upcoming: [M3-9357] - Enable ACL by default for LKE-E clusters #11746
Conversation
| cy.findByText( | ||
| 'At least one IP address or CIDR range is required for LKE Enterprise.', | ||
| { exact: false } | ||
| ).should('be.visible'); |
There was a problem hiding this comment.
I can't figure out why this is causing a failure. The error is present in the UI.
I tried other ways of finding the text (cy.contains() and cy.get('[data-qa-error="true"]').contains()), and those didn't work either. No issues with the lke-update.spec.ts, which looks for the same error and finds it.
SDET eyes would be appreciated. 🙏🏼 I'll also take another look tomorrow.
| {selectedTier === 'enterprise' | ||
| ? 'An access control list (ACL) is enabled by default on LKE Enterprise clusters. All traffic to the control plane is restricted except from IP addresses listed in the ACL. Add at least one IP address or CIDR range.' | ||
| : 'Enable an access control list (ACL) on your LKE cluster to restrict access to your cluster’s control plane. Only the IP addresses and ranges specified in the ACL can connect to the control plane.'} |
There was a problem hiding this comment.
Adds copy for when the selected tier is enterprise and updates the existing copy (courtesy of Tech Docs).
| export const createKubeClusterSchema = object().shape({ | ||
| label: clusterLabelSchema, | ||
| region: string().required('Region is required.'), | ||
| k8s_version: string().required('Kubernetes version is required.'), | ||
| node_pools: array() | ||
| .of(nodePoolSchema) | ||
| .min(1, 'Please add at least one node pool.'), | ||
| }); |
There was a problem hiding this comment.
createKubeClusterSchema was pre-existing. Just moved it to make it easier to compare to the enterprise cluster schema.
| {errors.acl?.root && ( | ||
| <Notice spacingBottom={12} spacingTop={8} variant="error"> | ||
| {errors.acl.message} | ||
| {errors.acl?.root.message} |
There was a problem hiding this comment.
The wrong chaining seemed to be happening on this error object, resulting in the validation message not being surfaceable until this changed.
Cloud Manager UI test results🔺 1 failing test on test run #3 ↗︎
Details
TroubleshootingUse this command to re-run the failing tests: pnpm cy:run -s "cypress/e2e/core/kubernetes/lke-create.spec.ts" |
|||||||||||||||||
Description 📝
LKE-E clusters must have ACL enabled to be able to access the cluster.
Currently, the cluster create flow allows the user to submit an LKE-E cluster without ACL enabled by default, and ACL enablement by default is not enforced on the backend, though that will be handled in LKE-6468.
The UI should still make the ACL requirement clear to users. We will force ACL enablement in the cluster create flow and ACL drawer, containing updated copy to explain this and validate that they provide at least one IP address or CIDR to the ACL, or they cannot access their cluster API server. By default, it is preventing all access.
Changes 🔄
In both the ACL section of the create flow and the ACL drawer in the cluster details flow...
enterpriseenterprisetier is selected on the create flowTODO:
Kubernetes version is required.errorTarget release date 🗓️
3/11
Preview 📷
💡 Use
<video src="" />tag when including recordings in table.How to test 🧪
Prerequisites
(How to setup test environment)
Reproduction steps
(How to reproduce the issue, if applicable)
Verification steps
(How to verify changes)
Author Checklists
As an Author, to speed up the review process, I considered 🤔
👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support
As an Author, before moving this PR from Draft to Open, I confirmed ✅