@rancher/shell 3.0.9-rc.4 → 3.0.9-rc.5

package/models/__tests__/auditlog.cattle.io.auditpolicy.test.ts

@@ -0,0 +1,117 @@
+import AuditPolicy from '@shell/models/auditlog.cattle.io.auditpolicy';
+
+describe('auditPolicy Model', () => {
+  let mockDispatch: jest.Mock;
+  let mockT: jest.Mock;
+  let auditPolicy: any;
+
+  beforeEach(() => {
+    mockDispatch = jest.fn();
+    mockT = jest.fn();
+
+    const mockResource = {
+      id:       'test-policy',
+      spec:     { enabled: false },
+      metadata: { name: 'test-policy' }
+    };
+
+    auditPolicy = new AuditPolicy(mockResource, {
+      dispatch:    mockDispatch,
+      rootGetters: { 'i18n/t': mockT },
+      getters:     { schemaFor: () => ({ linkFor: jest.fn() }) }
+    });
+  });
+
+  describe('enable method', () => {
+    it('should call enableOrDisable with "enable"', () => {
+      const spy = jest.spyOn(auditPolicy, 'enableOrDisable').mockImplementation();
+
+      auditPolicy.enable();
+
+      expect(spy).toHaveBeenCalledWith('enable');
+    });
+  });
+
+  describe('disable method', () => {
+    it('should call enableOrDisable with "disable"', () => {
+      const spy = jest.spyOn(auditPolicy, 'enableOrDisable').mockImplementation();
+
+      auditPolicy.disable();
+
+      expect(spy).toHaveBeenCalledWith('disable');
+    });
+  });
+
+  describe('enableOrDisable method', () => {
+    let mockClone: any;
+
+    beforeEach(() => {
+      mockClone = {
+        spec: { enabled: false },
+        save: jest.fn()
+      };
+
+      mockDispatch.mockImplementation((action: string) => {
+        if (action === 'rancher/clone') {
+          return Promise.resolve(mockClone);
+        }
+
+        return Promise.resolve();
+      });
+    });
+
+    it('should enable policy when flag is "enable"', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockClone.spec.enabled).toBe(true);
+      expect(mockClone.save).toHaveBeenCalledWith();
+    });
+
+    it('should disable policy when flag is "disable"', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('disable');
+
+      expect(mockClone.spec.enabled).toBe(false);
+      expect(mockClone.save).toHaveBeenCalledWith();
+    });
+
+    it('should handle save errors and show growl notification', async() => {
+      const saveError = new Error('Save failed');
+
+      mockClone.save.mockRejectedValue(saveError);
+      mockT.mockReturnValue('Error when enabling - test-policy');
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockDispatch).toHaveBeenCalledWith('growl/fromError', {
+        title:   'Error when enabling - test-policy',
+        err:     saveError,
+        timeout: 5000
+      }, { root: true });
+    });
+
+    it('should call translation with correct parameters', async() => {
+      const saveError = new Error('Save failed');
+
+      mockClone.save.mockRejectedValue(saveError);
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockT).toHaveBeenCalledWith('auditPolicy.error.enableOrDisable', {
+        flag: 'enable',
+        id:   'test-policy'
+      });
+    });
+
+    it('should dispatch rancher/clone with correct parameters', async() => {
+      mockClone.save.mockResolvedValue({});
+
+      await auditPolicy.enableOrDisable('enable');
+
+      expect(mockDispatch).toHaveBeenCalledWith('rancher/clone', { resource: auditPolicy }, { root: true });
+    });
+  });
+});

package/models/__tests__/workload.test.ts

@@ -253,6 +253,8 @@ describe('class: Workload', () => {
   });
 
   describe('getter: podsCard', () => {
+    const mockPod = { metadata: { name: 'pod-1', namespace: 'default' } };
+
     it('should return card for Deployment type', () => {
       const workload = new Workload({
         type:     WORKLOAD_TYPES.DEPLOYMENT,
@@ -264,7 +266,7 @@ describe('class: Workload', () => {
         rootGetters: { 'i18n/t': (key: string) => key },
       });
 
-      Object.defineProperty(workload, 'pods', { get: () => [] });
+      Object.defineProperty(workload, 'pods', { get: () => [mockPod] });
       Object.defineProperty(workload, 'canUpdate', { get: () => true });
 
       const card = workload.podsCard;
@@ -285,7 +287,7 @@ describe('class: Workload', () => {
         rootGetters: { 'i18n/t': (key: string) => key },
       });
 
