Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow wildcard for Evaluations API #13530

Merged
merged 5 commits into from
Jul 11, 2022
Merged

Allow wildcard for Evaluations API #13530

merged 5 commits into from
Jul 11, 2022

Conversation

philrenaud
Copy link
Contributor

@philrenaud philrenaud commented Jun 29, 2022
edited
Loading

UI:

  • Fixes an issue where the namespace=<namespace> query parameter was not being observed by the Evaluations route
  • Remove persistence of the passed namespace (from jobs, volumes, etc.) moved to Remove namespace cache #13679

API:

  • Adds a failing test that checks to try to get evals with a valid token on the * namespace
  • Fixes the API return to check for AllNamespacesSentinel before sending ErrPermissionDenied

@philrenaud philrenaud linked an issue Jun 29, 2022 that may be closed by this pull request
Evaluations UI Permissions Issue with Namespaces #13142
Closed
@philrenaud philrenaud changed the title Failing test and TODO for wildcard Allow wildcard for Evaluations API Jun 29, 2022
@github-actions
Copy link

github-actions bot commented Jun 29, 2022
edited
Loading

Ember Asset Size action

As of 75e70c0

Files that got Bigger 🚨:

File raw gzip
nomad-ui.js +65 B +26 B

Files that stayed the same size 🤷‍:

File raw gzip
vendor.js 0 B 0 B
nomad-ui.css 0 B 0 B
vendor.css 0 B 0 B

ChaiWithJai
ChaiWithJai suggested changes Jun 29, 2022
View reviewed changes
Copy link
Contributor

@ChaiWithJai ChaiWithJai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we need to make any edits client-side, I would suspect we'd need to check the formatting logic in generateFilterExpression. However, the tests assert on how user actions impact the request we're sending and the default request we send when we enter the view. I'd love to learn if we wrote those tests and the formatting logic incorrectly.

I highly recommend reading that filtering logic and the tests to see if we got something wrong. But, I believe @mikenomitch pointed the real issue out 12918 and we should ask @lgfa29 to prioritize this issue in the backlog.

Thankfully, @lgfa29 is also an expert web developer and can provide insights if I'm wrong here.

ui/app/controllers/evaluations/index.js
@@ -35,7 +35,7 @@ export default class EvaluationsController extends Controller {
'currentEval',
'pageSize',
'status',
'qpNamespace',
{ qpNamespace: 'namespace' },
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blocking: I don't think this resolves the issue. This sets the alias of the query parameter in the URL. But, this shouldn't impact formatting the request in the route.

image

If we need to make any edits, I would suspect we'd need to check the formatting logic in generateFilterExpression. However, the tests assert on how user actions impact the request we're sending and the default request we send when we enter the view. I'd love to learn if we wrote those tests and the formatting logic incorrectly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This impacts the initial query that our /evaluations route makes; it is making the (currently bugged, hopefully fixed by this PR) call to * under all circumstances currently.

That's overeager for what a user might be looking for, though, and inconsistent with how other routes that are namespace-aware (volumes, jobs, which only fetch according to your namespace on load) operate.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's your call to make. We can totally adopt that pattern, but that's an undocumented behavior we'd have to load into our mental models. We specifically designed this to set namespace to * when entering this view. I could see the mental baggage of keeping this type of knowledge in our heads with an Ember Routing API change.

It's good UX to have. So totally your call, I'll support whatever you decide. I'll update my review on this PR to approved and let you handle this how you think is best.

@lgfa29 lgfa29 mentioned this pull request Jul 4, 2022
Merged
lgfa29 added a commit that referenced this pull request Jul 4, 2022
@lgfa29
changelog: add entry for #13530
39f7c54
@lgfa29 lgfa29 added the backport/1.3.x backport to 1.3.x release line label Jul 4, 2022
@lgfa29 lgfa29 added this to the 1.3.2 milestone Jul 4, 2022
@github-actions
Copy link

github-actions bot commented Jul 4, 2022
edited
Loading

Ember Test Audit comparison

main 75e70c0 change
passes 1288 1288 0
failures 2 2 0
flaky 0 0 0
duration 000ms 000ms -000ms

@lgfa29
Copy link
Contributor

lgfa29 commented Jul 5, 2022

If we need to make any edits client-side, I would suspect we'd need to check the formatting logic in generateFilterExpression. However, the tests assert on how user actions impact the request we're sending and the default request we send when we enter the view. I'd love to learn if we wrote those tests and the formatting logic incorrectly.

I highly recommend reading that filtering logic and the tests to see if we got something wrong. But, I believe @mikenomitch pointed the real issue out 12918 and we should ask @lgfa29 to prioritize this issue in the backlog.

Thankfully, @lgfa29 is also an expert web developer and can provide insights if I'm wrong here.

#12918 could have contributed to this error if the UI requests a specific eval using * as the namespace, but I'm not sure if it does. If you still run into problems you can rebase onto #13551 or wait for it be merged and rebase main.

tgross
tgross approved these changes Jul 5, 2022
View reviewed changes
Copy link
Member

@tgross tgross left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I left some comments on the API bits in #13552 but nothing blocking.

@lgfa29
Copy link
Contributor

lgfa29 commented Jul 5, 2022

LGTM. I left some comments on the API bits in #13552 but nothing blocking.

I will port the changes from #13552 into here as well.

@lgfa29 lgfa29 mentioned this pull request Jul 6, 2022
Merged
lgfa29 added a commit that referenced this pull request Jul 6, 2022
@lgfa29
changelog: add entry for #13530
9f4095d
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 39f7c54 to 9f4095d Compare July 6, 2022 00:35
@lgfa29 lgfa29 changed the base branch from main to refactor-wildcard-ns-acl-check July 6, 2022 00:35
lgfa29 added a commit that referenced this pull request Jul 6, 2022
@lgfa29
changelog: add entry for #13530
81ab4d9
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 9f4095d to 81ab4d9 Compare July 6, 2022 00:36
lgfa29 added a commit that referenced this pull request Jul 6, 2022
@lgfa29
changelog: add entry for #13530
c5d251a
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 81ab4d9 to c5d251a Compare July 6, 2022 00:37
Base automatically changed from refactor-wildcard-ns-acl-check to main July 6, 2022 19:22
@lgfa29
eval: fix list when using ACLs and * namespace
1cd08f3 
Apply the same verification process as in job, allocs and scaling
policy list endpoints to handle the eval list when using an ACL token
with limited namespace support but querying using the `*` wildcard
namespace.
@lgfa29
changelog: add entry for #13530
fe3a7f6
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from c5d251a to fe3a7f6 Compare July 6, 2022 19:30
lgfa29 added a commit that referenced this pull request Jul 8, 2022
@lgfa29
changelog: add UI component to #13530
599df8c
lgfa29 added a commit that referenced this pull request Jul 8, 2022
@lgfa29
changelog: add UI component to #13530
45642bd
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 599df8c to 45642bd Compare July 8, 2022 01:23
@lgfa29
ui: set namespace when querying eval
75e70c0 
Evals have a unique UUID as ID, but when querying them the Nomad API
still expects a namespace query param, otherwise it assumes `default`.
@lgfa29 lgfa29 force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 45642bd to 75e70c0 Compare July 8, 2022 14:19
@tgross tgross mentioned this pull request Jul 9, 2022
Closed
@philrenaud philrenaud marked this pull request as ready for review July 11, 2022 13:35
@philrenaud philrenaud force-pushed the 13142-evaluations-ui-permissions-issue-with-namespaces branch from 7f8abfd to 75e70c0 Compare July 11, 2022 17:01
@lgfa29 lgfa29 merged commit a7bd071 into main Jul 11, 2022
@lgfa29 lgfa29 deleted the 13142-evaluations-ui-permissions-issue-with-namespaces branch July 11, 2022 20:42
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Jul 11, 2022
Merged
4 tasks
@philrenaud philrenaud mentioned this pull request Jul 12, 2022
Closed
lgfa29 added a commit that referenced this pull request Jul 13, 2022
@lgfa29
Backport #13530 to 1.2.x (#13552)
acc8689 
Apply the same verification process as in job, allocs and scaling
policy list endpoints to handle the eval list when using an ACL token
with limited namespace support but querying using the `*` wildcard
namespace.
@github-actions
Copy link

github-actions bot commented Nov 9, 2022

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 9, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lgfa29 lgfa29 lgfa29 approved these changes

@tgross tgross tgross approved these changes

@ChaiWithJai ChaiWithJai ChaiWithJai approved these changes

Assignees

@philrenaud philrenaud

@lgfa29 lgfa29

Labels
backport/1.3.x backport to 1.3.x release line
Projects
None yet
Milestone
1.3.2
Development

Successfully merging this pull request may close these issues.

Evaluations UI Permissions Issue with Namespaces
4 participants
@philrenaud @lgfa29 @tgross @ChaiWithJai