gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-10 07:28:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
097995e50381e7550a0c7f627edad8ea24e64e9c
certctl/web/src/pages/AgentGroupsPage.tsx
T
shankar0123 097995e503 fix(web,ci): close orphan-CRUD GUI gaps + dead exportCertificatePEM (B-1 master) 
Closes four 2026-04-24 audit findings via per-page Edit modals on five
existing pages, a brand-new RenewalPoliciesPage for the rp-* CRUD surface,
and removal of one dead duplicate so the public client surface stops
growing without consumers. Anchored by a CI grep guardrail that fails
the build if any of the eight previously-orphan client functions loses
its non-test page consumer or if exportCertificatePEM is resurrected.

Per-page Edit modals (mirroring existing CreateXModal scaffolding):
- web/src/pages/OwnersPage.tsx — EditOwnerModal (name/email/team_id)
- web/src/pages/TeamsPage.tsx — EditTeamModal (name/description)
- web/src/pages/AgentGroupsPage.tsx — EditAgentGroupModal (full match-rule
  set: name/description/match_os/match_architecture/match_ip_cidr/
  match_version/enabled)
- web/src/pages/IssuersPage.tsx — EditIssuerModal (rename-only; type
  locked, config blob preserved untouched, footer note about delete+
  recreate for credential rotation)
- web/src/pages/ProfilesPage.tsx — EditProfileModal (rename + description
  only; policy fields preserved untouched, footer note about deferred
  policy editing)

New page (closes cat-b-4631ca092bee — RenewalPolicy CRUD orphan):
- web/src/pages/RenewalPoliciesPage.tsx — full CRUD page with shared
  PolicyFormModal for Create + Edit (form shape identical), 7-column
  DataTable (Policy/RenewalWindow/Auto/Retries/AlertThresholds/Created/
  Actions), comma-separated alert_thresholds_days input parser, and
  alert() surfacing of repository.ErrRenewalPolicyInUse (409) on Delete
  so operators can re-target dependent certs before deletion.
- web/src/main.tsx — adds /renewal-policies route.
- web/src/components/Layout.tsx — adds sidebar nav item slotted between
  Policies and Profiles.

Removed (closes cat-b-9b97ffb35ef7 — dead duplicate):
- web/src/api/client.ts::exportCertificatePEM — zero consumers across
  web/, MCP, CLI, tests; downloadCertificatePEM is the actual call site
  in CertificateDetailPage. Test references in client.test.ts and
  client.error.test.ts also removed.

CI regression guardrail:
- .github/workflows/ci.yml — adds 'Forbidden orphan-CRUD client function
  regression guard (B-1)' step. Greps for all eight previously-orphan
  fns (updateOwner/updateTeam/updateAgentGroup/updateIssuer/updateProfile
  + createRenewalPolicy/updateRenewalPolicy/deleteRenewalPolicy) under
  web/src/pages/ and fails the build if any has zero non-test consumers.
  Also blocks resurrection of exportCertificatePEM. Verified locally
  (all 8 fns have ≥2 consumers; exportCertificatePEM is gone) and
  against synthetic regressions.

Documentation:
- CHANGELOG.md — new B-1 section above L-1 under [unreleased].
- docs/architecture.md — Web Dashboard section gains a new paragraph
  capturing the 'every backend CRUD must have a GUI consumer' rule
  with reference to the CI guardrail.
- coverage-gap-audit-2026-04-24-v5/unified-audit.md — flips four
  findings to  RESOLVED with detailed Status blocks; bumps Live
  Tracker score 16/47 → 20/47 (P1: 9→12, P3: 1→2); adds B-1 row to
  closed-bundle index.

Verification:
- cd web && tsc --noEmit — clean
- cd web && vitest run — 9 test files, 294 tests, all passing
- cd web && vite build — clean (no new warnings)
- B-1 guardrail dry-run — all 8 client fns have ≥2 page consumers,
  exportCertificatePEM removed (good), FAIL=0

Audit findings closed:
- cat-b-31ceb6aaa9f1 (P1, updateOwner/updateTeam/updateAgentGroup orphan)
- cat-b-7a34f893a8f9 (P1, updateIssuer/updateProfile orphan, rename-only)
- cat-b-4631ca092bee (P1, RenewalPolicy CRUD orphan)
- cat-b-9b97ffb35ef7 (P3, exportCertificatePEM dead duplicate)

Deferred follow-ups:
- Fuller EditIssuerModal with credential-rotation flow (needs threat
  model: rotation reuse window, in-flight CSR cancellation, audit-trail
  granularity).
- Fuller EditProfileModal with policy-field editing (max-TTL, allowed
  EKUs, allowed key algorithms — affect already-issued cert evaluation).
- Per-page Vitest coverage for the new Edit modals (CI grep guardrail
  catches the same regression vector at lower cost).
2026-04-25 15:23:15 +00:00

390 lines
16 KiB
TypeScript
Raw Blame History

import { useEffect, useState } from 'react';
import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
import { getAgentGroups, deleteAgentGroup, createAgentGroup, updateAgentGroup } from '../api/client';
import PageHeader from '../components/PageHeader';
import DataTable from '../components/DataTable';
import type { Column } from '../components/DataTable';
import StatusBadge from '../components/StatusBadge';
import ErrorState from '../components/ErrorState';
import { formatDateTime } from '../api/utils';
import type { AgentGroup } from '../api/types';
interface CreateAgentGroupModalProps {
isOpen: boolean;
onClose: () => void;
onSuccess: () => void;
isLoading: boolean;
error: string | null;
}
function CreateAgentGroupModal({ isOpen, onClose, onSuccess, isLoading, error }: CreateAgentGroupModalProps) {
const [name, setName] = useState('');
const [description, setDescription] = useState('');
const [matchOs, setMatchOs] = useState('');
const [matchArch, setMatchArch] = useState('');
const [matchIpCidr, setMatchIpCidr] = useState('');
const [matchVersion, setMatchVersion] = useState('');
const [enabled, setEnabled] = useState(true);
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
if (!name.trim()) return;
await createAgentGroup({
name: name.trim(),
description: description.trim(),
match_os: matchOs.trim() || undefined,
match_architecture: matchArch.trim() || undefined,
match_ip_cidr: matchIpCidr.trim() || undefined,
match_version: matchVersion.trim() || undefined,
enabled,
});
setName('');
setDescription('');
setMatchOs('');
setMatchArch('');
setMatchIpCidr('');
setMatchVersion('');
setEnabled(true);
onSuccess();
};
if (!isOpen) return null;
return (
<div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
<div className="bg-surface border border-surface-border rounded p-5 w-full max-w-md shadow-xl" onClick={e => e.stopPropagation()}>
<h2 className="text-lg font-semibold text-ink mb-4">Create Agent Group</h2>
{error && <div className="mb-4 p-3 bg-red-50 border border-red-200 rounded text-sm text-red-700">{error}</div>}
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label className="block text-sm font-medium text-ink mb-1">Name *</label>
<input
value={name}
onChange={e => setName(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="e.g., Production Linux Servers"
required
/>
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Description</label>
<textarea
value={description}
onChange={e => setDescription(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="Optional description"
rows={2}
/>
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match OS</label>
<input
value={matchOs}
onChange={e => setMatchOs(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="linux"
/>
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match Architecture</label>
<input
value={matchArch}
onChange={e => setMatchArch(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="amd64"
/>
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match IP CIDR</label>
<input
value={matchIpCidr}
onChange={e => setMatchIpCidr(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="10.0.0.0/8"
/>
