UI: Display an error message and disable salt actions when salt is unavailable

[JBWatenbergScality]

Component:

ui

Why this is needed:

When salt API is unavailable we currently logout the user and redirect to login screen losing access to any monitoring information.

What should be done:

We should redirect the user to login screen only if salt API answers back with a 401 status code and in other cases the user should be logged in the ui and the UI should prompt a message disclaiming salt API unavailability and disabling Slat related actions (deploying nodes, environments, ...)

Implementation proposal (strongly recommended):

In ui/src/ducks/login.js authenticateSaltApi handle the cases when result.error.response.status :
1. equals 401 : LogOut the user
2. equals 403 : ensure salt actions are disabled (it might be done through permissions checks in groups claim)
3. other : toast an error notification and disable salt actions

Test plan:

Add an integration test mocking Salt failure and check the behavior of the UI

[gdemonet]

Two comments:

• Be careful with SaltAPI status codes, and responses in general, it's really poorly built - I don't think it ever returns 403 on /login, but instead it will give you empty permissions... Here's how it looks like if I use an example ServiceAccount token with no permissions (outside system:authenticated):

# curl -k https://10.200.3.230:4507/login -XPOST -H "Content-Type: application/json" -d @.salt-auth
{"return": [{"token": "3cc6b3762f4c5591ea5156779bab4b8c047b8220", "expire": 1613509473.1406555, "start": 1613466273.140655, "user": "system:serviceaccount:default:test-no-perm", "eauth": "kubernetes_rbac", "perms": {}}]}

• You're mentioning the groups claim, though remember that we don't have groups for Dex local users, and the "high-level roles to map as a groups claim" are not part of MetalK8s