Deploy: DeployWizard: Surface Gatekeeper/admission webhook errors during deploy

[gambtho]

Summary

• Add server-side dry-run validation (POST ?dryRun=All) before applying resources, catching admission webhook errors (e.g. Gatekeeper Deployment Safeguards) that Headlamp's apply() silently swallows via its 403 retry logic
• Track per-resource success/failure during apply, showing users which resources succeeded and which failed with their error messages
• Update error display to support multi-line messages with pre-wrap formatting

Fixes #262

Type of Change

• Bug fix (non-breaking change which fixes an issue)

Changes Made

• dryRunApply.ts (new) — Utility that sends POST ?dryRun=All via clusterRequest to trigger server-side validation including admission webhooks without persisting resources. Includes Kind-to-plural resource name mapping and API path construction for core (/api/v1) and extended (/apis/<group>/<version>) API groups, with cluster-scoped resource handling.
• DeployWizard.tsx — handleDeploy now runs in two phases: (1) dry-run all resources first, collecting any validation errors and stopping if any fail; (2) apply with per-resource try-catch, reporting partial success/failure counts.
• Deploy.tsx — Error message box uses <Typography component="pre"> with whiteSpace: 'pre-wrap' to render multi-line Gatekeeper errors and per-resource error lists.
• dryRunApply.test.ts (new) — 10 unit tests for getResourcePlural, buildApiPath, and dryRunApply (success, 403/Gatekeeper error, cluster parameter).
• DeployWizard.test.tsx (new) — 4 integration tests: dry-run failure blocks apply, dry-run success proceeds, partial apply failure shows per-resource status, multiple dry-run errors displayed.

Testing

• Unit tests pass (npx vitest run src/components/DeployWizard/ — 14/14 passing)
• TypeScript type check passes
• ESLint passes
• Prettier formatting passes
• Plugin build passes
• Manual testing on AKS Automatic cluster with Deployment Safeguards

Test Cases

1. Deploy a manifest with image: nginx:latest to an AKS Automatic cluster with Deployment Safeguards — should show Gatekeeper denial message before any resources are created
2. Deploy a valid manifest — dry-run passes, resources applied successfully
3. Deploy multiple resources where one violates policy — dry-run catches it, no resources created, all errors shown
4. Deploy multiple valid resources where one fails during actual apply — shows partial success count and per-resource error

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my own code
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Performance Impact

• No performance impact (dry-run adds one lightweight API call per resource before apply)

[Copilot]

Pull request overview

Adds server-side dry-run validation to the AKS Desktop Deploy Wizard so admission webhook (e.g., Gatekeeper) failures are surfaced to users instead of being masked by Headlamp’s apply/retry behavior, and improves feedback for partial deploy failures.

Changes:

• Introduces dryRunApply() and runs it before apply() to surface admission webhook errors early.
• Tracks per-resource apply failures to report partial deployment results instead of failing silently.
• Improves deploy message rendering (preserves multiline formatting) and adds unit/UI tests for the new behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
plugins/aks-desktop/src/components/DeployWizard/utils/dryRunApply.ts	Adds a dry-run request helper that builds k8s API paths and POSTs with dryRun=All.
plugins/aks-desktop/src/components/DeployWizard/utils/dryRunApply.test.ts	Adds unit tests for path-building and dry-run request behavior.
plugins/aks-desktop/src/components/DeployWizard/components/Deploy.tsx	Renders deploy output as preformatted text to preserve multi-line errors.
plugins/aks-desktop/src/components/DeployWizard/DeployWizard.tsx	Adds dry-run validation phase + per-resource apply error aggregation/messages.
plugins/aks-desktop/src/components/DeployWizard/DeployWizard.test.tsx	Adds UI tests covering dry-run failures, successful deploys, and partial apply failures.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Copilot]

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[illume]

I'd like the other DeployWizard PR merged first

• #358

[gambtho]

I'd like the other DeployWizard PR merged first

• DeployWizard: extract hooks, pure components, tests/stories, fix a11y #358

agreed -- i'll rebase after that merges

[sniok]

lgtm

[Copilot]

Pull request overview

Copilot reviewed 25 out of 25 changed files in this pull request and generated 1 comment.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[illume]

🎉 thanks!

[Copilot]

Pull request overview

Copilot reviewed 25 out of 25 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[illume]

@gambtho
Maybe these extra copilot comments are worth considering?

[illume]

🎉 thanks!