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match Version</label>
<input
value={matchVersion}
onChange={e => setMatchVersion(e.target.value)}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400"
placeholder="2.0.*"
/>
</div>
<div className="flex items-center gap-2">
<input
type="checkbox"
id="enabled"
checked={enabled}
onChange={e => setEnabled(e.target.checked)}
className="w-4 h-4"
/>
<label htmlFor="enabled" className="text-sm text-ink">Enabled</label>
</div>
<div className="flex gap-2 pt-4">
<button
type="submit"
disabled={isLoading}
className="flex-1 btn btn-primary disabled:opacity-50 disabled:cursor-not-allowed"
>
{isLoading ? 'Creating...' : 'Create Group'}
</button>
<button
type="button"
onClick={onClose}
className="flex-1 btn btn-ghost"
>
Cancel
</button>
</div>
</form>
</div>
</div>
);
}
// EditAgentGroupModal — B-1 master closure (cat-b-31ceb6aaa9f1).
// Mirrors CreateAgentGroupModal; pre-populates from the editing group;
// calls updateAgentGroup(id, fields) to close the destructive-rename
// hazard. Membership-rule fields (match_os, match_architecture,
// match_ip_cidr, match_version) are editable like the rest — operators
// frequently want to widen/narrow group membership without recreating.
interface EditAgentGroupModalProps {
group: AgentGroup | null;
onClose: () => void;
onSuccess: () => void;
isLoading: boolean;
error: string | null;
}
function EditAgentGroupModal({ group, onClose, onSuccess, isLoading, error }: EditAgentGroupModalProps) {
const [name, setName] = useState('');
const [description, setDescription] = useState('');
const [matchOs, setMatchOs] = useState('');
const [matchArch, setMatchArch] = useState('');
const [matchIpCidr, setMatchIpCidr] = useState('');
const [matchVersion, setMatchVersion] = useState('');
const [enabled, setEnabled] = useState(true);
useEffect(() => {
if (group) {
setName(group.name);
setDescription(group.description || '');
setMatchOs(group.match_os || '');
setMatchArch(group.match_architecture || '');
setMatchIpCidr(group.match_ip_cidr || '');
setMatchVersion(group.match_version || '');
setEnabled(group.enabled);
}
}, [group]);
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
if (!group || !name.trim()) return;
await updateAgentGroup(group.id, {
name: name.trim(),
description: description.trim(),
match_os: matchOs.trim(),
match_architecture: matchArch.trim(),
match_ip_cidr: matchIpCidr.trim(),
match_version: matchVersion.trim(),
enabled,
});
onSuccess();
};
if (!group) return null;
return (
<div className="fixed inset-0 bg-black/40 flex items-center justify-center z-50" onClick={onClose}>
<div className="bg-surface border border-surface-border rounded p-5 w-full max-w-md shadow-xl max-h-[90vh] overflow-y-auto" onClick={e => e.stopPropagation()}>
<h2 className="text-lg font-semibold text-ink mb-4">Edit Agent Group</h2>
<p className="text-xs text-ink-muted mb-4 font-mono">{group.id}</p>
{error && <div className="mb-4 p-3 bg-red-50 border border-red-200 rounded text-sm text-red-700">{error}</div>}
<form onSubmit={handleSubmit} className="space-y-4">
<div>
<label className="block text-sm font-medium text-ink mb-1">Name *</label>
<input value={name} onChange={e => setName(e.target.value)} required
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Description</label>
<textarea value={description} onChange={e => setDescription(e.target.value)} rows={2}
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match OS</label>
<input value={matchOs} onChange={e => setMatchOs(e.target.value)} placeholder="linux"
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match Architecture</label>
<input value={matchArch} onChange={e => setMatchArch(e.target.value)} placeholder="amd64"
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match IP CIDR</label>
<input value={matchIpCidr} onChange={e => setMatchIpCidr(e.target.value)} placeholder="10.0.0.0/24"
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<div>
<label className="block text-sm font-medium text-ink mb-1">Match Version</label>
<input value={matchVersion} onChange={e => setMatchVersion(e.target.value)} placeholder="v2.0.x"
className="w-full bg-white border border-surface-border rounded px-3 py-2 text-sm text-ink focus:outline-none focus:border-brand-400" />
</div>
<label className="flex items-center gap-2 text-sm text-ink">
<input type="checkbox" checked={enabled} onChange={e => setEnabled(e.target.checked)} />
Enabled
</label>
<div className="flex gap-2 pt-4">
<button type="submit" disabled={isLoading} className="flex-1 btn btn-primary disabled:opacity-50 disabled:cursor-not-allowed">
{isLoading ? 'Saving...' : 'Save Changes'}
</button>
<button type="button" onClick={onClose} className="flex-1 btn btn-ghost">Cancel</button>
</div>
</form>
</div>
</div>
);
}
export default function AgentGroupsPage() {
const queryClient = useQueryClient();
const [showCreate, setShowCreate] = useState(false);
const [editingGroup, setEditingGroup] = useState<AgentGroup | null>(null);
const { data, isLoading, error, refetch } = useQuery({
queryKey: ['agent-groups'],
queryFn: () => getAgentGroups(),
});
const deleteMutation = useMutation({
mutationFn: deleteAgentGroup,
onSuccess: () => queryClient.invalidateQueries({ queryKey: ['agent-groups'] }),
});
const createMutation = useMutation({
mutationFn: createAgentGroup,
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['agent-groups'] });
setShowCreate(false);
},
});
const updateMutation = useMutation({
mutationFn: ({ id, data }: { id: string; data: Partial<AgentGroup> }) => updateAgentGroup(id, data),
onSuccess: () => {
queryClient.invalidateQueries({ queryKey: ['agent-groups'] });
setEditingGroup(null);
},
});
const columns: Column<AgentGroup>[] = [
{
key: 'name',
label: 'Group',
render: (g) => (
<div>
<div className="font-medium text-ink">{g.name}</div>
<div className="text-xs text-ink-faint font-mono">{g.id}</div>
{g.description && (
<div className="text-xs text-ink-muted mt-0.5 max-w-xs truncate">{g.description}</div>
)}
</div>
),
},
{
key: 'criteria',
label: 'Match Criteria',
render: (g) => {
const criteria: string[] = [];
if (g.match_os) criteria.push(`OS: ${g.match_os}`);
if (g.match_architecture) criteria.push(`Arch: ${g.match_architecture}`);
if (g.match_ip_cidr) criteria.push(`IP: ${g.match_ip_cidr}`);
if (g.match_version) criteria.push(`Ver: ${g.match_version}`);
return criteria.length > 0 ? (
<div className="flex flex-wrap gap-1">
{criteria.map((c, i) => (
<span key={i} className="badge badge-neutral text-xs">{c}</span>
))}
</div>
) : (
<span className="text-ink-faint text-xs">Manual only</span>
);
},
},
{
key: 'enabled',
label: 'Status',
render: (g) => <StatusBadge status={g.enabled ? 'active' : 'disabled'} />,
},
{
key: 'created',
label: 'Created',
render: (g) => <span className="text-xs text-ink-muted">{formatDateTime(g.created_at)}</span>,
},
{
key: 'actions',
label: '',
render: (g) => (
<div className="flex gap-3 justify-end">
<button
onClick={(e) => { e.stopPropagation(); setEditingGroup(g); }}
className="text-xs text-brand-400 hover:text-brand-500 transition-colors"
>
Edit
</button>
<button
onClick={(e) => { e.stopPropagation(); if (confirm(`Delete group ${g.name}?`)) deleteMutation.mutate(g.id); }}
className="text-xs text-red-600 hover:text-red-700 transition-colors"
>
Delete
</button>
</div>
),
},
];
return (
<>
<PageHeader
title="Agent Groups"
subtitle={data ? `${data.total} groups` : undefined}
action={
<button onClick={() => setShowCreate(true)} className="btn btn-primary">
+ New Group
</button>
}
/>
<div className="flex-1 overflow-y-auto">
{error ? (
<ErrorState error={error as Error} onRetry={() => refetch()} />
) : (
<DataTable columns={columns} data={data?.data || []} isLoading={isLoading} emptyMessage="No agent groups configured" />
)}
</div>
<CreateAgentGroupModal
isOpen={showCreate}
onClose={() => setShowCreate(false)}
onSuccess={() => {
queryClient.invalidateQueries({ queryKey: ['agent-groups'] });
setShowCreate(false);
}}
isLoading={createMutation.isPending}
error={createMutation.error ? (createMutation.error as Error).message : null}
/>
<EditAgentGroupModal
group={editingGroup}
onClose={() => setEditingGroup(null)}
onSuccess={() => {
queryClient.invalidateQueries({ queryKey: ['agent-groups'] });
setEditingGroup(null);
}}
isLoading={updateMutation.isPending}
error={updateMutation.error ? (updateMutation.error as Error).message : null}
/>
</>
);
}
Reference in New Issue View Git Blame Copy Permalink