-
Notifications
You must be signed in to change notification settings - Fork 702
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use the new Repositories API in the UI #4764
Comments
I've been working these days on this thing, mostly ensuring that what we currently have is actually supported by the new API. Just writing down some thoughts during the (still ongoing) implementation: General
Flux
|
Wow! It looks nice 🎉 |
Nice - looking great Antonio!
We chatted about this last week: what is the validate function currently doing? If it is just ensuring that an http endpoint can be reached with certain credentials, we could have it as a generic function in the For 1-1 with the current api, I'd assume we'd want to add a validation endpoint per plugin, but not sure - what do you think?
I don't see a problem with that. Note: don't think we should conflate the presence of auth with private/public .
That's because it's not something that makes sense generally (eg. what would this mean for a Carvel repository? I'm not sure we can tell the carvel controller to resync, it may not even makes sense because the carvel repo version is meant to be frozen?). If we add this for the helm repository, it'll be an extra RPC added to the helm implementation (ie. not in the core) and any other plugin that supports it, but not sure we need to do that initially. WDYT?
Confused as to which context you think is missing this? For eg, the |
As of today, I've left the existing old endpoint + only invoking it if the plugin is
Great, I'll do in a folloup PR then. Adding it to this task's items.
Mmm, fair point. I agree, this is not a required feature right now (in fact, I've disabled the resync buttons in the initial implementation I did. However, I still see this is something useful somehow. Let's suppose I have created a repo with a sync interval of 1 day. However, someone says a new package is available and I want to try it out asap. Inituitively, I'd look for a "sync" button to kind-of-override the 1-day interval and just trigger a re-fetch in this very moment that I need it.
No, I meant that, currently, our packages API (like |
I have some questions before going further on #4817: Currently, the UI we have (and, we still want to maintain for the sake of this very first PR/version/phase) is like:
In order to create the secret, it is the UI that handles the secret creation (see the "submit" button below) I'm now trying to figure out the mapping between our current UX and the API fields. I've sketched up a mapping (sorry for the handwriting haha): Let me explain it a little bit:
In that scenario, I guess we are just supporting the |
Great job Antonio!
Only advantage I see to having a separate data structure for u/p is that we will be able to show REDACTED only on the password and not the name. If we have u/p in the header, the whole header value will show REDACTED I guess. Leaving the UI user without knowing which user is being used for authentication. (I promise I will try to avoid the word "user" further in this comment when possible 😄 ). However, I'm fine with showing the whole header REDACTED.
The UI will not create the secret with Package repository API, it will be the backend. Here is where the UI could have some toggle for selecting whether if Kubeapps will manage secrets or not. See here.
At least for Helm we do not support it AFAIK
If user selects Docker registry credentials secret, that would go under IMHO in order to make the UI more useful and given that we are restricted to set the "kubeapps manages secrets" flag per installation by now, I would offer the "kubeapps manages secrets" mode by now. This is, no secrets picking from UI. In this way, the whole thing can be done from UI. WDYT? |
EDIT: I've just noticed the Helm plugin is really enforcing it (
Ah, ok. Yep, I meant the Secret is being created by the resources api, but triggered by the UI. As opposed to the repos API creating it.
Great, thx.
Yep, you're totally right. Thanks for pointing it out!
+1 to this idea, but not right now. My ongoing PR has several changes and I'd prefer not to add any more disruptive changes here but in a follow-up PR. I mean, getting rid of the secret selector will have an inpact on the test suites :S I'm going to polish up my PR and extract any pending TODO from it soon. |
Thanks for the comments. Just a remark:
With the new API, secrets are created inside the add/update repository operation (when "kubeapps manages secrets" mode). Not created by a previous API invocation to the resources API. |
I don't think it will be possible to maintain the existing UI when switching to the new API. Because we already wanted to simplify the UX for app repositories, the API has been designed not to necessarily support an existing UX, but rather, to support.a simplified data exchange (kubeapps-controlled secrets etc.) |
Ok, so perhaps a good approach is to leave the current PR as-is (current UI, falling tests) and, on top of it, start stacking the rest of the follow-up PRs removing the current logic for handling secrets manually and start fixing the test cases in this new "simplified" UI. |
FTR (from #4361 (comment)):
|
I have extracted some of the longer-term items into a separate issue: #5121 |
As the new API for managing Packages Repositories is becoming more stable, the current UI needs to be properly adapted in consequence.
Currently, we can test it with the Flux plugin, but there is ongoing work on both the Helm (#4662) and Carvel (#4681) plugins.
IMO, the new design should be carried out in multiple stages:
AppRepoForm
#4939accessLevel
(= type of auth) to the PackageRepositorySummary API + use it in the UIIPackageRepositoryState
and its actions.RepositoryCustomDetails
toHelmRepositoryCustomDetails
orRepositoryHelmCustomDetails
. Idem with Carvel.RepositoryCustomDetails
to something more specific #5016url.apprepositories.get
once we don't need it anymore. It also means we will be able to remove the endpoints from kubeops!The text was updated successfully, but these errors were encountered: