Add database and Windows access sections to the role editor #47992
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -63,6 +63,8 @@ import { | |
| kubernetesVerbOptions, | ||
| KubernetesResourceModel, | ||
| AppAccessSpec, | ||
| DatabaseAccessSpec, | ||
| WindowsDesktopAccessSpec, | ||
| } from './standardmodel'; | ||
| import { EditorSaveCancelButton } from './Shared'; | ||
| import { RequiresResetToStandard } from './RequiresResetToStandard'; | ||
|
|
@@ -359,7 +361,13 @@ const Section = ({ | |
| /** | ||
| * All access spec kinds, in order of appearance in the resource kind dropdown. | ||
| */ | ||
| const allAccessSpecKinds: AccessSpecKind[] = [ | ||
| 'kube_cluster', | ||
| 'node', | ||
| 'app', | ||
| 'db', | ||
| 'windows_desktop', | ||
| ]; | ||
|
|
||
| /** Maps access specification kind to UI component configuration. */ | ||
| const specSections: Record< | ||
|
|
@@ -385,6 +393,16 @@ const specSections: Record< | |
| tooltip: 'Configures access to applications', | ||
| component: AppAccessSpecSection, | ||
| }, | ||
| db: { | ||
| title: 'Databases', | ||
| tooltip: 'Configures access to databases', | ||
| component: DatabaseAccessSpecSection, | ||
| }, | ||
| windows_desktop: { | ||
| title: 'Windows Desktops', | ||
| tooltip: 'Configures access to Windows desktops', | ||
| component: WindowsDesktopAccessSpecSection, | ||
| }, | ||
| }; | ||
|
|
||
| /** | ||
|
|
@@ -436,6 +454,7 @@ export function ServerAccessSpecSection({ | |
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
| openMenuOnClick={false} | ||
| value={value.logins} | ||
| onChange={logins => onChange?.({ ...value, logins })} | ||
| mt={3} | ||
|
|
@@ -460,6 +479,7 @@ export function KubernetesAccessSpecSection({ | |
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
| openMenuOnClick={false} | ||
| value={value.groups} | ||
| onChange={groups => onChange?.({ ...value, groups })} | ||
| /> | ||
|
|
@@ -636,6 +656,111 @@ export function AppAccessSpecSection({ | |
| ); | ||
| } | ||
|
|
||
| export function DatabaseAccessSpecSection({ | ||
| value, | ||
| isProcessing, | ||
| onChange, | ||
| }: SectionProps<DatabaseAccessSpec>) { | ||
| return ( | ||
| <> | ||
| <Box mb={3}> | ||
| <Text typography="body3" mb={1}> | ||
| Labels | ||
| </Text> | ||
| <LabelsInput | ||
| disableBtns={isProcessing} | ||
| labels={value.labels} | ||
| setLabels={labels => onChange?.({ ...value, labels })} | ||
| /> | ||
| </Box> | ||
| <FieldSelectCreatable | ||
|
There was a problem hiding this comment. Is any of these three fields ever supposed to show suggestions? When I click on the input and it says "No options", it feels like something is broken. If we never intend to show suggestions here, perhaps we could not show that "No options" message? 
There was a problem hiding this comment. That's a good point. I'll disable these, just as we disable them in the user invitation dialog. There was a problem hiding this comment. @ravicious Well, I thought it's an one-liner, but no. The existing UI that does it better way actually reimplements a part of the internal React Select logic; basically takes over the responsibility of creating items. Since this is not a reusable component, I'd rather first discuss what we would like the interaction to look with the UX team and then apply it consistently to other places (yes, we do the same thing in other places). There was a problem hiding this comment. Plot twist! I found out about |
||
| isMulti | ||
| label="Database Names" | ||
| toolTipContent={ | ||
| <> | ||
| List of database names that this role is allowed to connect to. | ||
|
There was a problem hiding this comment. For some reason the dot at the end of this line is not visible in the tooltip for me. There was a problem hiding this comment. Oops, that's a copy&paste blunder. Thanks for spotting. :) |
||
| Special value <MarkInverse>*</MarkInverse> means any name. | ||
| </> | ||
| } | ||
| isDisabled={isProcessing} | ||
| formatCreateLabel={label => `Database Name: ${label}`} | ||
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
| openMenuOnClick={false} | ||
| value={value.names} | ||
| onChange={names => onChange?.({ ...value, names })} | ||
| /> | ||
| <FieldSelectCreatable | ||
| isMulti | ||
| label="Database Users" | ||
| toolTipContent={ | ||
| <> | ||
| List of database users that this role is allowed to connect as. | ||
| Special value <MarkInverse>*</MarkInverse> means any user. | ||
| </> | ||
| } | ||
| isDisabled={isProcessing} | ||
| formatCreateLabel={label => `Database User: ${label}`} | ||
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
| openMenuOnClick={false} | ||
| value={value.users} | ||
| onChange={users => onChange?.({ ...value, users })} | ||
| /> | ||
| <FieldSelectCreatable | ||
| isMulti | ||
| label="Database Roles" | ||
| toolTipContent="If automatic user provisioning is available, this is the list of database roles that will be assigned to the database user after it's created" | ||
| isDisabled={isProcessing} | ||
| formatCreateLabel={label => `Database Role: ${label}`} | ||
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
|
Comment on lines
+718
to
+720
|
||
| openMenuOnClick={false} | ||
| value={value.roles} | ||
| onChange={roles => onChange?.({ ...value, roles })} | ||
| mb={0} | ||
| /> | ||
| </> | ||
| ); | ||
| } | ||
|
|
||
| export function WindowsDesktopAccessSpecSection({ | ||
| value, | ||
| isProcessing, | ||
| onChange, | ||
| }: SectionProps<WindowsDesktopAccessSpec>) { | ||
| return ( | ||
| <> | ||
| <Box mb={3}> | ||
| <Text typography="body3" mb={1}> | ||
| Labels | ||
| </Text> | ||
| <LabelsInput | ||
| disableBtns={isProcessing} | ||
| labels={value.labels} | ||
| setLabels={labels => onChange?.({ ...value, labels })} | ||
| /> | ||
| </Box> | ||
| <FieldSelectCreatable | ||
| isMulti | ||
| label="Logins" | ||
| toolTipContent="List of desktop logins that this role is allowed to use" | ||
| isDisabled={isProcessing} | ||
| formatCreateLabel={label => `Login: ${label}`} | ||
| components={{ | ||
| DropdownIndicator: null, | ||
| }} | ||
| openMenuOnClick={false} | ||
| value={value.logins} | ||
| onChange={logins => onChange?.({ ...value, logins })} | ||
| /> | ||
| </> | ||
| ); | ||
| } | ||
|
|
||
| export const EditorWrapper = styled(Box)<{ mute?: boolean }>` | ||
| opacity: ${p => (p.mute ? 0.4 : 1)}; | ||
| pointer-events: ${p => (p.mute ? 'none' : '')}; | ||
|
|
||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a blocker for the initial release, but long-term I think the role editor should guide you wrt the wildcard value and somehow tell you which fields accept it as a value. It's important part of label matching and the current UI doesn't focus on that.
I know there are also some fields where you can use wildcard as a pattern-matching tool (e.g.,
dev-*), but idk off the top of my head which fields support that.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, definitely. The UX team didn't give us any directions here, but I'll have to discuss it with them. In one of my previous PRs, I added an explanation of the wildcard to the help test in the Kubernetes resource view; I'll look into whether these fields also support wildcards and document it if I find anything.