ACL Policies aren't required to have any `namespace` blocks, and this is
particularly common with the anonymous policy. If a user visits the web UI
without a token already in their local storage and the anonymous policy has no
`namespace` blocks, the UI will hit unhandled exceptions when rendering the
sidebar or jobs page.
Filter for the case where there's no `namespace` block.
* Changelog and lintfix
* Changelog removed
* Forbidden state on individual variables
* CanRead checked on variable path links
* Mirage fixture with lesser secure variables access, temporary fix for * namespaces
* Read flow acceptance tests
* Unit tests for variable.canRead
* lintfix
* TODO squashed, thanks Jai
* explicitly link mirage fixture vars to jobs via namespace
* Typofix; delete to read
* Linking the original alloc
* Percy snapshots uniquely named
* Guarantee that the alloc we depend on has tasks within it
* Logging variables
* Trying to skip delete
* Now without create flow either
* Dedicated cluster fixture for testing variables
* Disambiguate percy calls
* Check against all your policies' namespaces' secvars' paths' capabilities to see if you can list vars
* Changelog and lintfix
* Unit tests for list-vars
* Removed unused computed dep
* Changelog removed
* refact: namespace should be bound property
* chore: pass bound namespace property in template
* chore: update tests to account for bound namespace refactoring
* test: add test coverage for factoring namespace in path matching algo
* variables.new initialized
* Hacky but savey
* Variable wildcard route and multiple creatable at a time
* multiple KVs per variable
* PR Prep cleanup and lintfix
* Delog
* Data mocking in mirage for variables
* Linting fixes
* Re-implement absent params
* Adapter and model tests
* Moves the path-as-id logic to a serializer instead of adapter
* Classic to serializer and lint cleanup
* Pluralized save button (#13140)
* Autofocus modifier and better Add More button UX (#13145)
* Secure Variables: show/hide functionality when adding new values (#13137)
* Flight Icons added and show hide functionality
* PR cleanup
* Linting cleanup
* Position of icon moved to the right of input
* PR feedback addressed
* Delete button and stylistic changes to show hide
* Hmm, eslint doesnt like jsdoc-usage as only reason for import
* More closely match the button styles and delete test
* Simplified new.js model
* Secure Variables: /variables/*path/edit route and functionality (#13170)
* Variable edit page init
* Significant change to where we house model methods
* Lintfix
* Edit a variable tests
* Remove redundant tests
* Asserts expected
* Mirage factory updated to reflect model state
* Route init
* Bones of a mirage-mocked secure variables policy
* Functinoing policy for list vars
* Delog and transition on route
* Basic guard test
* Page guard tests for secure variables
* Cleanup and unit tests for variables ability
* Linter cleanup
* Set expectations for test assertions
* PR feedback addressed
* Read label changed to View per suggestion
* Allow running jobs from a namespace-limited token
* qpNamespace cleanup
* Looks like parse can deal with a * namespace
* A little diff cleanup
* Defensive destructuring
* Removing accidental friendly-fire on can-scale
* Testfix: Job run buttons from jobs index
* Testfix: activeRegion job adapter string
* Testfix: unit tests for job abilities correctly reflect the any-namespace rule
* Testfix: job editor test looks for requests with namespace applied on plan
* ui: add parameterized dispatch interface
This commit adds a new interface for dispatching parameteried jobs, if
the user has the right permissions. The UI can be accessed by viewing a
parameterized job and clicking on the "Dispatch Job" button located in
the "Job Launches" section.
* fix failing lint test
* clean up dispatch and remove meta
This commit cleans up a few things that had typos and
inconsistent naming. In line with this, the custom
`meta` view was removed in favor of using the
included `AttributesTable`.
* ui: encode dispatch job payload and start adding tests
* ui: remove unused test imports
* ui: redesign job dispatch form
* ui: initial acceptance tests for dispatch job
* ui: generate parameterized job children with correct id format
* ui: fix job dispatch breadcrumb link
* ui: refactor job dispatch component into glimmer component and add form validation
* ui: remove unused CSS class
* ui: align job dispatch button
* ui: handle namespace-specific requests on job dispatch
* ui: rename payloadMissing to payloadHasError
* ui: don't re-fetch job spec on dispatch job
* ui: keep overview tab selected on job dispatch page
* ui: fix task and task-group linting
* ui: URL encode job id on dispatch job tests
* ui: fix error when job meta is null
* ui: handle job dispatch from adapter
* ui: add more tests for dispatch job page
* ui: add "job dispatch" capability check
* ui: update job dispatch from code review
Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
This rethinks namespaces as a filter on list pages rather than a global setting.
The biggest net-new feature here is being able to select All (*) to list all jobs
or CSI volumes across namespaces.
Without this, visiting any job detail page on Nomad OSS would crash with
an error like this:
Error: Ember Data Request GET
/v1/recommendations?job=ping%F0%9F%A5%B3&namespace=default returned a
404 Payload (text/xml)
The problem was twofold.
1. The recommendation ability didn’t include anything about checking
whether the feature was present. This adds a request to
/v1/operator/license on application load to determine which features are
present and store them in the system service. The ability now looks for
'Dynamic Application Sizing' in that feature list.
2. Second, I didn’t check permissions at all in the job-fetching or job
detail templates.
Manual interventions:
• decorators on the same line for service and controller
injections and most computed property macros
• preserving import order when possible, both per-line
and intra-line
• moving new imports to the bottom
• removal of classic decorator for trivial cases
• conversion of init to constructor when appropriate
This builds on API changes in #6017 and #6021 to conditionally turn off the
“Run Job” button based on the current token’s capabilities, or the capabilities
of the anonymous policy if no token is present.
If you try to visit the job-run route directly, it redirects to the job list.