-      Object.defineProperty(workload, 'pods', { get: () => [] });
+      Object.defineProperty(workload, 'pods', { get: () => [mockPod] });
       Object.defineProperty(workload, 'canUpdate', { get: () => true });
 
       const card = workload.podsCard;
@@ -310,7 +312,7 @@ describe('class: Workload', () => {
       expect(card).toBeNull();
     });
 
-    it('should hide scaling when canUpdate is false', () => {
+    it('should return null when pods array is empty', () => {
       const workload = new Workload({
         type:     WORKLOAD_TYPES.DEPLOYMENT,
         metadata: { name: 'test', namespace: 'default' },
@@ -322,6 +324,24 @@ describe('class: Workload', () => {
       });
 
       Object.defineProperty(workload, 'pods', { get: () => [] });
+
+      const card = workload.podsCard;
+
+      expect(card).toBeNull();
+    });
+
+    it('should hide scaling when canUpdate is false', () => {
+      const workload = new Workload({
+        type:     WORKLOAD_TYPES.DEPLOYMENT,
+        metadata: { name: 'test', namespace: 'default' },
+        spec:     {}
+      }, {
+        getters:     { schemaFor: () => ({ linkFor: jest.fn() }) },
+        dispatch:    jest.fn(),
+        rootGetters: { 'i18n/t': (key: string) => key },
+      });
+
+      Object.defineProperty(workload, 'pods', { get: () => [mockPod] });
       Object.defineProperty(workload, 'canUpdate', { get: () => false });
 
       const card = workload.podsCard;
@@ -331,6 +351,8 @@ describe('class: Workload', () => {
   });
 
   describe('getter: jobsCard', () => {
+    const mockJob = { metadata: { name: 'job-1', namespace: 'default' } };
+
     it('should return card for CronJob type', () => {
       const workload = new Workload({
         type:     WORKLOAD_TYPES.CRON_JOB,
@@ -342,7 +364,7 @@ describe('class: Workload', () => {
         rootGetters: { 'i18n/t': (key: string) => key },
       });
 
-      Object.defineProperty(workload, 'jobs', { get: () => [] });
+      Object.defineProperty(workload, 'jobs', { get: () => [mockJob] });
 
       const card = workload.jobsCard;
 
@@ -366,9 +388,30 @@ describe('class: Workload', () => {
 
       expect(card).toBeNull();
     });
+
+    it('should return null when jobs array is empty', () => {
+      const workload = new Workload({
+        type:     WORKLOAD_TYPES.CRON_JOB,
+        metadata: { name: 'test', namespace: 'default' },
+        spec:     {}
+      }, {
+        getters:     { schemaFor: () => ({ linkFor: jest.fn() }) },
+        dispatch:    jest.fn(),
+        rootGetters: { 'i18n/t': (key: string) => key },
+      });
+
+      Object.defineProperty(workload, 'jobs', { get: () => [] });
+
+      const card = workload.jobsCard;
+
+      expect(card).toBeNull();
+    });
   });
 
   describe('getter: cards', () => {
+    const mockPod = { metadata: { name: 'pod-1', namespace: 'default' } };
+    const mockJob = { metadata: { name: 'job-1', namespace: 'default' } };
+
     it('should include podsCard for Deployment', () => {
       const workload = new Workload({
         type:     WORKLOAD_TYPES.DEPLOYMENT,
@@ -384,7 +427,7 @@ describe('class: Workload', () => {
         },
       });
 
-      Object.defineProperty(workload, 'pods', { get: () => [] });
+      Object.defineProperty(workload, 'pods', { get: () => [mockPod] });
       Object.defineProperty(workload, 'canUpdate', { get: () => true });
 
       const cards = workload.cards;
@@ -411,7 +454,7 @@ describe('class: Workload', () => {
         },
       });
 
-      Object.defineProperty(workload, 'jobs', { get: () => [] });
+      Object.defineProperty(workload, 'jobs', { get: () => [mockJob] });
 
       const cards = workload.cards;
       const nonNullCards = cards.filter((c: any) => c !== null);

package/models/auditlog.cattle.io.auditpolicy.js

@@ -0,0 +1,46 @@
+import { insertAt } from '@shell/utils/array';
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class AuditPolicy extends SteveModel {
+  get _availableActions() {
+    const out = super._availableActions;
+
+    insertAt(out, 0, {
+      action:   'enable',
+      label:    this.t('action.enable'),
+      icon:     'icon icon-play',
+      enabled:  (this.canEdit || this.canEditYaml) && !this.spec.enabled,
+      bulkable: true,
+      weight:   2,
+    });
+    insertAt(out, 0, {
+      action:   'disable',
+      label:    this.t('action.disable'),
+      icon:     'icon icon-pause',
+      enabled:  (this.canEdit || this.canEditYaml) && this.spec.enabled,
+      bulkable: true,
+      weight:   1,
+    });
+
+    return out;
+  }
+
+  enable() {
+    this.enableOrDisable('enable');
+  }
+
+  disable() {
+    this.enableOrDisable('disable');
+  }
+
+  async enableOrDisable(flag) {
+    const clone = await this.$dispatch('rancher/clone', { resource: this }, { root: true });
+
+    clone.spec.enabled = flag === 'enable';
+    await clone.save().catch((err) => {
+      this.$dispatch('growl/fromError', {
+        title: this.t('auditPolicy.error.enableOrDisable', { flag, id: this.id }), err, timeout: 5000
+      }, { root: true });
+    });
+  }
+}

package/models/cluster.x-k8s.io.machine.js

@@ -138,7 +138,7 @@ export default class CapiMachine extends SteveModel {
 
   async machineRef() {
     const ref = this.spec.infrastructureRef;
-    const id = `${ ref.namespace }/${ ref.name }`;
+    const id = `${ this.metadata.namespace }/${ ref.name }`;
     const kind = `rke-machine.cattle.io.${ ref.kind.toLowerCase() }`;
 
     return await this.$dispatch('find', { type: kind, id });

package/models/cluster.x-k8s.io.machinedeployment.js

@@ -41,12 +41,12 @@ export default class CapiMachineDeployment extends SteveModel {
   }
 
   get templateType() {
-    return this.spec.template.spec.infrastructureRef.kind ? `rke-machine.cattle.io.${ this.spec.template.spec.infrastructureRef.kind.toLowerCase() }` : null;
+    return this.infrastructureRefKind ? `rke-machine.cattle.io.${ this.infrastructureRefKind.toLowerCase() }` : null;
   }
 
   get template() {
     const ref = this.spec.template.spec.infrastructureRef;
-    const id = `${ ref.namespace }/${ ref.name }`;
+    const id = `${ this.metadata.namespace }/${ ref.name }`;
     const template = this.$rootGetters['management/byId'](this.templateType, id);
 
     return template;
@@ -92,15 +92,15 @@ export default class CapiMachineDeployment extends SteveModel {
   }
 
   get outdated() {
-    return Math.max(0, (this.status?.replicas || 0) - (this.status?.updatedReplicas || 0));
+    return Math.max(0, (this.status?.replicas || 0) - (this.status?.upToDateReplicas || 0));
   }
 
   get ready() {
-    return Math.max(0, (this.status?.replicas || 0) - (this.status?.unavailableReplicas || 0));
+    return this.status?.availableReplicas || 0;
   }
 
   get unavailable() {
-    return this.status?.unavailableReplicas || 0;
+    return Math.max(0, (this.status?.replicas || 0) - (this.status?.availableReplicas || 0));
   }
 
   get isControlPlane() {

package/models/event.js

@@ -38,4 +38,9 @@ export default class K8sEvent extends SteveModel {
 
     return schema && rowValueGetter ? rowValueGetter(schema, 'Last Seen')(this) : null;
   }
+
+  // Because we're using eventType which is a non-standard state we don't have a reliable way to provide a state color anymore and have therefore disabled the color.
+  get insightsColor() {
+    return 'disabled';
+  }
 }

package/models/ext.cattle.io.groupmembershiprefreshrequest.js

@@ -0,0 +1,15 @@
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class GroupMembershipRefreshRequest extends SteveModel {
+  get canRefreshMemberships() {
+    return this.schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
+  }
+
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
+
+    delete val.type;
+
+    return val;
+  }
+}

package/models/ext.cattle.io.passwordchangerequest.js

@@ -0,0 +1,15 @@
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class PasswordChangeRequest extends SteveModel {
+  get canChangePassword() {
+    return this.schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
+  }
+
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
+
+    delete val.type;
+
+    return val;
+  }
+}

package/models/ext.cattle.io.selfuser.js

@@ -0,0 +1,15 @@
+import SteveModel from '@shell/plugins/steve/steve-class';
+
+export default class SelfUser extends SteveModel {
+  get canGetUser() {
+    return this.schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
+  }
+
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
+
+    delete val.type;
+
+    return val;
+  }
+}

