[#599] Security config update

Author: karesti

cypress/e2e/6_cache-expiration-config-edition.cy.js

@@ -53,6 +53,7 @@ describe('Cache Expiration', () => {
       cy.get('[data-cy=toggle-maxidleUnitSelector]').click();
       cy.get('[data-cy=maxidleUnitSelector-option-minutes]').click();
       cy.get('[data-cy=saveConfigButton-expiration]').click();
+      cy.get('[data-cy=saveConfigButton-expiration]').click();
       cy.contains(`Updated ${cacheName} cache: expiration.lifespan configured successfully`);
       cy.contains(`Updated ${cacheName} cache: expiration.max-idle configured successfully`);
       cy.get('[data-cy=backButton-expiration]').click();

cypress/e2e/6_cache-indexed-config-edition.cy.js

@@ -3,7 +3,7 @@ import { CONF_MUTABLE_INDEXING_INDEXED_ENTITIES } from '../../src/services/cache
 describe('Indexed Cache Update', () => {
   before(() => {
     cy.cleanupTest(Cypress.env('username'), Cypress.env('password'),
-      `/caches/indexed-cache?action=set-mutable-attribute&attribute-name=${CONF_MUTABLE_INDEXING_INDEXED_ENTITIES}&attribute-value=['org.infinispan.Person']`,
+      `/caches/indexed-cache?action=set-mutable-attribute&attribute-name=${CONF_MUTABLE_INDEXING_INDEXED_ENTITIES}&attribute-value='org.infinispan.Person'`,
       'POST');
   });
 

cypress/e2e/6_cache-secured-config-edition.cy.js

@@ -0,0 +1,39 @@
+import {
+  CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES
+} from '../../src/services/cacheConfigUtils';
+
+describe('RBAC Cache Update', () => {
+  before(() => {
+    cy.cleanupTest(Cypress.env('username'), Cypress.env('password'),
+      `/caches/a-rbac-test-cache?action=set-mutable-attribute&attribute-name=${CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES}&attribute-value=observer admin monitor`,
+      'POST');
+  });
+
+  it('successfully displays and updates roles', () => {
+    cy.login(Cypress.env('username'), Cypress.env('password'), '/cache/a-rbac-test-cache');
+    cy.get('[data-cy=cacheConfigurationTab]').click();
+    cy.contains("observer").should('exist');
+    cy.contains("admin").should('exist');
+    cy.contains("monitor").should('exist');
+    cy.contains("deployer").should('not.exist');
+    cy.get('[data-cy=detailCacheActions]').click();
+    cy.get('[data-cy=manageConfigEditionLink]').click();
+    cy.get('[data-cy=nav-item-Security]').click();
+    cy.contains("Security settings");
+    cy.get('[data-cy=menu-toogle-rolesSelector]').click().type('deployer').type('{enter}');
+    cy.get('[data-cy=menu-toogle-rolesSelector]').click()
+    cy.get('[data-cy=saveConfigButton-security]').click();
+    cy.get('[data-cy=backButton-security]').click();
+    cy.contains('Updated a-rbac-test-cache cache: security.authorization.roles configured successfully');
+    cy.get('[data-cy=cacheConfigurationTab]').click();
+    cy.contains("observer").should('exist');
+    cy.contains("admin").should('exist');
+    cy.contains("monitor").should('exist');
+    cy.contains("deployer").should('exist');
+  });
+
+  it('tab is invisible for not indexed caches', () => {
+    cy.login(Cypress.env('username'), Cypress.env('password'), '/cache/default');
+    cy.get('[data-cy=nav-item-Indexed]').should('not.exist');
+  });
+});

src/app/Caches/Configuration/EditConfiguration.tsx

@@ -11,6 +11,7 @@ import { useCacheDetail } from '@app/services/cachesHook';
 import { TableErrorState } from '@app/Common/TableErrorState';
 import { TableLoadingState } from '@app/Common/TableLoadingState';
 import { IndexedConfigEdition } from '@app/Caches/Configuration/Features/IndexedConfigEdition';
+import { SecurityConfigEdition } from '@app/Caches/Configuration/Features/SecurityConfigEdition';
 
 interface EditConfigTab {
   key: string;
@@ -40,6 +41,9 @@ const EditConfiguration = () => {
     if (cache.features?.indexed) {
       cacheConfigTabs.push({ name: t('caches.edit-configuration.tab-indexed'), key: 'indexed', eventKey: 2 });
     }
+    if (cache.features?.secured) {
+      cacheConfigTabs.push({ name: t('caches.edit-configuration.tab-secured'), key: 'secured', eventKey: 3 });
+    }
     setTabs(cacheConfigTabs);
   }, [cache]);
 
@@ -78,6 +82,7 @@ const EditConfiguration = () => {
             {activeTabKey == 0 && <ExpirationConfigEdition />}
             {activeTabKey == 1 && <BoundedConfigEdition />}
             {activeTabKey == 2 && <IndexedConfigEdition />}
+            {activeTabKey == 3 && <SecurityConfigEdition />}
           </CardBody>
         </Card>
       </React.Fragment>

src/app/Caches/Configuration/Features/SecurityConfigEdition.tsx

@@ -0,0 +1,149 @@
+import { useTranslation } from 'react-i18next';
+import { useApiAlert } from '@utils/useApiAlert';
+import { useParams } from 'react-router-dom';
+import { useFetchEditableConfiguration } from '@app/services/configHook';
+import * as React from 'react';
+import { useEffect, useState } from 'react';
+import {
+  Alert,
+  Content,
+  Form,
+  FormGroup,
+  FormHelperText,
+  FormSection,
+  Grid,
+  GridItem,
+  HelperText,
+  HelperTextItem
+} from '@patternfly/react-core';
+import { ExclamationCircleIcon } from '@patternfly/react-icons';
+import { SelectMultiWithChips } from '@app/Common/SelectMultiWithChips';
+import { selectOptionPropsFromArray } from '@utils/selectOptionPropsCreator';
+import { TabsToolbar } from '@app/Caches/Configuration/Features/TabsToolbar';
+import { TableLoadingState } from '@app/Common/TableLoadingState';
+import { ConsoleServices } from '@services/ConsoleServices';
+import { CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES } from '@services/cacheConfigUtils';
+import { TableErrorState } from '@app/Common/TableErrorState';
+import { useFetchAvailableRolesNames } from '@app/services/rolesHook';
+
+const SecurityConfigEdition = () => {
+  const { t } = useTranslation();
+  const brandname = t('brandname.brandname');
+  const { addAlert } = useApiAlert();
+  const cacheName = useParams()['cacheName'] as string;
+  const { loadingConfig, errorConfig, editableConfig } = useFetchEditableConfiguration(cacheName);
+  const { availableRoleNames, loading: loadingRoles, error: rolesError } = useFetchAvailableRolesNames();
+  const [roles, setRoles] = useState<string[]>([]);
+  const [validEntity, setvalidEntity] = useState<'success' | 'error' | 'default'>('default');
+  const [updateConfigError, setUpdateConfigError] = useState<string>('');
+
+  const onSelectRoles = (selection) => {
+    if (roles.includes(selection)) setRoles(roles.filter((role) => role !== selection));
+    else setRoles([...roles, selection]);
+  };
+
+  useEffect(() => {
+    if (!loadingConfig && errorConfig.length == 0 && editableConfig) {
+      setActualValues();
+    }
+  }, [loadingConfig, errorConfig, editableConfig]);
+
+  const updateSecurity = () => {
+    if (roles.length == 0) {
+      setvalidEntity('error');
+      return;
+    }
+
+    setvalidEntity('success');
+
+    ConsoleServices.caches()
+      .setConfigAttribute(cacheName, CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES, roles.join(' '))
+      .then((actionResponse) => {
+        if (actionResponse.success) {
+          addAlert(actionResponse);
+        } else {
+          setUpdateConfigError(actionResponse.message);
+        }
+      });
+  };
+
+  const setActualValues = () => {
+    if (!editableConfig) {
+      return;
+    }
+    setRoles(editableConfig.securityAuthorizationRoles);
+  };
+
+  const displayError = () => {
+    if (updateConfigError.length == 0) {
+      return <></>;
+    }
+
+    return (
+      <GridItem span={12}>
+        <Alert
+          variant="danger"
+          isInline
+          title={t('caches.edit-configuration.security-config-error', { error: updateConfigError })}
+        />
+      </GridItem>
+    );
+  };
+
+  if (loadingRoles || loadingConfig) {
+    return <TableLoadingState message={t('common.loading')} />;
+  }
+
+  if (rolesError.length != 0) {
+    return <TableErrorState error={rolesError} />;
+  }
+
+  return (
+    <Form
+      isWidthLimited
+      onSubmit={(e) => {
+        e.preventDefault();
+      }}
+    >
+      <FormSection title={t('caches.edit-configuration.security-title')}>
+        <Grid hasGutter md={6}>
+          <GridItem span={12}>
+            <Content>
+              {t('caches.edit-configuration.security-description', {
+                brandname: brandname
+              })}
+            </Content>
+          </GridItem>
+        </Grid>
+
+        {displayError()}
+        <FormGroup
+          isRequired
+          label={t('caches.edit-configuration.security-authz-roles')}
+          fieldId="security-authz-roles"
+        >
+          <SelectMultiWithChips
+            id="rolesSelector"
+            placeholder={'Select an role'}
+            options={selectOptionPropsFromArray(availableRoleNames)}
+            onSelect={onSelectRoles}
+            onClear={() => setRoles([])}
+            selection={roles}
+          />
+
+          {validEntity === 'error' && (
+            <FormHelperText>
+              <HelperText>
+                <HelperTextItem variant={validEntity} icon={<ExclamationCircleIcon />}>
+                  {t('caches.edit-configuration.security-authz-roles-helper-invalid')}
+                </HelperTextItem>
+              </HelperText>
+            </FormHelperText>
+          )}
+        </FormGroup>
+        {<TabsToolbar id="security" saveAction={updateSecurity} />}
+      </FormSection>
+    </Form>
+  );
+};
+export { SecurityConfigEdition };

