@rancher/shell 3.0.9-rc.3 → 3.0.9-rc.5

package/models/ext.cattle.io.kubeconfig.ts

@@ -0,0 +1,97 @@
+import { CAPI, MANAGEMENT } from '@shell/config/types';
+import SteveModel from '@shell/plugins/steve/steve-class';
+import { Location } from 'vue-router';
+
+interface ReferencedCluster {
+  label: string;
+  location: Location | null;
+}
+
+export default class Kubeconfig extends SteveModel {
+  declare spec: {
+    clusters?: string[];
+    ttl?: number;
+  };
+
+  declare metadata: {
+    name?: string;
+    creationTimestamp?: string;
+  };
+
+  get _availableActions(): object[] {
+    const out = super._availableActions;
+
+    // Remove element at index 1 (the first divider), the actions that don't make sense.
+    return out.filter((action: { action: string }, index: number) => index !== 1 && !['goToEdit', 'goToEditYaml', 'cloneYaml', 'download'].includes(action.action));
+  }
+
+  /**
+   * Calculates the expiry timestamp from creationTimestamp + ttl.
+   * Returns an ISO date string for use with LiveDate formatter.
+   */
+  get expiresAt(): string | null {
+    const ttlSeconds = this.spec?.ttl;
+    const creationTimestamp = this.metadata?.creationTimestamp;
+
+    if (!ttlSeconds || !creationTimestamp) {
+      return null;
+    }
+
+    const createdAt = new Date(creationTimestamp);
+    const expiresAt = new Date(createdAt.getTime() + (ttlSeconds * 1000));
+
+    return expiresAt.toISOString();
+  }
+
+  /**
+   * Returns cluster information for display and linking.
+   * Each object contains {label, location} where location is null if cluster doesn't exist.
+   */
+  get referencedClusters(): ReferencedCluster[] {
+    const clusterIds = this.spec?.clusters || [];
+    const provClusters = this.$rootGetters['management/all'](CAPI.RANCHER_CLUSTER) || [];
+    const mgmtClusters = this.$rootGetters['management/all'](MANAGEMENT.CLUSTER) || [];
+
+    return clusterIds.map((id: string) => {
+      const provCluster = provClusters.find((c: any) => c.mgmt?.id === id || c.status?.clusterName === id);
+      const mgmtCluster = mgmtClusters.find((c: any) => c.id === id);
+      const cluster = provCluster || mgmtCluster;
+
+      return {
+        label:    cluster?.nameDisplay || this.t('"ext.cattle.io.kubeconfig".deleted', { name: id }),
+        location: provCluster?.detailLocation || mgmtCluster?.detailLocation || null
+      };
+    });
+  }
+
+  /**
+   * Returns referenced clusters sorted: existing clusters first (by name), then deleted clusters.
+   */
+  get sortedReferencedClusters(): ReferencedCluster[] {
+    return this.referencedClusters.slice().sort((a, b) => {
+      const aExists = a.location !== null;
+      const bExists = b.location !== null;
+
+      if (aExists && !bExists) {
+        return -1;
+      }
+      if (!aExists && bExists) {
+        return 1;
+      }
+
+      const aName = a.label.toLowerCase();
+      const bName = b.label.toLowerCase();
+
+      return aName.localeCompare(bName, undefined, { numeric: true });
+    });
+  }
+
+  /**
+   * Returns a sortable string for the clusters column.
+   */
+  get referencedClustersSortable(): string {
+    return this.sortedReferencedClusters
+      .map((c) => c.label.toLowerCase())
+      .join(',');
+  }
+}

package/models/ext.cattle.io.passwordchangerequest.js

@@ -0,0 +1,15 @@
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class PasswordChangeRequest extends SteveModel {
+  get canChangePassword() {
+    return this.schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
+  }
+
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
+
+    delete val.type;
+
+    return val;
+  }
+}

