Merge branch 'main' into track-released-oss

api/query/query.proto

@@ -46,6 +46,13 @@ service Query {
             get: "/v1/debug/access-rules"
         };
     }
+
+    rpc ListEnabledComponents(ListEnabledComponentsRequest)
+        returns (ListEnabledComponentsResponse) {
+        option (google.api.http) = {
+            get: "/v1/enabled-components"
+        };
+    }
 }
 
 message QueryRequest {
@@ -111,3 +118,21 @@ message Facet {
     string field = 1;
     repeated string values = 2;
 }
+
+// EnabledComponent represents a component of the UI that can be enabled or disabled
+enum EnabledComponent {
+    unknown      = 0;
+    applications = 1;
+    sources      = 2;
+    gitopssets   = 3;
+    templates    = 4;
+}
+
+message ListEnabledComponentsRequest {
+
+}
+
+message ListEnabledComponentsResponse {
+    repeated EnabledComponent components = 1;
+}
+

api/query/query.swagger.json

@@ -39,6 +39,28 @@
         ]
       }
     },
+    "/v1/enabled-components": {
+      "get": {
+        "operationId": "Query_ListEnabledComponents",
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1ListEnabledComponentsResponse"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/rpcStatus"
+            }
+          }
+        },
+        "tags": [
+          "Query"
+        ]
+      }
+    },
     "/v1/facets": {
       "get": {
         "operationId": "Query_ListFacets",
@@ -168,6 +190,17 @@
         }
       }
     },
+    "v1EnabledComponent": {
+      "type": "string",
+      "enum": [
+        "unknown",
+        "applications",
+        "sources",
+        "gitopssets",
+        "templates"
+      ],
+      "default": "unknown"
+    },
     "v1Facet": {
       "type": "object",
       "properties": {
@@ -182,6 +215,17 @@
         }
       }
     },
+    "v1ListEnabledComponentsResponse": {
+      "type": "object",
+      "properties": {
+        "components": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/v1EnabledComponent"
+          }
+        }
+      }
+    },
     "v1ListFacetsResponse": {
       "type": "object",
       "properties": {

charts/mccp/templates/clusters-service/collector.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
 ---
 apiVersion: v1
 kind: ServiceAccount

charts/mccp/templates/clusters-service/configmap.yaml

@@ -58,3 +58,4 @@ data:
   MONITORING_BIND_ADDRESS: ":{{ .Values.monitoring.service.port }}"
   MONITORING_METRICS_ENABLED: {{ .Values.monitoring.metrics.enabled | quote }}
   MONITORING_PROFILING_ENABLED: {{ .Values.monitoring.profiling.enabled | quote }}
+  EXPLORER_ENABLED_FOR: {{ .Values.explorer.enabledFor | join "," | quote }}

charts/mccp/templates/clusters-service/deployment.yaml

@@ -89,22 +89,22 @@ spec:
             - name: WEAVE_GITOPS_FEATURE_PIPELINES
               value: "true"
             {{- end }}
-            {{- if .Values.enableExplorer }}
+            {{- if .Values.explorer.enabled }}
             - name: WEAVE_GITOPS_FEATURE_EXPLORER
               value: "true"
             {{- end }}
             {{- if .Values.enableTerraformUI }}
             - name: WEAVE_GITOPS_FEATURE_TERRAFORM_UI
               value: "true"
             {{- end }}
-            {{- if .Values.useQueryServiceBackend }}
-            - name: WEAVE_GITOPS_FEATURE_QUERY_SERVICE_BACKEND
-              value: "true"
-            {{- end }}
             {{- if .Values.enableRunUI }}
             - name: WEAVE_GITOPS_FEATURE_RUN_UI
               value: "true"
             {{- end }}
+            {{- if .Values.enableNewPipelines }}
+            - name: WEAVE_GITOPS_FEATURE_NEW_PIPELINES
+              value: "true"
+            {{- end }}
             {{- if .Values.envVars }}
             {{- with .Values.envVars }}
               {{- toYaml . | nindent 12 }}

charts/mccp/templates/clusters-service/impersonator.yaml

@@ -6,7 +6,7 @@ rules:
   - apiGroups: [""]
     resources: ["users", "groups"]
     verbs: ["impersonate"]
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
   - apiGroups: [ "" ]
     resources: [ "serviceaccounts" ]
     verbs: [ "impersonate" ]

charts/mccp/templates/rbac/gitopscluster_reader_role.yaml

@@ -7,7 +7,7 @@ rules:
     resources: ["gitopsclusters"]
     verbs: ["get", "watch", "list"]
 
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
     verbs: ["get", "watch", "list"]

charts/mccp/values.yaml

@@ -34,6 +34,9 @@ enableTerraformUI: false
 # Turns on UI elements for GitOps Run
 enableRunUI: false
 
+# When set to true, this turns on the new Pipelines UI. This includes deploying the new API and controller.
+enableNewPipelines: false
+
 config:
   logLevel: info
   cluster:
@@ -211,16 +214,18 @@ cluster-controller:
         tag: v1.5.2
 
