mgr/dashboard: support rgw roles updating

Right now only the modification of max_session_duration is supported via
the roles update command. To update, we need to use `policy modify`
command which is not added in this PR. That should be done separately

Refer: https://docs.ceph.com/en/latest/radosgw/role/#update-a-role

Fixes: https://tracker.ceph.com/issues/63230
Signed-off-by: Nizamudeen A <[email protected]>

Author: nizamial09

src/pybind/mgr/dashboard/controllers/_crud.py

@@ -104,6 +104,7 @@ class Validator(Enum):
     RGW_ROLE_NAME = 'rgwRoleName'
     RGW_ROLE_PATH = 'rgwRolePath'
     FILE = 'file'
+    RGW_ROLE_SESSION_DURATION = 'rgwRoleSessionDuration'
 
 
 class FormField(NamedTuple):
@@ -224,6 +225,10 @@ def to_dict(self, key=''):
                 properties[field.key]['title'] = field.name
                 field_ui_schema['key'] = field_key
                 field_ui_schema['readonly'] = field.readonly
+                if field.readonly:
+                    field_ui_schema['templateOptions'] = {
+                        'disabled': True
+                    }
                 field_ui_schema['help'] = f'{field.help}'
                 field_ui_schema['validators'] = [i.value for i in field.validators]
                 items.append(field_ui_schema)
@@ -307,6 +312,7 @@ def __init__(self):
         self.forms = []
         self.columnKey = ''
         self.detail_columns = []
+        self.resource = ''
 
 
 class CRUDCollectionMethod(NamedTuple):
@@ -330,6 +336,7 @@ def __init__(self, router: APIRouter, doc: APIDoc,
                  actions: Optional[List[TableAction]] = None,
                  permissions: Optional[List[str]] = None, forms: Optional[List[Form]] = None,
                  column_key: Optional[str] = None,
+                 resource: Optional[str] = None,
                  meta: CRUDMeta = CRUDMeta(), get_all: Optional[CRUDCollectionMethod] = None,
                  create: Optional[CRUDCollectionMethod] = None,
                  delete: Optional[CRUDCollectionMethod] = None,
@@ -352,6 +359,7 @@ def __init__(self, router: APIRouter, doc: APIDoc,
         self.detail_columns = detail_columns if detail_columns is not None else []
         self.extra_endpoints = extra_endpoints if extra_endpoints is not None else []
         self.selection_type = selection_type
+        self.resource = resource
 
     def __call__(self, cls: Any):
         self.create_crud_class(cls)
@@ -415,6 +423,7 @@ def _list(self, model_key: str = ''):
             self.generate_forms(model_key)
             self.set_permissions()
             self.set_column_key()
+            self.set_table_resource()
             self.get_detail_columns()
             selection_type = self.__class__.outer_self.selection_type
             self.__class__.outer_self.meta.table.set_selection_type(selection_type)
@@ -468,6 +477,10 @@ def set_column_key(self):
             if self.__class__.outer_self.column_key:
                 self.outer_self.meta.columnKey = self.__class__.outer_self.column_key
 
+        def set_table_resource(self):
+            if self.__class__.outer_self.resource:
+                self.outer_self.meta.resource = self.__class__.outer_self.resource
+
         class_name = self.router.path.replace('/', '')
         meta_class = type(f'{class_name}_CRUDClassMetadata',
                           (RESTController,),
@@ -478,6 +491,7 @@ def set_column_key(self):
                               'generate_forms': generate_forms,
                               'set_permissions': set_permissions,
                               'set_column_key': set_column_key,
+                              'set_table_resource': set_table_resource,
                               'get_detail_columns': get_detail_columns,
                               'outer_self': self,
                           })

src/pybind/mgr/dashboard/controllers/ceph_users.py

@@ -174,7 +174,7 @@ def model(user_entity: str):
         TableAction(name='Create', permission='create', icon=Icon.ADD.value,
                     routerLink='/cluster/user/create'),
         TableAction(name='Edit', permission='update', icon=Icon.EDIT.value,
-                    click='edit'),
+                    click='edit', routerLink='/cluster/user/edit'),
         TableAction(name='Delete', permission='delete', icon=Icon.DESTROY.value,
                     click='delete', disable=True),
         TableAction(name='Import', permission='create', icon=Icon.IMPORT.value,
@@ -185,6 +185,7 @@ def model(user_entity: str):
     permissions=[Scope.CONFIG_OPT],
     forms=[create_form, edit_form, import_user_form],
     column_key='entity',
+    resource='user',
     get_all=CRUDCollectionMethod(
         func=CephUserEndpoints.user_list,
         doc=EndpointDoc("Get Ceph Users")

src/pybind/mgr/dashboard/controllers/rgw.py

@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+# pylint: disable=C0302
 import json
 import logging
 import re
@@ -717,6 +718,15 @@ def role_create(_, role_name: str = '', role_path: str = '', role_assume_policy_
         rgw_client.create_role(role_name, role_path, role_assume_policy_doc)
         return f'Role {role_name} created successfully'
 
+    @staticmethod
+    def role_update(_, role_name: str, max_session_duration: str):
+        assert role_name
+        assert max_session_duration
+        # convert max_session_duration which is in hours to seconds
+        max_session_duration = int(float(max_session_duration) * 3600)
+        rgw_client = RgwClient.admin_instance()
+        rgw_client.update_role(role_name, str(max_session_duration))
+        return f'Role {role_name} updated successfully'
 
     @staticmethod
     def role_delete(_, role_name: str):
@@ -725,7 +735,18 @@ def role_delete(_, role_name: str):
         rgw_client.delete_role(role_name)
         return f'Role {role_name} deleted successfully'
 
+    @staticmethod
+    def model(role_name: str):
+        assert role_name
+        rgw_client = RgwClient.admin_instance()
+        role = rgw_client.get_role(role_name)
+        model = {'role_name': '', 'max_session_duration': ''}
+        model['role_name'] = role['RoleName']
 
+        # convert maxsessionduration which is in seconds to hours
+        if role['MaxSessionDuration']:
+            model['max_session_duration'] = role['MaxSessionDuration'] / 3600
+        return model
 
 
 # pylint: disable=C0301
@@ -735,6 +756,10 @@ def role_delete(_, role_name: str):
     'target="_blank">click here.</a>'
 )
 
+max_session_duration_help = (
+    'The maximum session duration (in hours) that you want to set for the specified role.This setting can have a value from 1 hour to 12 hours.'  # noqa: E501
+)
+
 create_container = VerticalContainer('Create Role', 'create_role', fields=[
     FormField('Role name', 'role_name', validators=[Validator.RGW_ROLE_NAME]),
     FormField('Path', 'role_path', validators=[Validator.RGW_ROLE_PATH]),
@@ -744,23 +769,43 @@ def role_delete(_, role_name: str):
               field_type='textarea',
               validators=[Validator.JSON]),
 ])
-create_role_form = Form(path='/rgw/roles/create',
+
+edit_container = VerticalContainer('Edit Role', 'edit_role', fields=[
+    FormField('Role name', 'role_name', readonly=True),
+    FormField('Max Session Duration', 'max_session_duration',
+              help=max_session_duration_help,
+              validators=[Validator.RGW_ROLE_SESSION_DURATION])
+])
+
+create_role_form = Form(path='/create',
                         root_container=create_container,
                         task_info=FormTaskInfo("IAM RGW Role '{role_name}' created successfully",
                                                ['role_name']),
                         method_type=MethodType.POST.value)
 
+edit_role_form = Form(path='/edit',
+                      root_container=edit_container,
+                      task_info=FormTaskInfo("IAM RGW Role '{role_name}' edited successfully",
+                                             ['role_name']),
+                      method_type=MethodType.PUT.value,
+                      model_callback=RGWRoleEndpoints.model)
+
 
 @CRUDEndpoint(
     router=APIRouter('/rgw/roles', Scope.RGW),
     doc=APIDoc("List of RGW roles", "RGW"),
     actions=[
         TableAction(name='Create', permission='create', icon=Icon.ADD.value,
+                    routerLink='/rgw/roles/create'),
+        TableAction(name='Edit', permission='update', icon=Icon.EDIT.value,
+                    click='edit', routerLink='/rgw/roles/edit'),
         TableAction(name='Delete', permission='delete', icon=Icon.DESTROY.value,
                     click='delete', disable=True),
     ],
-    forms=[create_role_form],
-    permissions=[Scope.CONFIG_OPT],
+    forms=[create_role_form, edit_role_form],
+    column_key='RoleName',
+    resource='Role',
+    permissions=[Scope.RGW],
     get_all=CRUDCollectionMethod(
         func=RGWRoleEndpoints.role_list,
         doc=EndpointDoc("List RGW roles")
@@ -769,6 +814,10 @@ def role_delete(_, role_name: str):
         func=RGWRoleEndpoints.role_create,
         doc=EndpointDoc("Create RGW role")
     ),
+    edit=CRUDCollectionMethod(
+        func=RGWRoleEndpoints.role_update,
+        doc=EndpointDoc("Edit RGW role")
+    ),
     delete=CRUDCollectionMethod(
         func=RGWRoleEndpoints.role_delete,
         doc=EndpointDoc("Delete RGW role")

src/pybind/mgr/dashboard/frontend/cypress/e2e/rgw/roles.e2e-spec.ts

@@ -9,11 +9,21 @@ describe('RGW roles page', () => {
   });
 
   describe('Create, Edit & Delete rgw roles', () => {
+    const roleName = 'testRole';
+
     it('should create rgw roles', () => {
       roles.navigateTo('create');
-      roles.create('testRole', '/', '{}');
+      roles.create(roleName, '/', '{}');
       roles.navigateTo();
-      roles.checkExist('testRole', true);
+      roles.checkExist(roleName, true);
+    });
+
+    it('should edit rgw role', () => {
+      roles.edit(roleName, 3);
+    });
+
+    it('should delete rgw role', () => {
+      roles.delete(roleName);
     });
   });
 });

src/pybind/mgr/dashboard/frontend/cypress/e2e/rgw/roles.po.ts

@@ -11,18 +11,36 @@ export class RolesPageHelper extends PageHelper {
   columnIndex = {
     roleName: 2,
     path: 3,
-    arn: 4
+    arn: 4,
+    createDate: 5,
+    maxSessionDuration: 6
   };
 
   @PageHelper.restrictTo(pages.create.url)
   create(name: string, path: string, policyDocument: string) {
-    cy.get('#formly_3_string_role_name_0').type(name);
-    cy.get('#formly_3_textarea_role_assume_policy_doc_2').type(policyDocument);
-    cy.get('#formly_3_string_role_path_1').type(path);
+    cy.get('[id$="string_role_name_0"]').type(name);
+    cy.get('[id$="role_assume_policy_doc_2"]').type(policyDocument);
+    cy.get('[id$="role_path_1"]').type(path);
     cy.get("[aria-label='Create Role']").should('exist').click();
     cy.get('cd-crud-table').should('exist');
   }
 
+  edit(name: string, maxSessionDuration: number) {
+    this.navigateEdit(name);
+    cy.get('[id$="max_session_duration_1"]').clear().type(maxSessionDuration.toString());
+    cy.get("[aria-label='Edit Role']").should('exist').click();
+    cy.get('cd-crud-table').should('exist');
+
+    this.getTableCell(this.columnIndex.roleName, name)
+      .click()
+      .parent()
+      .find(`datatable-body-cell:nth-child(${this.columnIndex.maxSessionDuration})`)
+      .should(($elements) => {
+        const roleName = $elements.map((_, el) => el.textContent).get();
+        expect(roleName).to.include(`${maxSessionDuration} hours`);
+      });
+  }
+
   @PageHelper.restrictTo(pages.index.url)
   checkExist(name: string, exist: boolean) {
     this.getTableCell(this.columnIndex.roleName, name).should(($elements) => {

src/pybind/mgr/dashboard/frontend/src/app/ceph/rgw/rgw.module.ts

@@ -156,6 +156,13 @@ const routes: Routes = [
         data: {
           breadcrumbs: ActionLabels.CREATE
         }
+      },
+      {
+        path: URLVerbs.EDIT,
+        component: CrudFormComponent,
+        data: {
+          breadcrumbs: ActionLabels.EDIT
+        }
       }
     ]
   },

src/pybind/mgr/dashboard/frontend/src/app/core/context/context.component.ts

@@ -24,12 +24,14 @@ export class ContextComponent implements OnInit, OnDestroy {
   private subs = new Subscription();
   private rgwUrlPrefix = '/rgw';
   private rgwUserUrlPrefix = '/rgw/user';
+  private rgwRoleUrlPrefix = '/rgw/roles';
   private rgwBuckerUrlPrefix = '/rgw/bucket';
   permissions: Permissions;
   featureToggleMap$: FeatureTogglesMap$;
   isRgwRoute =
     document.location.href.includes(this.rgwUserUrlPrefix) ||
-    document.location.href.includes(this.rgwBuckerUrlPrefix);
+    document.location.href.includes(this.rgwBuckerUrlPrefix) ||
+    document.location.href.includes(this.rgwRoleUrlPrefix);
 
   constructor(
     private authStorageService: AuthStorageService,
@@ -48,9 +50,11 @@ export class ContextComponent implements OnInit, OnDestroy {
         .pipe(filter((event: Event) => event instanceof NavigationEnd))
         .subscribe(
           () =>
-            (this.isRgwRoute = [this.rgwBuckerUrlPrefix, this.rgwUserUrlPrefix].some((urlPrefix) =>
-              this.router.url.startsWith(urlPrefix)
-            ))
+            (this.isRgwRoute = [
+              this.rgwBuckerUrlPrefix,
+              this.rgwUserUrlPrefix,
+              this.rgwRoleUrlPrefix
+            ].some((urlPrefix) => this.router.url.startsWith(urlPrefix)))
         )
     );
     // Set daemon list polling only when in RGW route:

src/pybind/mgr/dashboard/frontend/src/app/shared/datatable/crud-table/crud-table.component.ts

@@ -120,7 +120,7 @@ export class CRUDTableComponent implements OnInit {
   delete() {
     const selectedKey = this.selection.first()[this.meta.columnKey];
     this.modalRef = this.modalService.show(CriticalConfirmationModalComponent, {
-      itemDescription: $localize`${this.meta.columnKey}`,
+      itemDescription: $localize`${this.meta.resource}`,
       itemNames: [selectedKey],
       submitAction: () => {
         this.taskWrapper
@@ -153,7 +153,9 @@ export class CRUDTableComponent implements OnInit {
     if (this.selection.hasSelection) {
       key = this.selection.first()[this.meta.columnKey];
     }
-    this.router.navigate(['/cluster/user/edit'], { queryParams: { key: key } });
+
+    const editAction = this.meta.actions.find((action) => action.name === 'Edit');
+    this.router.navigate([editAction.routerLink], { queryParams: { key: key } });
   }
 
   authExport() {

src/pybind/mgr/dashboard/frontend/src/app/shared/datatable/datatable.module.ts

@@ -61,7 +61,11 @@ import { CheckedTableFormComponent } from './checked-table-form/checked-table-fo
             'Role path must start and finish with a slash "/".' +
             ' (pattern: (\u002F)|(\u002F[\u0021-\u007E]+\u002F))'
         },
-        { name: 'file_size', message: 'File size must not exceed 4KiB' }
+        { name: 'file_size', message: 'File size must not exceed 4KiB' },
+        {
+          name: 'rgwRoleSessionDuration',
+          message: 'This field must be a number and should be a value from 1 hour to 12 hour'
+        }
       ],
       wrappers: [{ name: 'input-wrapper', component: FormlyInputWrapperComponent }]
     }),

src/pybind/mgr/dashboard/frontend/src/app/shared/forms/crud-form/helpers.ts

@@ -3,7 +3,11 @@ import { FormlyFieldConfig } from '@ngx-formly/core';
 import { forEach } from 'lodash';
 import { formlyAsyncFileValidator } from './validators/file-validator';
 import { formlyAsyncJsonValidator } from './validators/json-validator';
-import { formlyRgwRoleNameValidator, formlyRgwRolePath } from './validators/rgw-role-validator';
+import {
+  formlyFormNumberValidator,
+  formlyRgwRoleNameValidator,
+  formlyRgwRolePath
+} from './validators/rgw-role-validator';
 
 export function getFieldState(field: FormlyFieldConfig, uiSchema: any[] = undefined) {
   const formState: any[] = uiSchema || field.options?.formState;
@@ -34,6 +38,10 @@ export function setupValidators(field: FormlyFieldConfig, uiSchema: any[]) {
         validators.push(formlyAsyncFileValidator);
         break;
       }
+      case 'rgwRoleSessionDuration': {
+        validators.push(formlyFormNumberValidator);
+        break;
+      }
     }
   });
   field.asyncValidators = { validation: validators };