search

openshift / console

OpenShift Cluster Console UI
https://www.openshift.org
Apache License 2.0
401 stars 613 forks source link

CONSOLE-4268: add CSP violations to cluster dashboard #14475

Closed rhamilto closed 5 days ago

rhamilto commented 2 weeks ago

Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. Note https://github.com/openshift/console/pull/14374 includes a bug that needs to be addressed where not Loaded plugins do not appear in the Console plugins list.

Testing setup

To force a CSP violation in console-demo-plugin, add fetch('https://catfact.ninja/fact') to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1.

Demo

The alert in the Dynamic Plugins popover is the addition. (Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.)

https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9

openshift-ci-robot commented 2 weeks ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374 > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo > >https://github.com/user-attachments/assets/95032b2d-ce7f-4798-a84c-88edc0c27b05 > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 2 weeks ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374 > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 2 weeks ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374 > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
rhamilto commented 2 weeks ago

QE Approver: /assign @yapei Docs Approver: /assign @opayne1 PX Approver: /assign @reestr

openshift-ci-robot commented 2 weeks ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374 > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
rhamilto commented 2 weeks ago

/test frontend

vojtechszocs commented 2 weeks ago

/lgtm

LGTM on the last commit with actual changes for the plugin dashboard status.

jhadvig commented 1 week ago

@rhamilto is the WIP still valid ?

rhamilto commented 1 week ago

@rhamilto is the WIP still valid ?

Yes and no. It's WIP because it dependent on https://github.com/openshift/console/pull/14374 which has yet to merge, but the work to complete the story is done.

openshift-ci-robot commented 1 week ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 1 week ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. **Note** https://github.com/openshift/console/pull/14374 includes a bug that needs to be addressed where not Loaded plugins do not appear in the `Console plugins` list. > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
rhamilto commented 1 week ago

/test e2e-gcp-console

jhadvig commented 1 week ago

/lgtm

jhadvig commented 1 week ago

QE Approver: /assign @yapei Docs Approver: /assign @opayne1 PX Approver: /assign @reestr

Also worth to notice that this PR is cherry-picking CONSOLE-4264: Notify users of Console plugin related Content Security Policy violations and also contributing a fix for issue found by @yapei.

@opayne1 please review only commits contributed by @rhamilto, since @vojtechszocs was already reviewed by you. @yapei please test only functionality related to the CSP violations to cluster dashboard. Thank you 🙌

openshift-ci-robot commented 1 week ago

@rhamilto: No Jira issue is referenced in the title of this pull request. To reference a jira issue, add 'XYZ-NNN:' to the title of this pull request and request another refresh with /jira refresh.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. **Note** https://github.com/openshift/console/pull/14374 includes a bug that needs to be addressed where not Loaded plugins do not appear in the `Console plugins` list. > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
openshift-ci-robot commented 1 week ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. **Note** https://github.com/openshift/console/pull/14374 includes a bug that needs to be addressed where not Loaded plugins do not appear in the `Console plugins` list. > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
yapei commented 1 week ago

/label qe-approved

openshift-ci-robot commented 1 week ago

@rhamilto: This pull request references CONSOLE-4268 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to [this](https://github.com/openshift/console/pull/14475): >Includes changes from https://github.com/openshift/console/pull/14374, which should merge first. **Note** https://github.com/openshift/console/pull/14374 includes a bug that needs to be addressed where not Loaded plugins do not appear in the `Console plugins` list. > >### Testing setup > >To force a CSP violation in `console-demo-plugin`, add `fetch('https://catfact.ninja/fact')` to line 4 of https://github.com/openshift/console/blob/master/dynamic-demo-plugin/src/utils/example-navs.tsx, rebuild and restart the plugin, and visit http://localhost:9000/dynamic-route-1. > >### Demo >The alert in the Dynamic Plugins popover is the addition. >(Disregard the tooltip clipping at the end; that's the result of the recording being made with the browser's dev tools open.) > >https://github.com/user-attachments/assets/3a80069e-039c-4400-8d51-612026b18cf9 > > > > Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fconsole). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.
reestr commented 1 week ago

/label px-approved

jhadvig commented 1 week ago

/lgtm

openshift-ci-robot commented 1 week ago

/retest-required

Remaining retests: 0 against base HEAD 3b333aa62d9497bde010d7a2c18dd1773ec6744f and 2 for PR HEAD c90e2ce4e4c179bc91a7089a1b3dfbfa7c7c29e0 in total

rhamilto commented 6 days ago

@jhadvig, I had to rebase since https://github.com/openshift/console/pull/14487 merged first. Please retag.

rhamilto commented 6 days ago

/retest

rhamilto commented 6 days ago

/retest

jhadvig commented 5 days ago

/lgtm

openshift-ci[bot] commented 5 days ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jhadvig, rhamilto, vojtechszocs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[frontend/OWNERS](https://github.com/openshift/console/blob/master/frontend/OWNERS)~~ [jhadvig,rhamilto,vojtechszocs] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 5 days ago

/retest-required

Remaining retests: 0 against base HEAD 048685c4294266175f651a03ae1df1e545d73938 and 2 for PR HEAD d8871155b4913a7c684c5afa9a732bed0bb1e34c in total

openshift-ci[bot] commented 5 days ago

@rhamilto: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-bot commented 5 days ago

[ART PR BUILD NOTIFIER]

Distgit: openshift-enterprise-console This PR has been included in build openshift-enterprise-console-container-v4.19.0-202411170238.p0.gf3e86e5.assembly.stream.el9. All builds following this will include this PR.