Skip to content

feat(apiproduct): add Accepted Paths tab to API Product details#539

Open
namansh70747 wants to merge 1 commit into
Kuadrant:mainfrom
namansh70747:gh-535-apiproduct-accepted-paths
Open

feat(apiproduct): add Accepted Paths tab to API Product details#539
namansh70747 wants to merge 1 commit into
Kuadrant:mainfrom
namansh70747:gh-535-apiproduct-accepted-paths

Conversation

@namansh70747

@namansh70747 namansh70747 commented Jun 4, 2026

Copy link
Copy Markdown
Contributor

Description

Adds an Accepted Paths tab to the API Product details page, listing the method + path patterns the product exposes.

Fixes #535

Opening as a draft for review of the approach before final polish. The implementation is complete and passes lint/i18n/typecheck.

Type of change

  • [feat] New feature

Changes made

  • New APIProductAcceptedPathsTab component. As the issue notes, the path information comes from the HTTPRoute referenced by spec.targetRef, so the tab watches that route and flattens spec.rules[].matches[] into one row per (method, path) pair.
  • Handles the Gateway API defaults explicitly: a rule with no matches accepts all paths (PathPrefix /), and a match with no method accepts all methods (shown as an "All methods" label).
  • Reuses the cached-targetRef + useK8sWatchResource pattern and the full loading / no-permission / no-route / empty / error lifecycle already established in APIProductPoliciesTab, plus the shared HTTPRouteMatch / HTTPMethod types from ratelimitpolicy (rather than redefining them).
  • Registered as a new console.tab/horizontalNav extension and exposedModules entry alongside the existing API Product tabs.

Columns

Method Path Match type
GET (color-coded label) /v1/cars PathPrefix

Test plan

  • yarn lint passes (no changes after running)
  • yarn i18n passes (committed generated keys)
  • yarn tsc --noEmit reports no errors in src/
  • Tested manually in OpenShift Console against an APIProduct + HTTPRoute fixture
  • Tested in both light and dark themes

Open question for reviewers

The issue notes "Consider whether this should also be displayed in the HTTPRoute details page" — that overlaps with #531 (HTTPRoute Enhanced Details). I scoped this PR to the API Product tab only; happy to factor the row-building logic into a shared helper if you want to reuse it for the HTTPRoute view too.

Checklist

  • All user-facing strings use t() and are in the locale file
  • No bare .pf-*/.co-* selectors or hex colors
  • No console.log statements left in
  • Commit includes Signed-off-by

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features
    • Added a new “Accepted Paths” tab for API Products, showing the HTTP methods, paths and match types accepted by the linked route.
    • Added clearer loading, empty-state and error messaging, including support for no route configured and routes with no routing rules.
  • Style
    • Added new UI labels for path and method-related fields to improve readability in the console.

Adds an Accepted Paths tab to the API Product details page that lists the
method + path patterns the product exposes (KuadrantGH-535).

As the issue notes, this information comes from the HTTPRoute referenced by
spec.targetRef. The tab watches that route and flattens its
spec.rules[].matches[] into one row per (method, path) pair, following the
Gateway API defaults: a rule with no matches accepts all paths, and a match
with no method accepts all methods. It reuses the cached-targetRef +
useK8sWatchResource pattern and the loading/empty/error lifecycle already
established in APIProductPoliciesTab, and the shared HTTPRouteMatch types from
ratelimitpolicy.

Registered as a new console.tab/horizontalNav extension alongside the existing
API Product tabs.

Refs Kuadrant#535

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Naman Sharma <namsh70747@gmail.com>
@coderabbitai

coderabbitai Bot commented Jun 4, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds an Accepted Paths tab to APIProduct details, exposes the new component module, and renders HTTPRoute-derived method/path rows with permission, loading, error, and empty states. Matching English locale strings are added.

Changes

APIProduct Accepted Paths Tab

Layer / File(s) Summary
Tab registration and module exposure
console-extensions.json, package.json
Adds the APIProduct Accepted Paths tab entry and exposes APIProductAcceptedPathsTab as a console module.
Accepted-path extraction
src/components/apiproduct/APIProductAcceptedPathsTab.tsx
Loads the APIProduct and referenced HTTPRoute, resolves the target reference, and derives accepted path rows from route matches.
Tab states and labels
src/components/apiproduct/APIProductAcceptedPathsTab.tsx, locales/en/plugin__kuadrant-console-plugin.json
Renders loading, permission, error, and empty states, then shows the accepted paths table and adds the locale strings it uses.

Sequence Diagram(s)

sequenceDiagram
  participant APIProductAcceptedPathsTab
  participant APIProduct
  participant HTTPRoute
  participant AcceptedPathRow

  APIProductAcceptedPathsTab->>APIProduct: watch APIProduct and read spec.targetRef
  APIProduct-->>APIProductAcceptedPathsTab: targetRefToUse
  APIProductAcceptedPathsTab->>HTTPRoute: watch referenced HTTPRoute
  HTTPRoute-->>APIProductAcceptedPathsTab: spec.rules
  APIProductAcceptedPathsTab->>AcceptedPathRow: render method, path, and match type
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested labels

enhancement

Suggested reviewers

  • eguzki
  • R-Lawton
  • emmaaroche

Poem

I hopped to the tab with a whisk of my ear,
Where paths and methods appeared crystal-clear.
The HTTPRoute hummed, “No rules? Then none!”
Yet Accepted Paths sparkled beneath the sun.
Thump-thump — said the rabbit — the console is fun.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly states the main change: adding an Accepted Paths tab to API Product details.
Linked Issues check ✅ Passed The new tab shows a method/path table from the API Product's HTTPRoute, matching issue #535's requirements.
Out of Scope Changes check ✅ Passed All changes support the Accepted Paths tab and its supporting UI/module wiring; no unrelated additions are evident.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
⚔️ Resolve merge conflicts
  • Resolve merge conflict in branch gh-535-apiproduct-accepted-paths

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@R-Lawton

Copy link
Copy Markdown
Contributor

is this ready for review?

@namansh70747

Copy link
Copy Markdown
Contributor Author

is this ready for review?

Yes

@namansh70747 namansh70747 marked this pull request as ready for review June 27, 2026 07:12

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/components/apiproduct/APIProductAcceptedPathsTab.tsx`:
- Around line 98-107: The HTTPRoute fetch in APIProductAcceptedPathsTab should
be gated by its own RBAC check instead of always starting the watch. Add a
`useAccessReviews` check for the referenced `HTTPRoute` before calling
`useK8sWatchResource`, and only render/load the route when access is allowed.
Update the `httpRoute`/load-error handling around the `useK8sWatchResource` and
the error UI near the existing load-error branch so users without route
permissions see the correct permission state rather than a generic load failure.
- Around line 60-69: The access-review and fallback lookups in
APIProductAcceptedPathsTab should not depend on the global activeNamespace;
instead, derive the APIProduct’s namespace from the current route/resource
context and use that for the useAccessReview call and related resource queries.
Update the logic around useLocation, extractResourceNameFromURL, and the
APIProduct/HTTPRoute fallback paths so targetRef.namespace falls back to the
resource namespace rather than activeNamespace, ensuring the tab works in both
single-namespace and `#ALL_NS`# modes.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 78ec5191-a918-4226-b8ca-03b880f8d208

📥 Commits

Reviewing files that changed from the base of the PR and between 64677ba and 03585b3.

📒 Files selected for processing (4)
  • console-extensions.json
  • locales/en/plugin__kuadrant-console-plugin.json
  • package.json
  • src/components/apiproduct/APIProductAcceptedPathsTab.tsx

Comment on lines +60 to +69
const [activeNamespace] = useActiveNamespace();
const location = useLocation();
const productName = extractResourceNameFromURL(location.pathname);

const [canGet, canGetLoading] = useAccessReview({
group: RESOURCES.APIProduct.gvk.group,
resource: getResourceNameFromKind(RESOURCES.APIProduct.gvk.kind),
verb: 'get',
namespace: activeNamespace,
name: productName,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Use the resource’s namespace here, not activeNamespace.

Line 60 makes the watch/access-review namespace depend on the global namespace selector, but this is a named details view. In #ALL_NS# mode, or after switching projects, the tab can query the wrong namespace and fail to load both the APIProduct and its fallback HTTPRoute. Derive the APIProduct namespace from the route/resource context, then fall back from targetRef.namespace to that namespace instead of activeNamespace.

As per coding guidelines, “Support namespace handling for both single namespace and all-namespaces mode (#ALL_NS#) in resource queries”.

Also applies to: 73-79, 95-105

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/apiproduct/APIProductAcceptedPathsTab.tsx` around lines 60 -
69, The access-review and fallback lookups in APIProductAcceptedPathsTab should
not depend on the global activeNamespace; instead, derive the APIProduct’s
namespace from the current route/resource context and use that for the
useAccessReview call and related resource queries. Update the logic around
useLocation, extractResourceNameFromURL, and the APIProduct/HTTPRoute fallback
paths so targetRef.namespace falls back to the resource namespace rather than
activeNamespace, ensuring the tab works in both single-namespace and `#ALL_NS`#
modes.

Source: Coding guidelines

Comment on lines +98 to +107
// Fetch the target HTTPRoute
const [httpRoute, httprouteLoaded, httprouteLoadError] = useK8sWatchResource<RoutedHTTPRoute>(
targetRefToUse && targetRefToUse.kind === 'HTTPRoute'
? {
groupVersionKind: RESOURCES.HTTPRoute.gvk,
namespace: httprouteNamespace,
name: httprouteName,
isList: false,
}
: null,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Gate the HTTPRoute watch behind its own access review.

Line 99 starts the HTTPRoute watch without checking RBAC for that resource. If the user can read the APIProduct but not the referenced route, line 233 shows a generic load error instead of the expected permission state.

As per coding guidelines, “Use useAccessReviews hook to check RBAC permissions before rendering protected features”.

Also applies to: 230-235

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/components/apiproduct/APIProductAcceptedPathsTab.tsx` around lines 98 -
107, The HTTPRoute fetch in APIProductAcceptedPathsTab should be gated by its
own RBAC check instead of always starting the watch. Add a `useAccessReviews`
check for the referenced `HTTPRoute` before calling `useK8sWatchResource`, and
only render/load the route when access is allowed. Update the
`httpRoute`/load-error handling around the `useK8sWatchResource` and the error
UI near the existing load-error branch so users without route permissions see
the correct permission state rather than a generic load failure.

Source: Coding guidelines

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

API Product View: Accepted Paths Tab

2 participants