package/models/ext.cattle.io.selfuser.js

@@ -0,0 +1,15 @@
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class SelfUser extends SteveModel {
+  get canGetUser() {
+    return this.schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
+  }
+
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
+
+    delete val.type;
+
+    return val;
+  }
+}

package/models/fleet-application.js

@@ -1,7 +1,7 @@
 import { matching, convertSelectorObj } from '@shell/utils/selector';
 import isEmpty from 'lodash/isEmpty';
 import { escapeHtml } from '@shell/utils/string';
-import { FLEET } from '@shell/config/types';
+import { FLEET, MANAGEMENT } from '@shell/config/types';
 import { FLEET as FLEET_ANNOTATIONS } from '@shell/config/labels-annotations';
 import { addObject, addObjects, findBy } from '@shell/utils/array';
 import SteveModel from '@shell/plugins/steve/steve-class';
@@ -30,18 +30,28 @@ function normalizeStateCounts(data) {
 
 export default class FleetApplication extends SteveModel {
   async getCurrentUser() {
-    const user = this.$rootGetters['auth/v3User'];
+    const user = this.$rootGetters['auth/user'];
 
     if (user?.id) {
       return user;
     }
 
-    const res = await this.$dispatch('rancher/request', {
-      url:    '/v3/users?me=true',
-      method: 'get',
-    }, { root: true });
+    const selfUser = await this.$dispatch('auth/getSelfUser');
 
-    return res?.data?.[0] || {};
+    if (selfUser?.canGetUser && selfUser.status?.userID) {
+      const user = await this.$dispatch('management/find', {
+        type: MANAGEMENT.USER,
+        id:   selfUser.status?.userID
+      }, { root: true });
+
+      if (user) {
+        this.$dispatch('auth/gotUser', user, { root: true });
+
+        return user;
+      }
+    }
+
+    return {};
   }
 
   pause() {

package/models/management.cattle.io.user.js

@@ -1,8 +1,8 @@
-import { NORMAN } from '@shell/config/types';
-import HybridModel, { cleanHybridResources } from '@shell/plugins/steve/hybrid-class';
+import { NORMAN, EXT } from '@shell/config/types';
+import SteveModel from '@shell/plugins/steve/steve-class';
 import day from 'dayjs';
 
-export default class User extends HybridModel {
+export default class User extends SteveModel {
   // Preserve description
   constructor(data, ctx, rehydrateNamespace = null, setClone = false) {
     const _description = data.description;
@@ -11,16 +11,6 @@ export default class User extends HybridModel {
     this.description = _description;
   }
 
-  // Clean the Norman properties, but keep description
-  cleanResource(data) {
-    const desc = data.description;
-    const clean = cleanHybridResources(data);
-
-    clean._description = desc;
-
-    return clean;
-  }
-
   get isSystem() {
     for ( const p of this.principalIds || [] ) {
       if ( p.startsWith('system://') ) {
@@ -175,13 +165,13 @@ export default class User extends HybridModel {
     const clone = await this.$dispatch('clone', { resource: this });
 
     // Remove local properties
-    delete clone.canRefreshAccess;
+    delete clone.canRefreshMemberships;
 
     return clone._save(opt);
   }
 
   async setEnabled(enabled) {
-    const clone = await this.$dispatch('rancher/clone', { resource: this.norman }, { root: true });
+    const clone = await this.$dispatch('clone', { resource: this });
 
     clone.enabled = enabled;
     await clone.save();
@@ -204,12 +194,21 @@ export default class User extends HybridModel {
   }
 
   async refreshGroupMembership() {
-    const user = await this.$dispatch('rancher/find', {
-      type: NORMAN.USER,
-      id:   this.id,
-    }, { root: true });
+    const membershipRefreshRequests = await this.$dispatch('create', { type: EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS });
 
-    await user.doAction('refreshauthprovideraccess');
+    // userId specifies the user ID. Use '*' for all users. Check the schemaDefinition for more details.
+    membershipRefreshRequests.spec = { userId: this.id };
+    await membershipRefreshRequests.save();
+  }
+
+  get canRefreshMemberships() {
+    const schema = this.$getters[`schemaFor`](EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS);
+
+    if (!schema) {
+      return false;
+    }
+
+    return schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
   }
 
   canActivate(state) {
@@ -243,7 +242,7 @@ export default class User extends HybridModel {
         action:  'refreshGroupMembership',
         label:   this.t('authGroups.actions.refresh'),
         icon:    'icon icon-refresh',
-        enabled: this.canRefreshAccess
+        enabled: this.canRefreshMemberships
       },
       { divider: true },
       ...super._availableActions,
@@ -284,19 +283,17 @@ export default class User extends HybridModel {
     return true;
   }
 
-  get norman() {
-    return this.$rootGetters['rancher/byId'](NORMAN.USER, this.id);
-  }
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
 
-  get canDelete() {
-    return this.norman?.hasLink('remove') && !this.isCurrentUser;
-  }
+    delete val.type;
 
-  get canUpdate() {
-    return this.norman?.hasLink('update');
+    return val;
   }
 
-  remove() {
-    return this.norman?.remove();
+  get norman() {
+    console.warn('Norman "user" is deprecated. Use Steve "management.cattle.io.user" user instead.'); // eslint-disable-line no-console
+
+    return this.$rootGetters['rancher/byId'](NORMAN.USER, this.id);
   }
 }

package/models/schema.js

@@ -7,6 +7,24 @@ export default class Schema extends Resource {
   get groupName() {
     return this.attributes.namespaced ? 'ns' : 'cluster';
   }
+
+  /**
+   * Legacy check to determine if the user can GET a specific resource of this type.
+   *
+   * This supports things like spoof or norman schemas.
+   */
+  get canGet() {
+    return this.hasLink('collection');
+  }
+
+  /**
+   * Legacy check to determine if the user can LIST a resource of this type.
+   *
+   * This supports things like spoof or norman schemas.
+   */
+  get canList() {
+    return this.hasLink('collection');
+  }
 }
 
 /**

package/models/secret.js

@@ -3,6 +3,7 @@ import { CERTMANAGER, KUBERNETES, UI_PROJECT_SECRET, UI_PROJECT_SECRET_COPY } fr
 import { base64Decode, base64Encode } from '@shell/utils/crypto';
 import { removeObjects } from '@shell/utils/array';
 import { MANAGEMENT, SERVICE_ACCOUNT, VIRTUAL_TYPES } from '@shell/config/types';
+import { SECRET_SCOPE, SECRET_QUERY_PARAMS } from '@shell/config/query-params';
 import { set } from '@shell/utils/object';
 import { NAME as MANAGER } from '@shell/config/product/manager';
 import SteveModel from '@shell/plugins/steve/steve-class';
@@ -491,18 +492,16 @@ export default class Secret extends SteveModel {
     return steveCleanForDownload(yaml, { rootKeys: ['id', 'links', 'actions'] });
   }
 
-  /**
-   * is this a project scoped secret .... or also a cloned project scoped secret
-   */
-  get isProjectScopedRelated() {
-    return !!this.metadata.labels?.[UI_PROJECT_SECRET];
-  }
-
   /**
    * is this a project scoped secret
    */
   get isProjectScoped() {
-    return this.isProjectScopedRelated && !this.isProjectSecretCopy && this.$rootGetters['isRancher'];
+    /**
+     * is this a project scoped secret .... or also a cloned project scoped secret
+     */
+    const isProjectScopedRelated = !!this.metadata.labels?.[UI_PROJECT_SECRET];
+
+    return isProjectScopedRelated && !this.isProjectSecretCopy && this.$rootGetters['isRancher'];
   }
 