package/models/fleet-application.js

@@ -1,7 +1,7 @@
 import { matching, convertSelectorObj } from '@shell/utils/selector';
 import isEmpty from 'lodash/isEmpty';
 import { escapeHtml } from '@shell/utils/string';
-import { FLEET } from '@shell/config/types';
+import { FLEET, MANAGEMENT } from '@shell/config/types';
 import { FLEET as FLEET_ANNOTATIONS } from '@shell/config/labels-annotations';
 import { addObject, addObjects, findBy } from '@shell/utils/array';
 import SteveModel from '@shell/plugins/steve/steve-class';
@@ -30,18 +30,28 @@ function normalizeStateCounts(data) {
 
 export default class FleetApplication extends SteveModel {
   async getCurrentUser() {
-    const user = this.$rootGetters['auth/v3User'];
+    const user = this.$rootGetters['auth/user'];
 
     if (user?.id) {
       return user;
     }
 
-    const res = await this.$dispatch('rancher/request', {
-      url:    '/v3/users?me=true',
-      method: 'get',
-    }, { root: true });
+    const selfUser = await this.$dispatch('auth/getSelfUser');
 
-    return res?.data?.[0] || {};
+    if (selfUser?.canGetUser && selfUser.status?.userID) {
+      const user = await this.$dispatch('management/find', {
+        type: MANAGEMENT.USER,
+        id:   selfUser.status?.userID
+      }, { root: true });
+
+      if (user) {
+        this.$dispatch('auth/gotUser', user, { root: true });
+
+        return user;
+      }
+    }
+
+    return {};
   }
 
   pause() {

package/models/management.cattle.io.user.js

@@ -1,8 +1,8 @@
-import { NORMAN } from '@shell/config/types';
-import HybridModel, { cleanHybridResources } from '@shell/plugins/steve/hybrid-class';
+import { NORMAN, EXT } from '@shell/config/types';
+import SteveModel from '@shell/plugins/steve/steve-class';
 import day from 'dayjs';
 
-export default class User extends HybridModel {
+export default class User extends SteveModel {
   // Preserve description
   constructor(data, ctx, rehydrateNamespace = null, setClone = false) {
     const _description = data.description;
@@ -11,16 +11,6 @@ export default class User extends HybridModel {
     this.description = _description;
   }
 
-  // Clean the Norman properties, but keep description
-  cleanResource(data) {
-    const desc = data.description;
-    const clean = cleanHybridResources(data);
-
-    clean._description = desc;
-
-    return clean;
-  }
-
   get isSystem() {
     for ( const p of this.principalIds || [] ) {
       if ( p.startsWith('system://') ) {
@@ -175,13 +165,13 @@ export default class User extends HybridModel {
     const clone = await this.$dispatch('clone', { resource: this });
 
     // Remove local properties
-    delete clone.canRefreshAccess;
+    delete clone.canRefreshMemberships;
 
     return clone._save(opt);
   }
 
   async setEnabled(enabled) {
-    const clone = await this.$dispatch('rancher/clone', { resource: this.norman }, { root: true });
+    const clone = await this.$dispatch('clone', { resource: this });
 
     clone.enabled = enabled;
     await clone.save();
@@ -204,12 +194,21 @@ export default class User extends HybridModel {
   }
 
   async refreshGroupMembership() {
-    const user = await this.$dispatch('rancher/find', {
-      type: NORMAN.USER,
-      id:   this.id,
-    }, { root: true });
+    const membershipRefreshRequests = await this.$dispatch('create', { type: EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS });
 
-    await user.doAction('refreshauthprovideraccess');
+    // userId specifies the user ID. Use '*' for all users. Check the schemaDefinition for more details.
+    membershipRefreshRequests.spec = { userId: this.id };
+    await membershipRefreshRequests.save();
+  }
+
+  get canRefreshMemberships() {
+    const schema = this.$getters[`schemaFor`](EXT.GROUP_MEMBERSHIP_REFRESH_REQUESTS);
+
+    if (!schema) {
+      return false;
+    }
+
+    return schema?.collectionMethods.find((x) => x.toLowerCase() === 'post');
   }
 
   canActivate(state) {
@@ -243,7 +242,7 @@ export default class User extends HybridModel {
         action:  'refreshGroupMembership',
         label:   this.t('authGroups.actions.refresh'),
         icon:    'icon icon-refresh',
-        enabled: this.canRefreshAccess
+        enabled: this.canRefreshMemberships
       },
       { divider: true },
       ...super._availableActions,
@@ -284,19 +283,17 @@ export default class User extends HybridModel {
     return true;
   }
 
-  get norman() {
-    return this.$rootGetters['rancher/byId'](NORMAN.USER, this.id);
-  }
+  cleanForSave(data) {
+    const val = super.cleanForSave(data);
 
-  get canDelete() {
-    return this.norman?.hasLink('remove') && !this.isCurrentUser;
-  }
+    delete val.type;
 
