ui: show tenant dropdown in insecure mode when multiple tenants exist

Previously, the tenant dropdown would not appear in insecure mode because
it required a tenant cookie to be set, which only happens after authentication.
This change modifies the dropdown logic to show when running in insecure mode
and the virtual_clusters endpoint returns more than one tenant.

In insecure mode, the dropdown now displays "default" when no tenant cookie
is set, allowing users to select from available virtual clusters without
requiring authentication.

Release note (ui change): The tenant dropdown now appears in insecure mode when multiple virtual clusters are available.

Epic: none.

Author: dt

pkg/server/server.go

@@ -1303,6 +1303,7 @@ func NewServer(cfg Config, stopper *stop.Stopper) (serverctl.ServerStartupInterf
 		tenantCapabilitiesWatcher,
 		cfg.DisableSQLServer,
 		cfg.BaseConfig.DisableTLSForHTTP,
+		cfg.Insecure,
 	)
 	drain.serverCtl = sc
 

pkg/server/server_controller.go

@@ -100,6 +100,8 @@ type serverController struct {
 
 	disableTLSForHTTP bool
 
+	insecure bool
+
 	mu struct {
 		syncutil.RWMutex
 
@@ -136,6 +138,7 @@ func newServerController(
 	watcher *tenantcapabilitieswatcher.Watcher,
 	disableSQLServer bool,
 	disableTLSForHTTP bool,
+	insecure bool,
 ) *serverController {
 	c := &serverController{
 		AmbientContext:      ambientCtx,
@@ -150,6 +153,7 @@ func newServerController(
 		drainCh:             make(chan struct{}),
 		disableSQLServer:    disableSQLServer,
 		disableTLSForHTTP:   disableTLSForHTTP,
+		insecure:            insecure,
 	}
 	c.orchestrator = newChannelOrchestrator(parentStopper, c)
 	c.mu.servers = map[roachpb.TenantName]*serverState{

pkg/server/server_controller_http.go

@@ -7,6 +7,7 @@ package server
 
 import (
 	"bytes"
+	"encoding/json"
 	"io"
 	"net/http"
 	"strconv"
@@ -53,6 +54,26 @@ var ServerHTTPBasePath = settings.RegisterStringSetting(
 	settings.WithPublic,
 )
 
+func (c *serverController) insecureVirtualClusterList(w http.ResponseWriter, r *http.Request) {
+	tenantNames := c.getCurrentTenantNames()
+	tenants := make([]string, len(tenantNames))
+	for i, name := range tenantNames {
+		tenants[i] = string(name)
+	}
+
+	resp := &virtualClustersResp{
+		VirtualClusters: tenants,
+	}
+	respBytes, err := json.Marshal(resp)
+	if err != nil {
+		http.Error(w, "unable to marshal virtual clusters JSON", http.StatusInternalServerError)
+		return
+	}
+	if _, err := w.Write(respBytes); err != nil {
+		log.Errorf(r.Context(), "unable to write virtual clusters response: %s", err.Error())
+	}
+}
+
 // httpMux redirects incoming HTTP requests to the server selected by
 // the special HTTP request header.
 // If no tenant is specified, the default tenant is used.
@@ -78,6 +99,13 @@ func (c *serverController) httpMux(w http.ResponseWriter, r *http.Request) {
 		c.attemptLogoutFromAllTenants().ServeHTTP(w, r)
 		return
 	}
+	if c.insecure && r.URL.Path == virtualClustersPath {
+		// If the insecure flag is set, the virtual clusters endpoint should just
+		// return all tennants instead of delegating to a tenant server to read the
+		// auth cookie which doesn't exist.
+		c.insecureVirtualClusterList(w, r)
+		return
+	}
 	tenantName := getTenantNameFromHTTPRequest(c.st, r)
 	noFallback := false
 	if noFallbackValue := r.URL.Query().Get(NoFallbackParam); noFallbackValue != "" {

pkg/ui/workspaces/db-console/src/views/app/components/tenantDropdown/tenantDropdown.tsx

@@ -7,6 +7,7 @@ import React from "react";
 
 import { getCookieValue, setCookie } from "src/redux/cookies";
 import { isSystemTenant } from "src/redux/tenants";
+import { getDataFromServer } from "src/util/dataFromServer";
 
 import ErrorBoundary from "../errorMessage/errorBoundary";
 
@@ -76,22 +77,36 @@ export default class TenantDropdown extends React.Component<
   }
 
   render() {
-    if (
-      !this.state.currentTenant ||
-      (this.state.virtualClusters?.length < 2 &&
-        isSystemTenant(this.state.currentTenant))
-    ) {
-      return null;
+    const dataFromServer = getDataFromServer();
+    const isInsecure = dataFromServer.Insecure;
+    // In insecure mode, show dropdown if there are >1 virtual clusters
+    if (isInsecure) {
+      if (this.state.virtualClusters?.length <= 1) {
+        return null;
+      }
+    } else {
+      // In secure mode, use the original logic
+      if (
+        !this.state.currentTenant ||
+        (this.state.virtualClusters?.length < 2 &&
+          isSystemTenant(this.state.currentTenant))
+      ) {
+        return null;
+      }
     }
 
+    // In insecure mode, show "default" if no tenant is set
+    const displayTenant =
+      this.state.currentTenant || (isInsecure ? "default" : "");
+
     return (
       <ErrorBoundary>
         <Dropdown
           items={this.createDropdownItems()}
           onChange={(tenantID: string) => this.onTenantChange(tenantID)}
         >
           <div className="virtual-cluster-selected">
-            {"Virtual cluster: " + this.state.currentTenant}
+            {"Virtual cluster: " + displayTenant}
           </div>
         </Dropdown>
       </ErrorBoundary>