feat: Update certificate

1. Remove certificate in administrator platform
2. Add prefix barbican to the policy
3. Allowed delete lb if provisioning_status is PENDING_UPDATE
4. Allowed change certificate when edit listener

Change-Id: I9c754b78fbd19645e11659d06ec6b9ee85ec9714

src/layouts/admin-menu.jsx

@@ -367,28 +367,6 @@ const renderMenu = (t) => {
             },
           ],
         },
-        {
-          path: '/network/certificate-admin',
-          name: t('Certificate Management'),
-          key: 'certificateAdmin',
-          level: 1,
-          children: [
-            {
-              path: /^\/network\/certificate-container-admin\/detail\/.[^/]+$/,
-              name: t('Certificate Detail'),
-              key: 'certificateContainerDetailAdmin',
-              level: 2,
-              routePath: '/network/certificate-container-admin/detail/:id',
-            },
-            {
-              path: /^\/network\/certificate-secret-admin\/detail\/.[^/]+$/,
-              name: t('Certificate Detail'),
-              key: 'certificateSecretDetailAdmin',
-              level: 2,
-              routePath: '/network/certificate-secret-admin/detail/:id',
-            },
-          ],
-        },
         {
           path: '/network/vpn-admin',
           name: t('VPN'),

src/pages/network/containers/Certificate/Certificate.jsx

@@ -35,11 +35,11 @@ export class Certificate extends Base {
   }
 
   get policy() {
-    return ['containers:get', 'secrets:get'];
+    return ['barbican:containers:get', 'barbican:secrets:get'];
   }
 
   get showDetail() {
-    return checkPolicyRule('secret:decrypt');
+    return checkPolicyRule('barbican:secret:decrypt');
   }
 
   get name() {
@@ -47,11 +47,6 @@ export class Certificate extends Base {
   }
 
   get actionConfigs() {
-    if (this.isAdminPage) {
-      return this.currentMode === 'SERVER'
-        ? actionConfigs.actionConfigsContainerAdmin
-        : actionConfigs.actionConfigsSecretAdmin;
-    }
     return this.currentMode === 'SERVER'
       ? actionConfigs.actionConfigsContainer
       : actionConfigs.actionConfigsSecret;

src/pages/network/containers/Certificate/Detail/Container/index.jsx

@@ -25,7 +25,7 @@ export class Detail extends Base {
   }
 
   get policy() {
-    return 'container:get';
+    return 'barbican:container:get';
   }
 
   get name() {
@@ -37,9 +37,6 @@ export class Detail extends Base {
   }
 
   get actionConfigs() {
-    if (this.isAdminPage) {
-      return actionConfigs.actionConfigsContainerAdmin;
-    }
     return actionConfigs.actionConfigsContainer;
   }
 

src/pages/network/containers/Certificate/Detail/Secret/index.jsx

@@ -25,7 +25,7 @@ export class Detail extends Base {
   }
 
   get policy() {
-    return 'secret:get';
+    return 'barbican:secret:get';
   }
 
   get name() {
@@ -37,14 +37,11 @@ export class Detail extends Base {
   }
 
   get actionConfigs() {
-    if (this.isAdminPage) {
-      return actionConfigs.actionConfigsSecretAdmin;
-    }
     return actionConfigs.actionConfigsSecret;
   }
 
   get detailInfos() {
-    return certificateColumns;
+    return certificateColumns.filter((it) => it.dataIndex !== 'algorithm');
   }
 
   get tabs() {

src/pages/network/containers/Certificate/actions/Create.jsx

@@ -29,7 +29,7 @@ export class CreateAction extends ModalAction {
 
   static title = t('Create Certificate');
 
-  static policy = ['secrets:post', 'containers:post'];
+  static policy = ['barbican:secrets:post', 'barbican:containers:post'];
 
   init() {
     this.store = globalContainersStore;

src/pages/network/containers/Certificate/actions/DeleteContainer.jsx

@@ -36,7 +36,7 @@ export default class DeleteAction extends ConfirmAction {
     return t('delete certificate');
   }
 
-  policy = ['secret:delete', 'container:delete'];
+  policy = ['barbican:secret:delete', 'barbican:container:delete'];
 
   allowedCheckFunc = () => true;
 

src/pages/network/containers/Certificate/actions/DeleteSecret.jsx

@@ -36,7 +36,7 @@ export default class DeleteAction extends ConfirmAction {
     return t('delete certificate');
   }
 
-  policy = 'secret:delete';
+  policy = 'barbican:secret:delete';
 
   allowedCheckFunc = () => true;
 

src/pages/network/containers/Certificate/actions/index.jsx

@@ -25,15 +25,6 @@ const actionConfigsContainer = {
   primaryActions: [CreateAction],
 };
 
-const actionConfigsContainerAdmin = {
-  rowActions: {
-    firstAction: DeleteContainerAction,
-    moreActions: [],
-  },
-  batchActions: [DeleteContainerAction],
-  primaryActions: [],
-};
-
 const actionConfigsSecret = {
   rowActions: {
     firstAction: DeleteSecretAction,
@@ -43,18 +34,7 @@ const actionConfigsSecret = {
   primaryActions: [CreateAction],
 };
 
-const actionConfigsSecretAdmin = {
-  rowActions: {
-    firstAction: DeleteSecretAction,
-    moreActions: [],
-  },
-  batchActions: [DeleteSecretAction],
-  primaryActions: [],
-};
-
 export default {
   actionConfigsContainer,
-  actionConfigsContainerAdmin,
   actionConfigsSecret,
-  actionConfigsSecretAdmin,
 };

src/pages/network/containers/LoadBalancers/Listener/Actions/CreateListener.jsx

@@ -55,12 +55,14 @@ export class Create extends ModalAction {
     this.fetchSecrets();
   }
 
-  fetchContainers() {
+  async fetchContainers() {
-    this.containersStore.fetchList();
+    await this.containersStore.fetchList();
+    this.updateDefaultValue();
   }
 
-  fetchSecrets() {
+  async fetchSecrets() {
-    this.secretsStore.fetchList({ mode: 'CA' });
+    await this.secretsStore.fetchList({ mode: 'CA' });
+    this.updateDefaultValue();
   }
 
   get ServerCertificate() {
@@ -77,6 +79,10 @@ export class Create extends ModalAction {
     );
   }
 
+  get isEdit() {
+    return false;
+  }
+
   get nameForStateUpdate() {
     return ['protocol', 'ssl_parsing_method', 'sni_enabled'];
   }
@@ -110,6 +116,7 @@ export class Create extends ModalAction {
         type: 'select',
         options: listenerProtocols,
         required: true,
+        disabled: this.isEdit,
       },
       {
         name: 'ssl_parsing_method',
@@ -184,6 +191,7 @@ export class Create extends ModalAction {
         label: t('Port'),
         type: 'input-number',
         required: true,
+        disabled: this.isEdit,
       },
       {
         name: 'connection_limit',

src/pages/network/containers/LoadBalancers/Listener/Actions/Edit.jsx

@@ -14,28 +14,16 @@
 
 import { inject, observer } from 'mobx-react';
 import globalListenerStore from 'stores/octavia/listener';
-import { ModalAction } from 'containers/Action';
 import globalLbaasStore from 'stores/octavia/loadbalancer';
+import { Create as Base } from './CreateListener';
 
-export class Edit extends ModalAction {
+export class Edit extends Base {
   static id = 'edit-listener';
 
   static title = t('Edit Listener');
 
   static buttonText = t('Edit');
 
-  init() {
-    this.store = globalListenerStore;
-  }
-
-  get defaultValue() {
-    const { item } = this.props;
-    return {
-      name: item.name,
-      description: item.description,
-    };
-  }
-
   static policy = 'os_load-balancer_api:listener:put';
 
   static allowed = async (item, containerProps) => {
@@ -49,28 +37,98 @@ export class Edit extends ModalAction {
     );
   };
 
+  get name() {
+    return t('Edit Listener');
+  }
+
+  get isEdit() {
+    return true;
+  }
+
+  get defaultValue() {
+    const { item } = this.props;
+    const values = {
+      name: item.name,
+      description: item.description,
+      protocol: item.protocol,
+      protocol_port: item.protocol_port,
+      connection_limit: item.connection_limit,
+    };
+    if (item.protocol === 'TERMINATED_HTTPS') {
+      if (item.default_tls_container_ref) {
+        const [, uuid] = item.default_tls_container_ref.split('/containers/');
+        values.default_tls_container_ref = {
+          selectedRowKeys: [uuid],
+          selectedRows: this.ServerCertificate.filter((it) => it.id === uuid),
+        };
+      }
+      if (item.client_ca_tls_container_ref) {
+        const [, uuid] = item.client_ca_tls_container_ref.split('/secrets/');
+        values.ssl_parsing_method = 'two-way';
+        values.client_ca_tls_container_ref = {
+          selectedRowKeys: [uuid],
+          selectedRows: this.CaCertificate.filter((it) => it.id === uuid),
+        };
+      } else {
+        values.ssl_parsing_method = 'one-way';
+      }
+      if (item.sni_container_refs && item.sni_container_refs.length) {
+        values.sni_enabled = true;
+        const selectedKeys = item.sni_container_refs.map((it) => {
+          const [, uuid] = it.split('/containers/');
+          return uuid;
+        });
+        values.sni_container_refs = {
+          selectedRowKeys: selectedKeys,
+          selectedRows: this.SNICertificate.filter((it) => {
+            return selectedKeys.includes(it.id);
+          }),
+        };
+      } else {
+        values.sni_enabled = false;
+      }
+    }
+    return values;
+  }
+
   onSubmit = (values) => {
     const { id } = this.item;
-    return globalListenerStore.edit({ id }, values);
+    const {
+      protocol,
+      protocol_port,
+      sni_enabled,
+      ssl_parsing_method,
+      default_tls_container_ref,
+      client_ca_tls_container_ref,
+      sni_container_refs,
+      ...rest
+    } = values;
+    const data = {
+      ...rest,
+    };
+    if (protocol === 'TERMINATED_HTTPS') {
+      if (default_tls_container_ref) {
+        data.default_tls_container_ref =
+          default_tls_container_ref.selectedRows[0].container_ref;
+      }
+      if (ssl_parsing_method === 'two-way' && client_ca_tls_container_ref) {
+        data.client_ca_tls_container_ref =
+          client_ca_tls_container_ref.selectedRows[0].secret_ref;
+        data.client_authentication = 'MANDATORY';
+      } else {
+        data.client_ca_tls_container_ref = null;
+        data.client_authentication = 'NONE';
+      }
+      if (sni_enabled && sni_container_refs) {
+        data.sni_container_refs = sni_container_refs.selectedRows.map(
+          (it) => it.container_ref
+        );
+      } else {
+        data.sni_container_refs = [];
+      }
+    }
+    return globalListenerStore.edit({ id }, data);
   };
-
-  get formItems() {
-    return [
-      {
-        name: 'name',
-        label: t('Name'),
-        type: 'input-name',
-        required: true,
-        placeholder: t('Please input name'),
-      },
-      {
-        name: 'description',
-        label: t('Description'),
-        type: 'textarea',
-        required: false,
-      },
-    ];
-  }
 }
 
 export default inject('rootStore')(observer(Edit));

src/pages/network/containers/LoadBalancers/LoadBalancerInstance/actions/Delete.jsx

@@ -55,7 +55,8 @@ export default class DeleteAction extends ConfirmAction {
       return true;
     }
     return (
-      (this.isCurrentProject(item) && item.provisioning_status === 'ACTIVE') ||
+      (this.isCurrentProject(item) &&
+        ['ACTIVE', 'PENDING_UPDATE'].includes(item.provisioning_status)) ||
       item.provisioning_status === 'ERROR'
     );
   };

src/pages/network/routes/index.js

@@ -171,21 +171,6 @@ export default [
         component: CertificateDetailSecret,
         exact: true,
       },
-      {
-        path: `${PATH}/certificate-admin`,
-        component: Certificate,
-        exact: true,
-      },
-      {
-        path: `${PATH}/certificate-container-admin/detail/:id`,
-        component: CertificateDetailContainer,
-        exact: true,
-      },
-      {
-        path: `${PATH}/certificate-secret-admin/detail/:id`,
-        component: CertificateDetailSecret,
-        exact: true,
-      },
       { path: `${PATH}/vpn`, component: VPN, exact: true },
       {
         path: `${PATH}/ipsec-site-connection/detail/:id`,

test/e2e/config/config-network.yaml

@@ -27,4 +27,4 @@ testFiles:
   - pages/network/security-group.spec.js
   - pages/network/vpn.spec.js
   - pages/network/lb.spec.js
-  - pages/network/topology.spec.js
+  # - pages/network/topology.spec.js