src/app/assets/languages/en.json

@@ -777,7 +777,13 @@
       "indexed-title": "Indexing settings",
       "index-storage-entity": "Entities to index",
       "index-storage-description": "Specify the fully qualified class names of the entities you want {{brandname}} to include when building the index.",
-      "index-storage-entity-helper-invalid": "You must add at least one entity."
+      "index-storage-entity-helper-invalid": "You must add at least one entity.",
+      "tab-secured": "Security",
+      "security-title": "Security settings",
+      "security-description": "Update roles in this cache and grant or deny access to {{brandname}} cache operations.",
+      "security-authz-roles": "Roles",
+      "security-authz-roles-helper-invalid": "You must add at least one role.",
+      "security-config-error": "Unable to upgrade roles in this cache: {{error}}"
     },
     "backups": {
       "title": "Backups management",

src/services/cacheConfigUtils.ts

@@ -19,6 +19,7 @@ export const CONF_MUTABLE_EXPIRATION_LIFESPAN = 'expiration.lifespan';
 export const CONF_MUTABLE_MEMORY_MAX_SIZE = 'memory.max-size';
 export const CONF_MUTABLE_MEMORY_MAX_COUNT = 'memory.max-count';
 export const CONF_MUTABLE_INDEXING_INDEXED_ENTITIES = 'indexing.indexed-entities';
+export const CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES = 'security.authorization.roles';
 
 /**
  * Utility class to map cache configuration

src/services/cacheService.ts

@@ -6,7 +6,8 @@ import {
   CONF_MUTABLE_EXPIRATION_MAXIDLE,
   CONF_MUTABLE_INDEXING_INDEXED_ENTITIES,
   CONF_MUTABLE_MEMORY_MAX_COUNT,
-  CONF_MUTABLE_MEMORY_MAX_SIZE
+  CONF_MUTABLE_MEMORY_MAX_SIZE,
+  CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES
 } from '@services/cacheConfigUtils';
 import { ContentTypeHeaderMapper } from '@services/contentTypeHeaderMapper';
 import { CacheRequestResponseMapper } from '@services/cacheRequestResponseMapper';
@@ -706,7 +707,8 @@ export class CacheService {
         lifespan: data[CONF_MUTABLE_EXPIRATION_LIFESPAN].value,
         memoryMaxSize: this.extractValueOrUndefined(CONF_MUTABLE_MEMORY_MAX_SIZE, data),
         memoryMaxCount: this.extractValueOrUndefined(CONF_MUTABLE_MEMORY_MAX_COUNT, data),
-        indexedEntities: this.extractValueOrEmpty(CONF_MUTABLE_INDEXING_INDEXED_ENTITIES, data)
+        indexedEntities: this.extractValueOrEmpty(CONF_MUTABLE_INDEXING_INDEXED_ENTITIES, data),
+        securityAuthorizationRoles: this.extractValueOrEmpty(CONF_MUTABLE_SECURITY_AUTHORIZATION_ROLES, data)
       };
     });
   }

src/types/InfinispanTypes.ts

@@ -562,4 +562,5 @@ interface EditableConfig {
   memoryMaxSize?: string;
   memoryMaxCount?: number;
   indexedEntities: string[];
+  securityAuthorizationRoles: string[];
 }