fix: merge conflicts

Author: KirylSAP

apps/aurora-portal/docs/0011_clavis.md

@@ -0,0 +1,87 @@
+# Clavis / PCA
+
+This document tracks the Clavis integration in Aurora Portal. The initial backend and UI pieces are implemented, and this note is meant to evolve as the feature grows.
+
+## Current Scope
+
+The feature currently covers project-scoped management of private certificate authorities (PCAs):
+
+- list certificate authorities for a project
+- create a certificate authority
+- delete a certificate authority
+- import a certificate chain for a CA
+- list certificates issued by a certificate authority
+- fetch certificate authority and certificate details by id
+- create certificates under a certificate authority
+
+## Implemented UI
+
+The active UI entry point is the project service route at `/projects/$projectId/services/pca/`.
+
+Implemented screens and interactions:
+
+- PCA list page with loading, error, and empty states
+- primary action to create a certificate authority
+- row action menu with delete certificate authority
+- create modal with FQDN/common name validation
+- delete modal with explicit confirmation by typing `delete`
+- CA details page at `/projects/$projectId/services/pca/$pcaId/` via `PcaDetailsView`
+- details page shows CA metadata, certificate validity, CSR content, and delete action
+- details-page delete flow reuses the shared delete modal and redirects back to the PCA list after success
+
+The list page currently renders the CA state, id, and common name. It also shows the translated empty state when no PCAs are available for the current project.
+
+## Implemented BFF
+
+The PCA router is project-scoped and talks to the OpenStack PCA / Clavis service.
+
+| Procedure            | OpenStack path                                                                          | Purpose                                         |
+| -------------------- | --------------------------------------------------------------------------------------- | ----------------------------------------------- |
+| `list`               | `GET /certificate-authorities`                                                          | List all certificate authorities in the project |
+| `create`             | `POST /certificate-authorities`                                                         | Create a new certificate authority              |
+| `getById`            | `GET /certificate-authorities/{certificate_authority_id}`                               | Fetch certificate authority details             |
+| `delete`             | `DELETE /certificate-authorities/{certificate_authority_id}`                            | Permanently delete a certificate authority      |
+| `import`             | `POST /certificate-authorities/{certificate_authority_id}:importCertificate`            | Import the certificate chain for a CA           |
+| `listCertificates`   | `GET /certificate-authorities/{certificate_authority_id}/certificates`                  | List certificates issued by a CA                |
+| `createCertificate`  | `POST /certificate-authorities/{certificate_authority_id}/certificates`                 | Create a new certificate under a CA             |
+| `getByIdCertificate` | `GET /certificate-authorities/{certificate_authority_id}/certificates/{certificate_id}` | Fetch certificate details                       |
+
+All endpoints expect `project_id` in the request context or input and use the OpenStack service client exposed by the Aurora BFF.
+
+## Data Model Notes
+
+Relevant PCA states are:
+
+- `CREATING`
+- `AWAITING_CERTIFICATE`
+- `READY`
+- `FAILED`
+- `UNEXPECTED`
+
+A newly created CA starts in `CREATING`. Once its CSR is generated, it moves to `AWAITING_CERTIFICATE`. Importing the certificate chain transitions it to `READY`, at which point it can issue end-entity certificates.
+
+The CA schema also includes:
+
+- `configuration.subject.common_name`
+- `csr`
+- `certificate`
+- `certificate_chain`
+- `imported_certificate_chain`
+- `project_id`
+
+## UX and Validation
+
+The create flow currently validates the common name as an FQDN-style value. The delete flow requires a typed confirmation to reduce accidental removal of a CA and its associated certificates.
+
+Error states are surfaced directly in the modal or list view when the BFF call fails.
+
+## Next Areas To Document
+
+The backend already exposes certificate and import operations, but the UI does not yet have dedicated screens for:
+
+- certificate list view
+- certificate detail view
+- certificate import flow
+- list filtering, sorting, and search controls
+
+Those can be documented once the corresponding UI work lands.

apps/aurora-portal/src/client/routeTree.gen.ts

@@ -34,6 +34,7 @@ import { Route as AuthProjectsProjectIdComputeFlavorsIndexRouteImport } from "./
 import { Route as AuthProjectsProjectIdComputeImagesImageIdRouteImport } from "./routes/_auth/projects/$projectId/compute/images/$imageId"
 import { Route as AuthProjectsProjectIdComputeFlavorsFlavorIdRouteImport } from "./routes/_auth/projects/$projectId/compute/flavors/$flavorId"
 import { Route as AuthProjectsProjectIdStorageProviderContainersIndexRouteImport } from "./routes/_auth/projects/$projectId/storage/$provider/containers/index"
+import { Route as AuthProjectsProjectIdServicesPcaPcaIdIndexRouteImport } from "./routes/_auth/projects/$projectId/services/pca/$pcaId/index"
 import { Route as AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRouteImport } from "./routes/_auth/projects/$projectId/network/securitygroups/$securityGroupId/index"
 import { Route as AuthProjectsProjectIdNetworkFloatingipsFloatingIpIdIndexRouteImport } from "./routes/_auth/projects/$projectId/network/floatingips/$floatingIpId/index"
 import { Route as AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRouteImport } from "./routes/_auth/projects/$projectId/storage/$provider/containers/$containerName/objects/index"
@@ -180,6 +181,12 @@ const AuthProjectsProjectIdStorageProviderContainersIndexRoute =
     path: "/storage/$provider/containers/",
     getParentRoute: () => AuthProjectsProjectIdRoute,
   } as any)
+const AuthProjectsProjectIdServicesPcaPcaIdIndexRoute =
+  AuthProjectsProjectIdServicesPcaPcaIdIndexRouteImport.update({
+    id: "/services/pca/$pcaId/",
+    path: "/services/pca/$pcaId/",
+    getParentRoute: () => AuthProjectsProjectIdRoute,
+  } as any)
 const AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRoute =
   AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRouteImport.update(
     {
@@ -229,6 +236,7 @@ export interface FileRoutesByFullPath {
   "/projects/$projectId/services/pca/": typeof AuthProjectsProjectIdServicesPcaIndexRoute
   "/projects/$projectId/network/floatingips/$floatingIpId/": typeof AuthProjectsProjectIdNetworkFloatingipsFloatingIpIdIndexRoute
   "/projects/$projectId/network/securitygroups/$securityGroupId/": typeof AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRoute
+  "/projects/$projectId/services/pca/$pcaId/": typeof AuthProjectsProjectIdServicesPcaPcaIdIndexRoute
   "/projects/$projectId/storage/$provider/containers/": typeof AuthProjectsProjectIdStorageProviderContainersIndexRoute
   "/projects/$projectId/storage/$provider/containers/$containerName/objects/": typeof AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute
 }
@@ -254,6 +262,7 @@ export interface FileRoutesByTo {
   "/projects/$projectId/services/pca": typeof AuthProjectsProjectIdServicesPcaIndexRoute
   "/projects/$projectId/network/floatingips/$floatingIpId": typeof AuthProjectsProjectIdNetworkFloatingipsFloatingIpIdIndexRoute
   "/projects/$projectId/network/securitygroups/$securityGroupId": typeof AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRoute
+  "/projects/$projectId/services/pca/$pcaId": typeof AuthProjectsProjectIdServicesPcaPcaIdIndexRoute
   "/projects/$projectId/storage/$provider/containers": typeof AuthProjectsProjectIdStorageProviderContainersIndexRoute
   "/projects/$projectId/storage/$provider/containers/$containerName/objects": typeof AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute
 }
@@ -285,6 +294,7 @@ export interface FileRoutesById {
   "/_auth/projects/$projectId/services/pca/": typeof AuthProjectsProjectIdServicesPcaIndexRoute
   "/_auth/projects/$projectId/network/floatingips/$floatingIpId/": typeof AuthProjectsProjectIdNetworkFloatingipsFloatingIpIdIndexRoute
   "/_auth/projects/$projectId/network/securitygroups/$securityGroupId/": typeof AuthProjectsProjectIdNetworkSecuritygroupsSecurityGroupIdIndexRoute
+  "/_auth/projects/$projectId/services/pca/$pcaId/": typeof AuthProjectsProjectIdServicesPcaPcaIdIndexRoute
   "/_auth/projects/$projectId/storage/$provider/containers/": typeof AuthProjectsProjectIdStorageProviderContainersIndexRoute
   "/_auth/projects/$projectId/storage/$provider/containers/$containerName/objects/": typeof AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute
 }
@@ -316,6 +326,7 @@ export interface FileRouteTypes {
     | "/projects/$projectId/services/pca/"
     | "/projects/$projectId/network/floatingips/$floatingIpId/"
     | "/projects/$projectId/network/securitygroups/$securityGroupId/"
+    | "/projects/$projectId/services/pca/$pcaId/"
     | "/projects/$projectId/storage/$provider/containers/"
     | "/projects/$projectId/storage/$provider/containers/$containerName/objects/"
   fileRoutesByTo: FileRoutesByTo
@@ -341,6 +352,7 @@ export interface FileRouteTypes {
     | "/projects/$projectId/services/pca"
     | "/projects/$projectId/network/floatingips/$floatingIpId"
     | "/projects/$projectId/network/securitygroups/$securityGroupId"
+    | "/projects/$projectId/services/pca/$pcaId"
     | "/projects/$projectId/storage/$provider/containers"
     | "/projects/$projectId/storage/$provider/containers/$containerName/objects"
   id:
@@ -371,6 +383,7 @@ export interface FileRouteTypes {
     | "/_auth/projects/$projectId/services/pca/"
     | "/_auth/projects/$projectId/network/floatingips/$floatingIpId/"
     | "/_auth/projects/$projectId/network/securitygroups/$securityGroupId/"
+    | "/_auth/projects/$projectId/services/pca/$pcaId/"
     | "/_auth/projects/$projectId/storage/$provider/containers/"
     | "/_auth/projects/$projectId/storage/$provider/containers/$containerName/objects/"
   fileRoutesById: FileRoutesById
@@ -558,6 +571,13 @@ declare module "@tanstack/react-router" {
       preLoaderRoute: typeof AuthProjectsProjectIdStorageProviderContainersIndexRouteImport
       parentRoute: typeof AuthProjectsProjectIdRoute
     }
+    "/_auth/projects/$projectId/services/pca/$pcaId/": {
+      id: "/_auth/projects/$projectId/services/pca/$pcaId/"
+      path: "/services/pca/$pcaId"
+      fullPath: "/projects/$projectId/services/pca/$pcaId/"
+      preLoaderRoute: typeof AuthProjectsProjectIdServicesPcaPcaIdIndexRouteImport
+      parentRoute: typeof AuthProjectsProjectIdRoute
+    }
     "/_auth/projects/$projectId/network/securitygroups/$securityGroupId/": {
       id: "/_auth/projects/$projectId/network/securitygroups/$securityGroupId/"
       path: "/securitygroups/$securityGroupId"
@@ -658,6 +678,7 @@ interface AuthProjectsProjectIdRouteChildren {
   AuthProjectsProjectIdComputeIndexRoute: typeof AuthProjectsProjectIdComputeIndexRoute
   AuthProjectsProjectIdServicesIndexRoute: typeof AuthProjectsProjectIdServicesIndexRoute
   AuthProjectsProjectIdServicesPcaIndexRoute: typeof AuthProjectsProjectIdServicesPcaIndexRoute
+  AuthProjectsProjectIdServicesPcaPcaIdIndexRoute: typeof AuthProjectsProjectIdServicesPcaPcaIdIndexRoute
   AuthProjectsProjectIdStorageProviderContainersIndexRoute: typeof AuthProjectsProjectIdStorageProviderContainersIndexRoute
   AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute: typeof AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute
 }
@@ -680,6 +701,8 @@ const AuthProjectsProjectIdRouteChildren: AuthProjectsProjectIdRouteChildren = {
     AuthProjectsProjectIdServicesIndexRoute,
   AuthProjectsProjectIdServicesPcaIndexRoute:
     AuthProjectsProjectIdServicesPcaIndexRoute,
+  AuthProjectsProjectIdServicesPcaPcaIdIndexRoute:
+    AuthProjectsProjectIdServicesPcaPcaIdIndexRoute,
   AuthProjectsProjectIdStorageProviderContainersIndexRoute:
     AuthProjectsProjectIdStorageProviderContainersIndexRoute,
   AuthProjectsProjectIdStorageProviderContainersContainerNameObjectsIndexRoute:

apps/aurora-portal/src/client/routes/_auth/projects/$projectId/services/pca/$pcaId/-components/PcaDetailsView.test.tsx

@@ -0,0 +1,94 @@
+import { describe, it, expect, vi, beforeEach } from "vitest"
+import { act, render, screen } from "@testing-library/react"
+import userEvent from "@testing-library/user-event"
+import { I18nProvider } from "@lingui/react"
+import { i18n } from "@lingui/core"
+import type { CertificateAuthority } from "@/server/Services/types/pca"
+import { PcaDetailsView } from "./PcaDetailsView"
+
+const mockNavigate = vi.fn()
+
+vi.mock("@tanstack/react-router", () => ({
+  useNavigate: () => mockNavigate,
+}))
+
+vi.mock("@/client/hooks", () => ({
+  useProjectId: () => "project-1",
+}))
+
+vi.mock("../../-components/-modals/DeletePcaModal", () => ({
+  DeletePcaModal: ({ open, onSuccess }: { open: boolean; onSuccess?: () => void }) =>
+    open ? (
+      <div>
+        <div>Delete CA Modal</div>
+        <button onClick={onSuccess}>Trigger Delete Success</button>
+      </div>
+    ) : null,
+}))
+
+describe("PcaDetailsView", () => {
+  const basePca: CertificateAuthority = {
+    id: "ca-1",
+    project_id: "project-1",
+    state: "READY",
+    configuration: {
+      subject: {
+        common_name: "ca.example.internal",
+      },
+    },
+    csr: "-----BEGIN CSR-----",
+    certificate: {
+      pem: "-----BEGIN CERTIFICATE-----\nTEST\n-----END CERTIFICATE-----",
+      validity: {
+        not_before: 1705315200,
+        not_after: 1705488000,
+      },
+    },
+  }
+
+  const renderView = (pca: CertificateAuthority = basePca) =>
+    render(
+      <I18nProvider i18n={i18n}>
+        <PcaDetailsView pca={pca} />
+      </I18nProvider>
+    )
+
+  beforeEach(async () => {
+    vi.clearAllMocks()
+    await act(async () => {
+      i18n.activate("en")
+    })
+  })
+
+  it("renders basic details content", () => {
+    renderView()
+
+    expect(screen.getByText("ca.example.internal Certificate Authority Details")).toBeInTheDocument()
+    expect(screen.getByText("Manage your Private Certificate Authority infrastructure")).toBeInTheDocument()
+    expect(screen.getByText("CA ID")).toBeInTheDocument()
+    expect(screen.getByText("ca-1")).toBeInTheDocument()
+    expect(screen.getByText("2 days")).toBeInTheDocument()
+  })
+
+  it("opens delete modal from details page", async () => {
+    const user = userEvent.setup()
+    renderView()
+
+    await user.click(screen.getByRole("button", { name: "Delete Certificate Authority" }))
+
+    expect(screen.getByText("Delete CA Modal")).toBeInTheDocument()
+  })
+
+  it("navigates to list page after delete success", async () => {
+    const user = userEvent.setup()
+    renderView()
+
+    await user.click(screen.getByRole("button", { name: "Delete Certificate Authority" }))
+    await user.click(screen.getByRole("button", { name: "Trigger Delete Success" }))
+
+    expect(mockNavigate).toHaveBeenCalledWith({
+      to: "/projects/$projectId/services/pca",
+      params: { projectId: "project-1" },
+    })
+  })
+})

apps/aurora-portal/src/client/routes/_auth/projects/$projectId/services/pca/$pcaId/-components/PcaDetailsView.tsx

@@ -0,0 +1,114 @@
+import { Fragment } from "react"
+import { MdDownload, MdContentCopy } from "react-icons/md"
+import { useNavigate } from "@tanstack/react-router"
+import { Trans, useLingui } from "@lingui/react/macro"
+import {
+  Button,
+  DescriptionDefinition,
+  DescriptionList,
+  DescriptionTerm,
+  Divider,
+  Stack,
+} from "@cloudoperators/juno-ui-components/index"
+import { CertificateAuthority } from "@/server/Services/types/pca"
+import { useProjectId } from "@/client/hooks"
+import { useModal } from "@/client/utils/useModal"
+import { DeletePcaModal } from "../../-components/-modals/DeletePcaModal"
+import { STATE_CONFIG } from "../../-components/-table/constants"
+
+interface PcaDetailsViewProps {
+  pca: CertificateAuthority
+}
+
+export const PcaDetailsView = ({ pca }: PcaDetailsViewProps) => {
+  const { t } = useLingui()
+  const navigate = useNavigate()
+  const projectId = useProjectId()
+  const [deletePcaModalOpen, toggleDeletePcaModal] = useModal(false)
+
+  const navigateToPcaList = () =>
+    navigate({
+      to: "/projects/$projectId/services/pca",
+      params: { projectId },
+    })
+
+  const basicInfo = [
+    { label: t`CA ID`, value: pca.id },
+    { label: t`Project ID`, value: pca.project_id },
+    { label: t`Subject`, value: pca.configuration?.subject?.common_name },
+    {
+      label: t`Duration/validity`,
+      value:
+        pca.certificate?.validity.not_before !== undefined && pca.certificate?.validity.not_after !== undefined
+          ? `${Math.round(
+              (pca.certificate.validity.not_after - pca.certificate.validity.not_before) / (60 * 60 * 24)
+            )} days`
+          : undefined,
+    },
+  ] as const
+
+  return (
+    <>
+      <Stack direction="vertical" gap="3">
+        <Stack direction="horizontal" distribution="between">
+          <Stack gap="2" alignment="center">
+            <div className="text-theme-default text-2xl font-semibold">
+              {`${pca.configuration?.subject?.common_name} Certificate Authority Details`}
+            </div>
+            {/* temporary bg, I will resolve this as soon as I will have sync with designers */}
+            <div className="bg-aurora-blue-200 flex items-center gap-1 rounded-sm px-1 py-0.5">
+              {STATE_CONFIG[pca.state].icon} {STATE_CONFIG[pca.state].text}
+            </div>
+          </Stack>
+          <Button onClick={toggleDeletePcaModal}>
+            <Trans>Delete Certificate Authority</Trans>
+          </Button>
+        </Stack>
+
+        <p className="text-theme-highest text-sm">
+          <Trans>Manage your Private Certificate Authority infrastructure</Trans>
+        </p>
+
+        <Stack gap="4" className="grid grid-cols-2 items-start">
+          <DescriptionList alignTerms="right" className="w-full">
+            {basicInfo.map(({ label, value }) => (
+              <Fragment key={label}>
+                <DescriptionTerm>{label}</DescriptionTerm>
+                <DescriptionDefinition>{value || "—"}</DescriptionDefinition>
+              </Fragment>
+            ))}
+          </DescriptionList>
+
+          <div className="bg-dt-background w-full rounded-sm">
+            <div className="text-theme-default p-4 text-xl font-bold">
+              Certificate {`${pca.configuration?.subject?.common_name}`}
+            </div>
+            <Divider />
+
+            <div className="p-4 text-sm break-all whitespace-pre-wrap">{pca?.csr}</div>
+
+            {/* I will implement downloading-copying functionality at issue/import part of the epic as I need to clarify some stuff with design-clavis team */}
+            <Divider />
+            <Stack gap="2" distribution="end" className="p-4">
+              <Button>
+                <MdDownload />
+              </Button>
+              <Button>
+                <MdContentCopy />
+              </Button>
+            </Stack>
+          </div>
+        </Stack>
+      </Stack>
+
+      {deletePcaModalOpen && (
+        <DeletePcaModal
+          pca={pca}
+          open={deletePcaModalOpen}
+          onClose={toggleDeletePcaModal}
+          onSuccess={navigateToPcaList}
+        />
+      )}
+    </>
+  )
+}