rc1',
+        '0.1.0',
+        '0.0.1'
+      ]);
+    });
   });
 });

package/mixins/browser-tab-visibility.js

@@ -1,4 +1,4 @@
-import { NORMAN } from '@shell/config/types';
+import { EXT } from '@shell/config/types';
 import { mapGetters } from 'vuex';
 
 export default {
@@ -14,9 +14,10 @@ export default {
 
     async visibilityChange() {
       if (!document.hidden) {
-        await this.$store.dispatch('rancher/request', {
-          type: NORMAN.USER,
-          opt:  { url: '/v3/users?me=true' }
+        await this.$store.dispatch('management/request', {
+          url:    `/v1/${ EXT.SELFUSER }`,
+          method: 'POST',
+          data:   {}
         });
       }
     },

package/mixins/chart.js

@@ -10,7 +10,8 @@ import { NAME as MANAGER } from '@shell/config/product/manager';
 import { OPA_GATE_KEEPER_ID } from '@shell/pages/c/_cluster/gatekeeper/index.vue';
 import { formatSi, parseSi } from '@shell/utils/units';
 import { CAPI, CATALOG } from '@shell/config/types';
-import { isPrerelease, compare, isUpgradeFromPreToStable } from '@shell/utils/version';
+import { isPrerelease } from '@shell/utils/version';
+import { compareChartVersions } from '@shell/utils/chart';
 import difference from 'lodash/difference';
 import { LINUX, APP_UPGRADE_STATUS } from '@shell/store/catalog';
 import { clone } from '@shell/utils/object';
@@ -51,7 +52,12 @@ export default {
     },
 
     mappedVersions() {
-      const versions = this.chart?.versions || [];
+      const versions = (this.chart?.versions || []).slice();
+
+      versions.sort((a, b) => {
+        return compareChartVersions(b.version, a.version);
+      });
+
       const selectedVersion = this.targetVersion;
       const OSs = this.currentCluster?.workerOSs;
       const out = [];
@@ -240,13 +246,9 @@ export default {
         };
       }
 
-      if (isUpgradeFromPreToStable(this.currentVersion, this.targetVersion)) {
-        return {
-          name: 'upgrade', tKey: 'upgrade', icon: 'icon-upgrade-alt'
-        };
-      }
+      const diff = compareChartVersions(this.currentVersion, this.targetVersion);
 
-      if (compare(this.currentVersion, this.targetVersion) < 0) {
+      if (diff < 0) {
         return {
           name: 'upgrade', tKey: 'upgrade', icon: 'icon-upgrade-alt'
         };

package/mixins/fetch.client.js

@@ -5,6 +5,12 @@ const hasFetch = (component) => component.$options && typeof component.$options.
 export const addLifecycleHook = (vm, hook, fn) => {
   if (!vm.$options[hook]) {
     vm.$options[hook] = [];
+  } else if (!Array.isArray(vm.$options[hook]) && typeof vm.$options[hook] === 'function' ) {
+    // This caters for when....
+    // - component has mixins, but they have no hooks of this type (vm.$options[hook] is then not an array)
+    // - component has the hook (vm.$options[hook] is then a function)
+    // - component has both fetch and beforeMount (the component beforeMount replaces this files beforeMount with $fetch call)
+    vm.$options[hook] = [vm.$options[hook]];
   }
 
   if (Array.isArray(vm.$options[hook]) && !vm.$options[hook].includes(fn)) {

package/models/__tests__/auditlog.cattle.io.auditpolicy.test.ts

@@ -0,0 +1,117 @@
+import AuditPolicy from '@shell/models/auditlog.cattle.io.auditpolicy';
+
+describe('auditPolicy Model', () => {
+  let mockDispatch: jest.Mock;
+  let mockT: jest.Mock;
+  let auditPolicy: any;
+
+  beforeEach(() => {
+    mockDispatch = jest.fn();
+    mockT = jest.fn();
+
+    const mockResource = {
+      id:       'test-policy',
+      spec:     { enabled: false },
+      metadata: { name: 'test-policy' }
+    };
+
+    auditPolicy = new AuditPolicy(mockResource, {
+      dispatch:    mockDispatch,
+      rootGetters: { 'i18n/t': mockT },
+      getters:     { schemaFor: () => ({ linkFor: jest.fn() }) }
+    });
+  });
+
+  describe('enable method', () => {
+    it('should call enableOrDisable with "enable"', () => {
+      const spy = jest.spyOn(auditPolicy, 'enableOrDisable').mockImplementation();
+
+      auditPolicy.enable();
+
+      expect(spy).toHaveBeenCalledWith('enable');
+    });
+  });
+
+  describe('disable method', () => {
+    it('should call enableOrDisable with "disable"', () => {
+      const spy = jest.spyOn(auditPolicy, 'enableOrDisable').mockImplementation();
+
+      auditPolicy.disable();
+
+      expect(spy).toHaveBeenCalledWith('disable');
+    });
+  });
+
+  describe('enableOrDisable method', () => {
+    let mockClone: any;
+
+    beforeEach(() => {
+      mockClone = {
+        spec: { enabled: false },
+        save: jest.fn()
+      };
+
+      mockDispatch.mockImplementation((action: string) => {
+        if (action === 'rancher/clone') {
+          return Promise.resolve(mockClone);
+        }
+
+        return Promise.resolve();
+      });
+    });
+
+    it('should enable policy when flag is "enable"', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockClone.spec.enabled).toBe(true);
+      expect(mockClone.save).toHaveBeenCalledWith();
+    });
+
+    it('should disable policy when flag is "disable"', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('disable');
+
+      expect(mockClone.spec.enabled).toBe(false);
+      expect(mockClone.save).toHaveBeenCalledWith();
+    });
+
+    it('should handle save errors and show growl notification', async() => {
+      const saveError = new Error('Save failed');
+
+      mockClone.save.mockRejectedValue(saveError);
+      mockT.mockReturnValue('Error when enabling - test-policy');
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockDispatch).toHaveBeenCalledWith('growl/fromError', {
+        title:   'Error when enabling - test-policy',
+        err:     saveError,
+        timeout: 5000
+      }, { root: true });
+    });
+
+    it('should call translation with correct parameters', async() => {
+      const saveError = new Error('Save failed');
+
+      mockClone.save.mockRejectedValue(saveError);
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockT).toHaveBeenCalledWith('auditPolicy.error.enableOrDisable', {
+        flag: 'enable',
+        id:   'test-policy'
+      });
+    });
+
+    it('should dispatch rancher/clone with correct parameters', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockDispatch).toHaveBeenCalledWith('rancher/clone', { resource: auditPolicy }, { root: true });
+    });
+  });
+});