   get projectScopedClusterId() {
@@ -573,7 +572,7 @@ export default class Secret extends SteveModel {
       const id = this.id?.replace(/.*\//, '');
 
       return {
-        name:   `c-cluster-product-resource-namespace-id`,
+        name:   `c-cluster-product-${ VIRTUAL_TYPES.PROJECT_SECRETS }-namespace-id`,
         params: {
           product:   this.$rootGetters['productId'],
           cluster:   this.$rootGetters['clusterId'],
@@ -588,34 +587,38 @@ export default class Secret extends SteveModel {
   }
 
   get listLocation() {
-    if (!this.isProjectScoped) {
-      return super.listLocation;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return {
+        name:   'c-cluster-product-resource',
+        params: {
+          product:  this.$rootGetters['productId'],
+          cluster:  this.$rootGetters['clusterId'],
+          resource: VIRTUAL_TYPES.PROJECT_SECRETS,
+        }
+      };
     }
 
-    return {
-      name:   'c-cluster-product-resource',
-      params: {
-        product:  this.$rootGetters['productId'],
-        cluster:  this.$rootGetters['clusterId'],
-        resource: VIRTUAL_TYPES.PROJECT_SECRETS,
-      }
-    };
+    return super.listLocation;
+  }
+
+  get hasProjectScopedUrlQueryParam() {
+    return this.currentRoute()?.query?.[SECRET_SCOPE] === SECRET_QUERY_PARAMS.PROJECT_SCOPED;
   }
 
   get parentNameOverride() {
-    if (!this.isProjectScoped) {
-      return super.parentNameOverride;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return this.$rootGetters['i18n/t'](`typeLabel."${ VIRTUAL_TYPES.PROJECT_SECRETS }"`, { count: 1 })?.trim();
     }
 
-    return this.$rootGetters['i18n/t'](`typeLabel."${ VIRTUAL_TYPES.PROJECT_SECRETS }"`, { count: 1 })?.trim();
+    return super.parentNameOverride;
   }
 
   get parentLocationOverride() {
-    if (!this.isProjectScoped) {
-      return super.parentNameOverride;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return this.listLocation;
     }
 
-    return this.listLocation;
+    return super.parentLocationOverride;
   }
 
   get groupByProject() {

package/models/steve-schema.ts

@@ -1,6 +1,7 @@
 import { STEVE } from '@shell/config/types';
-import Schema from './schema';
+import BaseSchema from './schema';
 import { wait } from '@shell/utils/async';
+import { Schema as SchemaSchemaType, SchemaAttributeVerbs } from '@shell/plugins/steve/schema';
 
 interface ResourceField {
   type: string,
@@ -31,10 +32,28 @@ const SchemaDefinitionCache: { [store: string]: {
   definitions: SchemaDefinitions,
 } } = {};
 
+/**
+ * Determine if the user can <verb> this type
+ */
+const canSchema = (
+  { schema, verb }: { schema: SchemaSchemaType & SteveSchema, verb: SchemaAttributeVerbs }
+) => {
+  if (!schema.hasLink('collection')) {
+    // The UI will use this to build the URLs. It will exist even if there's no GET/LIST permissions (to support POST)
+    return false;
+  }
+
+  if (!schema.attributes?.verbs?.find((x) => x.toLowerCase() === verb)) {
+    return false;
+  }
+
+  return true;
+};
+
 /**
  * Steve Schema specific functionality
  */
-export default class SteveSchema extends Schema {
+export default class SteveSchema extends BaseSchema {
   static reset(store: string): void {
     delete SchemaDefinitionCache[store];
   }
@@ -233,6 +252,24 @@ export default class SteveSchema extends Schema {
     return this.links?.self?.replace('/schemas/', '/schemaDefinitions/');
   }
 