 #### Explorer
-# Turns on explorer to true
-enableExplorer: false
-# Uses the query service for Applications and Sources views
-useQueryServiceBackend: false
-
 explorer:
+  enabled: false
   collector:
     # ServiceAccount that explorer will use to watch clusters for resources
     serviceAccount:
       name: "collector"
       namespace: "flux-system"
   cleaner:
     disabled: false
+  enabledFor:
+    - applications
+    - sources
+    - gitopssets
+    - templates
+

cmd/clusters-service/app/options.go

@@ -60,6 +60,7 @@ type Options struct {
 	CollectorServiceAccount   collector.ImpersonateServiceAccount
 	MonitoringOptions         monitoring.Options
 	EnableObjectCleaner       bool
+	ExplorerEnabledFor        []string
 }
 
 type Option func(*Options)
@@ -290,3 +291,10 @@ func WithObjectCleaner(enabled bool) Option {
 		o.EnableObjectCleaner = enabled
 	}
 }
+
+// ExplorerEnabledFor turns on and off the explorer for different parts of the UI
+func WithExplorerEnabledFor(enabledFor []string) Option {
+	return func(o *Options) {
+		o.ExplorerEnabledFor = append(o.ExplorerEnabledFor, enabledFor...)
+	}
+}

cmd/clusters-service/app/server.go

@@ -166,6 +166,7 @@ type Params struct {
 	ProfilingEnabled                  bool                      `mapstructure:"monitoring-profiling-enabled"`
 	EnableObjectCleaner               bool                      `mapstructure:"enable-object-cleaner"`
 	NoAuthUser                        string                    `mapstructure:"insecure-no-authentication-user"`
+	ExplorerEnabledFor                []string                  `mapstructure:"explorer-enabled-for"`
 }
 
 type OIDCAuthenticationOptions struct {
@@ -268,6 +269,7 @@ func NewAPIServerCommand() *cobra.Command {
 	cmdFlags.String("collector-serviceaccount-name", "", "name of the serviceaccount that collector impersonates to watch leaf clusters.")
 	cmdFlags.String("collector-serviceaccount-namespace", "", "namespace of the serviceaccount that collector impersonates to watch leaf clusters.")
 	cmdFlags.Bool("explorer-cleaner-disabled", false, "Enables the Explorer object cleaner that manages retaining objects")
+	cmdFlags.StringSlice("explorer-enabled-for", []string{}, "List of components that the Explorer is enabled for")
 
 	// Monitoring
 	cmdFlags.Bool("monitoring-enabled", false, "creates monitoring server")
@@ -578,6 +580,7 @@ func StartServer(ctx context.Context, p Params, logOptions flux_logger.Options)
 		WithCollectorServiceAccount(p.CollectorServiceAccountName, p.CollectorServiceAccountNamespace),
 		WithMonitoring(p.MonitoringEnabled, p.MonitoringBindAddress, p.MetricsEnabled, p.ProfilingEnabled, log),
 		WithObjectCleaner(p.EnableObjectCleaner),
+		WithExplorerEnabledFor(p.ExplorerEnabledFor),
 	)
 }
 
@@ -698,6 +701,7 @@ func RunInProcessGateway(ctx context.Context, addr string, setters ...Option) er
 			ObjectKinds:         configuration.SupportedObjectKinds,
 			ServiceAccount:      args.CollectorServiceAccount,
 			EnableObjectCleaner: args.EnableObjectCleaner,
+			EnabledFor:          args.ExplorerEnabledFor,
 		})
 		if err != nil {
 			return fmt.Errorf("hydrating query server: %w", err)

hack/azure-marketplace/mccp/templates/clusters-service/collector.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
 ---
 apiVersion: v1
 kind: ServiceAccount

hack/azure-marketplace/mccp/templates/clusters-service/deployment.yaml

@@ -92,7 +92,7 @@ spec:
             - name: WEAVE_GITOPS_FEATURE_PIPELINES
               value: "true"
             {{- end }}
-            {{- if .Values.enableExplorer }}
+            {{- if .Values.explorer.enabled }}
             - name: WEAVE_GITOPS_FEATURE_EXPLORER
               value: "true"
             {{- end }}

hack/azure-marketplace/mccp/templates/clusters-service/impersonator.yaml

@@ -6,7 +6,7 @@ rules:
   - apiGroups: [""]
     resources: ["users", "groups"]
     verbs: ["impersonate"]
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
   - apiGroups: [ "" ]
     resources: [ "serviceaccounts" ]
     verbs: [ "impersonate" ]

hack/azure-marketplace/mccp/templates/rbac/gitopscluster_reader_role.yaml

@@ -7,7 +7,7 @@ rules:
     resources: ["gitopsclusters"]
     verbs: ["get", "watch", "list"]
 
-{{- if .Values.enableExplorer }}
+{{- if .Values.explorer.enabled }}
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
     verbs: ["get", "watch", "list"]

hack/azure-marketplace/mccp/values.yaml

@@ -55,7 +55,6 @@ config:
       content: ''
       hideVersion: false
     logoURL: ''
-enableExplorer: false
 enablePipelines: true
 enableRunUI: false
 enableTerraformUI: false
@@ -67,6 +66,7 @@ envVars:
 - name: WEAVE_GITOPS_USERS_CLIENTS_TTL
   value: 30s
 explorer:
+  enabled: false
   cleaner:
     disabled: false
   collector: