Address CR, add a tsh command example

gravitational · Oct 24, 2024 · acd60d2 · acd60d2
1 parent 8af7d6a
commit acd60d2
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 20 deletions.
diff --git a/...ges/shared/components/AccessRequests/NewRequest/RequestCheckout/KubeNamespaceSelector.tsx b/...ges/shared/components/AccessRequests/NewRequest/RequestCheckout/KubeNamespaceSelector.tsx
@@ -140,7 +140,7 @@ export function KubeNamespaceSelector({
   return (
     <Box width="100%" mb={-3}>
       <StyledSelect
-        label={`Namespaces ${namespaceRequired ? '(required)' : ''}:`}
+        label={`Namespaces${namespaceRequired ? ' (required)' : ''}:`}
         inputId={kubeClusterItem.id}
         width="100%"
         placeholder="Start typing a namespace and press enter"

diff --git a/web/packages/shared/components/AccessRequests/NewRequest/RequestCheckout/RequestCheckout.tsx b/web/packages/shared/components/AccessRequests/NewRequest/RequestCheckout/RequestCheckout.tsx
@@ -34,6 +34,7 @@ import {
   P3,
   Subtitle2,
   Text,
+  Mark,
 } from 'design';
 import { ArrowBack, ChevronDown, ChevronRight, Warning } from 'design/Icon';
 import Table, { Cell } from 'design/DataTable';
@@ -65,6 +66,8 @@ import { CrossIcon } from './CrossIcon';
 
 import type { TransitionStatus } from 'react-transition-group';
 import type { AccessRequest } from 'shared/services/accessRequests';
+import { P } from 'design/Text/Text';
+import { TextSelectCopyMulti } from 'shared/components/TextSelectCopy';
 
 export const RequestCheckoutWithSlider = forwardRef<
   HTMLDivElement,
@@ -295,17 +298,36 @@ export function RequestCheckout<T extends PendingListItem>({
             )}
           {hasUnsupportedKubeRequestModes && (
             <Alert kind="danger">
-              You can only request Kubernetes resource kind{' '}
-              {unsupportedKubeRequestModes} for cluster{' '}
-              {affectedKubeClusterName}, but is not supported through this UI.
-              Use the{' '}
-              <ExternalLink
-                target="_blank"
-                href="https://goteleport.com/docs/admin-guides/access-controls/access-requests/resource-requests/#step-26-search-for-resources"
-              >
-                tsh CLI tool
-              </ExternalLink>{' '}
-              to create this particular request.
+              <Text mb={2}>
+                You can only request Kubernetes resource kind [
+                {unsupportedKubeRequestModes.join(', ')}] for cluster{' '}
+                <Mark>{affectedKubeClusterName}</Mark>. Requesting those
+                resource kinds is currently only supported through the{' '}
+                <ExternalLink
+                  target="_blank"
+                  href="https://goteleport.com/docs/connect-your-client/tsh/#installing-tsh"
+                >
+                  tsh CLI tool
+                </ExternalLink>
+                . Use the{' '}
+                <ExternalLink
+                  target="_blank"
+                  href="https://goteleport.com/docs/admin-guides/access-controls/access-requests/resource-requests/#search-for-kubernetes-resources"
+                >
+                  tsh request search
+                </ExternalLink>{' '}
+                command that will help you construct the request.
+              </Text>
+              <Box width="360px">
+                Example:
+                <TextSelectCopyMulti
+                  lines={[
+                    {
+                      text: `tsh request search --kind=${unsupportedKubeRequestModes[0]} --kube-cluster=${affectedKubeClusterName} --all-kube-namespaces`,
+                    },
+                  ]}
+                />
+              </Box>
             </Alert>
           )}
           {fetchStatus === 'loading' && (

diff --git a/web/packages/shared/components/AccessRequests/NewRequest/kube.test.ts b/web/packages/shared/components/AccessRequests/NewRequest/kube.test.ts
@@ -37,11 +37,11 @@ test('checkForUnsupportedKubeRequestModes: failed status with unsupported kinds'
     requiresNamespaceSelect,
   } = checkForUnsupportedKubeRequestModes({
     status: 'failed',
-    statusText: `Your Teleport roles request_mode field restricts you from requesting kinds [kube_cluster] for Kubernetes cluster pumpkin-kube-cluster. Allowed kinds: [pod secret]`,
+    statusText: `Your Teleport roles request_mode field restricts you from requesting kinds [kube_cluster] for Kubernetes cluster "pumpkin-kube-cluster". Allowed kinds: [pod secret]`,
   });
 
   expect(affectedKubeClusterName).toEqual(`pumpkin-kube-cluster`);
-  expect(unsupportedKubeRequestModes).toEqual('[pod secret]');
+  expect(unsupportedKubeRequestModes).toEqual(['pod', 'secret']);
   expect(requiresNamespaceSelect).toBeFalsy();
 });
 
@@ -52,7 +52,7 @@ test('checkForUnsupportedKubeRequestModes: failed status with supported namespac
     requiresNamespaceSelect,
   } = checkForUnsupportedKubeRequestModes({
     status: 'failed',
-    statusText: `Your Teleport roles request_mode field restricts you from requesting kinds [kube_cluster] for Kubernetes cluster pumpkin-kube-cluster. Allowed kinds: [pod secret namespace]`,
+    statusText: `Your Teleport roles request_mode field restricts you from requesting kinds [kube_cluster] for Kubernetes cluster "pumpkin-kube-cluster". Allowed kinds: [pod secret namespace]`,
   });
 
   expect(affectedKubeClusterName).toEqual(`pumpkin-kube-cluster`);

diff --git a/web/packages/shared/components/AccessRequests/NewRequest/kube.ts b/web/packages/shared/components/AccessRequests/NewRequest/kube.ts
@@ -50,28 +50,31 @@ export function isKubeClusterWithNamespaces(
 export function checkForUnsupportedKubeRequestModes(
   requestRoleAttempt: Attempt
 ) {
-  let unsupportedKubeRequestModes = '';
+  let unsupportedKubeRequestModes: string[];
   let affectedKubeClusterName = '';
   let requiresNamespaceSelect = false;
 
   if (requestRoleAttempt.status === 'failed') {
     const errMsg = requestRoleAttempt.statusText.toLowerCase();
 
     if (errMsg.includes('request_mode') && errMsg.includes('allowed kinds: ')) {
-      const allowedKinds = errMsg.split('allowed kinds: ')[1];
+      let allowedKinds = errMsg.split('allowed kinds: ')[1];
 
       // Web UI supports selecting namespace and wildcard
       // which basically means requiring namespace.
       if (allowedKinds.includes('*') || allowedKinds.includes('namespace')) {
         requiresNamespaceSelect = true;
       } else {
-        unsupportedKubeRequestModes = allowedKinds;
+        if (allowedKinds.startsWith('[')) {
+          allowedKinds = allowedKinds.slice(1, -1);
+        }
+        unsupportedKubeRequestModes = allowedKinds.split(' ');
       }
 
-      const initialSplit = errMsg.split('for kubernetes cluster');
+      const initialSplit = errMsg.split('for kubernetes cluster "');
       if (initialSplit.length > 1) {
         affectedKubeClusterName = initialSplit[1]
-          .split('. allowed kinds')[0]
+          .split('". allowed kinds')[0]
           .trim();
       }