+  /**
+   * Check to determine if the user can GET a specific resource of this type.
+   */
+  get canGet(): boolean {
+    return canSchema({ schema: this.schema, verb: 'get' });
+  }
+
+  /**
+   * Check to determine if the user can LIST a resource of this type.
+   */
+  get canList(): boolean {
+    return canSchema({ schema: this.schema, verb: 'list' });
+  }
+
+  get schema(): SchemaSchemaType & SteveSchema {
+    return this as unknown as SchemaSchemaType & SteveSchema;
+  }
+
   /*********************
    * Local Properties
    *

package/models/workload.js

@@ -755,7 +755,7 @@ export default class Workload extends WorkloadService {
   get podsCard() {
     const supportedTypes = [WORKLOAD_TYPES.DEPLOYMENT, WORKLOAD_TYPES.DAEMON_SET, WORKLOAD_TYPES.JOB, WORKLOAD_TYPES.STATEFUL_SET];
 
-    if (!supportedTypes.includes(this.type)) {
+    if (!supportedTypes.includes(this.type) || (this.pods?.length || 0) <= 0) {
       return null;
     }
 
@@ -776,7 +776,7 @@ export default class Workload extends WorkloadService {
   get jobsCard() {
     const supportedTypes = [WORKLOAD_TYPES.CRON_JOB];
 
-    if (!supportedTypes.includes(this.type)) {
+    if (!supportedTypes.includes(this.type) || (this.jobs?.length || 0) <= 0) {
       return null;
     }
 
@@ -794,6 +794,7 @@ export default class Workload extends WorkloadService {
     return [
       this.podsCard,
       this.jobsCard,
+      this.insightCard,
       ...this._cards
     ];
   }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rancher/shell",
-  "version": "3.0.9-rc.3",
+  "version": "3.0.9-rc.5",
   "description": "Rancher Dashboard Shell",
   "repository": "https://github.com/rancher/dashboard",
   "license": "Apache-2.0",
@@ -39,7 +39,7 @@
     "@babel/preset-typescript": "7.16.7",
     "@novnc/novnc": "1.2.0",
     "@popperjs/core": "2.11.8",
-    "@rancher/icons": "2.0.54",
+    "@rancher/icons": "2.0.55",
     "@types/is-url": "1.2.30",
     "@types/node": "20.10.8",
     "@types/semver": "^7.5.8",

package/pages/about.vue

@@ -9,6 +9,7 @@ import { mapGetters } from 'vuex';
 import TabTitle from '@shell/components/TabTitle';
 import { PanelLocation, ExtensionPoint } from '@shell/core/types';
 import ExtensionPanel from '@shell/components/ExtensionPanel';
+import { getVersionInfo } from '@shell/utils/version';
 
 export default {
   components: {
@@ -30,7 +31,7 @@ export default {
   computed: {
     ...mapGetters(['releaseNotesUrl']),
     rancherVersion() {
-      return this.settings.find((s) => s.id === SETTING.VERSION_RANCHER);
+      return getVersionInfo(this.$store).fullVersion;
     },
     appName() {
       return getVendor();
@@ -124,7 +125,7 @@ export default {
           >
             {{ t("about.versions.rancher") }}
           </a>
-        </td><td>{{ rancherVersion.value }}</td>
+        </td><td>{{ rancherVersion }}</td>
       </tr>
       <tr v-if="dashboardVersion">
         <td>

package/pages/account/index.vue

@@ -1,6 +1,6 @@
 <script>
 import BackLink from '@shell/components/BackLink';
-import { MANAGEMENT, NORMAN } from '@shell/config/types';
+import { MANAGEMENT, NORMAN, EXT } from '@shell/config/types';
 import { SETTING } from '@shell/config/settings';
 import Loading from '@shell/components/Loading';
 import Principal from '@shell/components/auth/Principal';
@@ -33,13 +33,26 @@ export default {
 