-  get canUpdate() {
-    return this.norman?.hasLink('update');
+    return val;
   }
 
-  remove() {
-    return this.norman?.remove();
+  get norman() {
+    console.warn('Norman "user" is deprecated. Use Steve "management.cattle.io.user" user instead.'); // eslint-disable-line no-console
+
+    return this.$rootGetters['rancher/byId'](NORMAN.USER, this.id);
   }
 }

package/models/schema.js

@@ -7,6 +7,24 @@ export default class Schema extends Resource {
   get groupName() {
     return this.attributes.namespaced ? 'ns' : 'cluster';
   }
+
+  /**
+   * Legacy check to determine if the user can GET a specific resource of this type.
+   *
+   * This supports things like spoof or norman schemas.
+   */
+  get canGet() {
+    return this.hasLink('collection');
+  }
+
+  /**
+   * Legacy check to determine if the user can LIST a resource of this type.
+   *
+   * This supports things like spoof or norman schemas.
+   */
+  get canList() {
+    return this.hasLink('collection');
+  }
 }
 
 /**

package/models/secret.js

@@ -3,6 +3,7 @@ import { CERTMANAGER, KUBERNETES, UI_PROJECT_SECRET, UI_PROJECT_SECRET_COPY } fr
 import { base64Decode, base64Encode } from '@shell/utils/crypto';
 import { removeObjects } from '@shell/utils/array';
 import { MANAGEMENT, SERVICE_ACCOUNT, VIRTUAL_TYPES } from '@shell/config/types';
+import { SECRET_SCOPE, SECRET_QUERY_PARAMS } from '@shell/config/query-params';
 import { set } from '@shell/utils/object';
 import { NAME as MANAGER } from '@shell/config/product/manager';
 import SteveModel from '@shell/plugins/steve/steve-class';
@@ -491,18 +492,16 @@ export default class Secret extends SteveModel {
     return steveCleanForDownload(yaml, { rootKeys: ['id', 'links', 'actions'] });
   }
 
-  /**
-   * is this a project scoped secret .... or also a cloned project scoped secret
-   */
-  get isProjectScopedRelated() {
-    return !!this.metadata.labels?.[UI_PROJECT_SECRET];
-  }
-
   /**
    * is this a project scoped secret
    */
   get isProjectScoped() {
-    return this.isProjectScopedRelated && !this.isProjectSecretCopy && this.$rootGetters['isRancher'];
+    /**
+     * is this a project scoped secret .... or also a cloned project scoped secret
+     */
+    const isProjectScopedRelated = !!this.metadata.labels?.[UI_PROJECT_SECRET];
+
+    return isProjectScopedRelated && !this.isProjectSecretCopy && this.$rootGetters['isRancher'];
   }
 
   get projectScopedClusterId() {
@@ -588,34 +587,38 @@ export default class Secret extends SteveModel {
   }
 
   get listLocation() {
-    if (!this.isProjectScoped) {
-      return super.listLocation;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return {
+        name:   'c-cluster-product-resource',
+        params: {
+          product:  this.$rootGetters['productId'],
+          cluster:  this.$rootGetters['clusterId'],
+          resource: VIRTUAL_TYPES.PROJECT_SECRETS,
+        }
+      };
     }
 
-    return {
-      name:   'c-cluster-product-resource',
-      params: {
-        product:  this.$rootGetters['productId'],
-        cluster:  this.$rootGetters['clusterId'],
-        resource: VIRTUAL_TYPES.PROJECT_SECRETS,
-      }
-    };
+    return super.listLocation;
+  }
+
+  get hasProjectScopedUrlQueryParam() {
+    return this.currentRoute()?.query?.[SECRET_SCOPE] === SECRET_QUERY_PARAMS.PROJECT_SCOPED;
   }
 
   get parentNameOverride() {
-    if (!this.isProjectScoped) {
-      return super.parentNameOverride;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return this.$rootGetters['i18n/t'](`typeLabel."${ VIRTUAL_TYPES.PROJECT_SECRETS }"`, { count: 1 })?.trim();
     }
 
-    return this.$rootGetters['i18n/t'](`typeLabel."${ VIRTUAL_TYPES.PROJECT_SECRETS }"`, { count: 1 })?.trim();
+    return super.parentNameOverride;
   }
 
   get parentLocationOverride() {
-    if (!this.isProjectScoped) {
-      return super.parentNameOverride;
+    if (this.hasProjectScopedUrlQueryParam || this.isProjectScoped) {
+      return this.listLocation;
     }
 
-    return this.listLocation;
+    return super.parentLocationOverride;
   }
 
   get groupByProject() {