     this.apiHostSetting = apiHostSetting?.value;
     this.serverUrlSetting = serverUrlSetting?.value;
+
+    const selfUser = await this.$store.dispatch('auth/getSelfUser');
+
+    if (selfUser?.canGetUser && selfUser.status?.userID) {
+      // Fetch the user info for ChangePassword (ChangePasswordDialog needs the user info for the user whose password is being changed)
+      this.user = await this.$store.dispatch('management/find', {
+        type: MANAGEMENT.USER,
+        id:   selfUser.status?.userID
+      });
+    } else {
+      throw new Error(this.t('changePassword.errors.cannotFetchSelf'));
+    }
   },
   data() {
     return {
       apiHostSetting:    null,
       serverUrlSetting:  null,
       rows:              null,
-      canChangePassword: false
+      canChangePassword: false,
+      user:              null
     };
   },
   computed: {
@@ -124,24 +137,18 @@ export default {
         return !!this.principal.loginName;
       }
 
-      const users = await this.$store.dispatch('rancher/findAll', {
-        type: NORMAN.USER,
-        opt:  { url: '/v3/users', filter: { me: true } }
-      });
-
-      if (users && users.length === 1) {
-        return !!users[0].username;
-      }
+      const passwordChangeRequest = await this.$store.dispatch('management/create', { type: EXT.PASSWORD_CHANGE_REQUESTS });
 
-      return false;
+      return !!passwordChangeRequest?.canChangePassword;
     },
     showChangePasswordDialog() {
       this.$store.dispatch('management/promptModal', {
-        component:   'ChangePasswordDialog',
-        testId:      'change-password__modal',
-        customClass: 'change-password-modal',
-        modalWidth:  '500',
-        height:      '465'
+        component:      'ChangePasswordDialog',
+        componentProps: { user: this.user },
+        testId:         'change-password__modal',
+        customClass:    'change-password-modal',
+        modalWidth:     '500',
+        height:         '465'
       });
     }
   }

package/pages/auth/login.vue

@@ -18,8 +18,7 @@ import { sortBy } from '@shell/utils/sort';
 import { configType } from '@shell/models/management.cattle.io.authconfig';
 import { mapGetters } from 'vuex';
 import { markRaw } from 'vue';
-import { _MULTI } from '@shell/plugins/dashboard-store/actions';
-import { MANAGEMENT, NORMAN } from '@shell/config/types';
+import { MANAGEMENT, NORMAN, EXT } from '@shell/config/types';
 import { SETTING } from '@shell/config/settings';
 import { LOGIN_ERRORS } from '@shell/store/auth';
 import {
@@ -286,13 +285,21 @@ export default {
           }
         });
 
-        const user = await this.$store.dispatch('rancher/findAll', {
-          type: NORMAN.USER,
-          opt:  { url: '/v3/users?me=true', load: _MULTI }
+        // we have to do the XHR requests because we don't have schemas loaded yet...
+        let mgmtUser;
+        const selfUser = await this.$store.dispatch('management/request', {
+          url:    `/v1/${ EXT.SELFUSER }`,
+          method: 'POST',
+          data:   {}
         });
 
-        if (!!user?.[0]) {
-          this.$store.dispatch('auth/gotUser', user[0]);
+        if (selfUser) {
+          await this.$store.dispatch('auth/updateSelfUser', selfUser);
+          mgmtUser = await this.$store.dispatch('management/request', { url: `/v1/${ MANAGEMENT.USER }/${ selfUser.status?.userID }` });
+        }
+
+        if (!!mgmtUser) {
+          this.$store.dispatch('auth/gotUser', mgmtUser);
         }
 
         if ( this.remember ) {
@@ -320,7 +327,7 @@ export default {
           $extension: this.$store.$extension,
         });
 
-        if (this.firstLogin || user[0]?.mustChangePassword) {
+        if (this.firstLogin || mgmtUser?.mustChangePassword) {
           this.$store.dispatch('auth/setInitialPass', this.password);
           this.$router.push({ name: 'auth-setup' });
         } else {