Merge branch 'main' into dev/refactor-how-comments-are-stored

gchq · Jun 17, 2024 · 1689101 · 1689101
2 parents e834c68 + 90468f8
commit 1689101
Show file tree

Hide file tree

Showing 13 changed files with 190 additions and 16 deletions.
diff --git a/backend/src/routes/v2/model/roles/getModelCurrentUserRoles.ts b/backend/src/routes/v2/model/roles/getModelCurrentUserRoles.ts
@@ -2,7 +2,7 @@ import bodyParser from 'body-parser'
 import { Request, Response } from 'express'
 import { z } from 'zod'
 
-import { Role } from '../../../../types/types.js'
+import { Role, RoleKind } from '../../../../types/types.js'
 import { parse } from '../../../../utils/validate.js'
 
 export const getModelCurrentUserRolesSchema = z.object({
@@ -28,23 +28,34 @@ export const getModelCurrentUserRoles = [
           id: 'msro',
           name: 'Model Senior Responsible Officer',
           short: 'MSRO',
+          kind: RoleKind.SCHEMA,
+          description: 'This role is specified by the schema in accordance with its policy.',
         },
         {
           id: 'mtr',
           name: 'Model Technical Reviewer',
           short: 'MTR',
+          kind: RoleKind.SCHEMA,
+          description: 'This role is specified by the schema in accordance with its policy.',
         },
         {
           id: 'consumer',
           name: 'Consumer',
+          kind: RoleKind.ENTRY,
+          description:
+            'This provides read only permissions for the model. If a model is private, these users will be able to view the model and create access requests.',
         },
         {
           id: 'contributor',
           name: 'Contributor',
+          kind: RoleKind.ENTRY,
+          description: 'This role allows users edit the model card and draft releases.',
         },
         {
           id: 'owner',
           name: 'Owner',
+          kind: RoleKind.ENTRY,
+          description: 'This role includes all permissions, such as managing model access and model deletion.',
         },
       ],
     })

diff --git a/backend/src/routes/v2/model/roles/getModelRoles.ts b/backend/src/routes/v2/model/roles/getModelRoles.ts
@@ -2,7 +2,7 @@ import bodyParser from 'body-parser'
 import { Request, Response } from 'express'
 import { z } from 'zod'
 
-import { Role } from '../../../../types/types.js'
+import { Role, RoleKind } from '../../../../types/types.js'
 import { parse } from '../../../../utils/validate.js'
 
 export const getModelRolesSchema = z.object({
@@ -28,23 +28,34 @@ export const getModelRoles = [
           id: 'msro',
           name: 'Model Senior Responsible Officer',
           short: 'MSRO',
+          kind: RoleKind.SCHEMA,
+          description: 'This role is specified by the schema in accordance with its policy.',
         },
         {
           id: 'mtr',
           name: 'Model Technical Reviewer',
           short: 'MTR',
+          kind: RoleKind.SCHEMA,
+          description: 'This role is specified by the schema in accordance with its policy.',
         },
         {
           id: 'consumer',
           name: 'Consumer',
+          kind: RoleKind.ENTRY,
+          description:
+            'This provides read only permissions for the model. If a model is private, these users will be able to view the model and create access requests.',
         },
         {
           id: 'contributor',
           name: 'Contributor',
+          kind: RoleKind.ENTRY,
+          description: 'This role allows users edit the model card and draft releases.',
         },
         {
           id: 'owner',
           name: 'Owner',
+          kind: RoleKind.ENTRY,
+          description: 'This role includes all permissions, such as managing model access and model deletion.',
         },
       ],
     })

diff --git a/backend/src/types/types.ts b/backend/src/types/types.ts
@@ -2,10 +2,19 @@ export interface User {
   dn: string
 }
 
+export const RoleKind = {
+  ENTRY: 'entry',
+  SCHEMA: 'schema',
+} as const
+
+export type RoleKindKeys = (typeof RoleKind)[keyof typeof RoleKind]
+
 export interface Role {
   id: string
   name: string
+  kind: RoleKindKeys
   short?: string
+  description?: string
 }
 
 export interface UiConfig {

diff --git a/frontend/src/common/HelpDialog.tsx b/frontend/src/common/HelpDialog.tsx
@@ -0,0 +1,31 @@
+import HelpOutlineIcon from '@mui/icons-material/HelpOutline'
+import { Button, Dialog, DialogActions, DialogContent, DialogTitle, IconButton, Tooltip } from '@mui/material'
+import { ReactNode, useState } from 'react'
+
+type HelpDialogProps = {
+  title: string
+  content: ReactNode
+}
+
+export default function HelpDialog({ title, content }: HelpDialogProps) {
+  const [open, setOpen] = useState(false)
+
+  return (
+    <>
+      <Tooltip title={title}>
+        <IconButton size='small' onClick={() => setOpen(true)}>
+          <HelpOutlineIcon />
+        </IconButton>
+      </Tooltip>
+      <Dialog open={open} onClose={() => setOpen(false)} maxWidth='md' disableEscapeKeyDown>
+        <DialogTitle>{title}</DialogTitle>
+        <DialogContent>{content}</DialogContent>
+        <DialogActions>
+          <Button color='secondary' variant='outlined' onClick={() => setOpen(false)}>
+            Close
+          </Button>
+        </DialogActions>
+      </Dialog>
+    </>
+  )
+}
diff --git a/frontend/src/entry/model/settings/EntryRolesInfo.tsx b/frontend/src/entry/model/settings/EntryRolesInfo.tsx
@@ -0,0 +1,89 @@
+import { Box, Grid, Typography } from '@mui/material'
+import { Stack } from '@mui/system'
+import { useGetModelRoles } from 'actions/model'
+import { ReactNode, useCallback, useMemo } from 'react'
+import Loading from 'src/common/Loading'
+import MessageAlert from 'src/MessageAlert'
+import { EntryInterface, RoleKind } from 'types/types'
+import { toSentenceCase } from 'utils/stringUtils'
+
+interface EntryRolesInfoProps {
+  entry: EntryInterface
+}
+
+export default function EntryRolesInfo({ entry }: EntryRolesInfoProps) {
+  const {
+    modelRoles: entryRoles,
+    isModelRolesLoading: isEntryRolesLoading,
+    isModelRolesError: isEntryRolesError,
+  } = useGetModelRoles(entry.id)
+
+  const getFilteredRoles = useCallback(
+    (roleKind: string) =>
+      entryRoles.reduce<ReactNode[]>((filteredRoles, entryRole) => {
+        if (entryRole.kind === roleKind) {
+          filteredRoles.push(
+            <Box key={entryRole.id}>
+              <Typography fontWeight='bold'>{entryRole.name}</Typography>
+              <Typography>{entryRole.description}</Typography>
+            </Box>,
+          )
+        }
+        return filteredRoles
+      }, []),
+    [entryRoles],
+  )
+
+  const entryRolesList = useMemo(() => getFilteredRoles(RoleKind.ENTRY), [getFilteredRoles])
+  const schemaRolesList = useMemo(() => getFilteredRoles(RoleKind.SCHEMA), [getFilteredRoles])
+
+  if (isEntryRolesError) {
+    return <MessageAlert message={isEntryRolesError.info.message} severity='error' />
+  }
+
+  return (
+    <>
+      {isEntryRolesLoading && <Loading />}
+      {!isEntryRolesLoading && (
+        <Stack spacing={2}>
+          <Typography>
+            Roles in Bailo are split into two categories; standard and dynamic. Standard roles are generic across
+            different schema and are used for determining {`${toSentenceCase(entry.kind)}`} permissions for general
+            purpose {`${toSentenceCase(entry.kind)}`} upkeep, whereas dynamic roles are created on a per schema basis
+            and used as part of the review process. The dynamic roles presented below are specified on the schema
+            selected for this {`${toSentenceCase(entry.kind)}`} and may not apply to other{' '}
+            {`${toSentenceCase(entry.kind)}s`} using a different schema.
+          </Typography>
+          <Grid container spacing={1}>
+            <Grid item xs={12} sm={6}>
+              <Stack spacing={1}>
+                <Box>
+                  <Typography component='h3' variant='h6' fontWeight='bold'>
+                    Standard Roles
+                  </Typography>
+                  <Typography variant='caption'>
+                    {`The following roles are generic across all ${toSentenceCase(entry.kind)}s`}
+                  </Typography>
+                </Box>
+                {entryRolesList}
+              </Stack>
+            </Grid>
+            <Grid item xs={12} sm={6}>
+              <Stack spacing={1}>
+                <Box>
+                  <Typography component='h3' variant='h6' fontWeight='bold'>
+                    Dynamic Roles
+                  </Typography>
+                  <Typography variant='caption'>
+                    {`The following roles are specified by this ${toSentenceCase(entry.kind)}'s schema`}
+                  </Typography>
+                </Box>
+                {schemaRolesList}
+              </Stack>
+            </Grid>
+          </Grid>
+        </Stack>
+      )}
+    </>
+  )
+}
diff --git a/frontend/src/entry/settings/EntryAccess.tsx b/frontend/src/entry/settings/EntryAccess.tsx
@@ -14,6 +14,8 @@ import { patchModel, useGetModel } from 'actions/model'
 import { useListUsers } from 'actions/user'
 import { debounce } from 'lodash-es'
 import { SyntheticEvent, useCallback, useEffect, useMemo, useState } from 'react'
+import HelpDialog from 'src/common/HelpDialog'
+import EntryRolesInfo from 'src/entry/model/settings/EntryRolesInfo'
 import EntityItem from 'src/entry/settings/EntityItem'
 import useNotification from 'src/hooks/useNotification'
 import MessageAlert from 'src/MessageAlert'
@@ -141,7 +143,12 @@ export default function EntryAccess({ entry }: EntryAccessProps) {
         <TableHead>
           <TableRow>
             <TableCell>Entity</TableCell>
-            <TableCell>Roles</TableCell>
+            <TableCell>
+              <Stack direction='row' spacing={1} alignItems='center'>
+                <span>Roles</span>
+                <HelpDialog title='What are roles?' content={<EntryRolesInfo entry={entry} />} />
+              </Stack>
+            </TableCell>
             <TableCell align='right'>Actions</TableCell>
           </TableRow>
         </TableHead>

diff --git a/frontend/src/settings/authentication/configTemplates.ts b/frontend/src/settings/authentication/configTemplates.ts
@@ -12,9 +12,9 @@ metadata:
   name:  ${toKebabCase(description)}-secret
 data:
   .dockerconfigjson: ${btoa(
-    `{"auths":{"${registryUrl}":{"username":"${accessKey}","password":"${secretKey}","auth":${btoa(
+    `{"auths":{"${registryUrl}":{"username":"${accessKey}","password":"${secretKey}","auth":"${btoa(
       `${accessKey}:${secretKey}`,
-    )}}}}`,
+    )}"}}}`,
   )}
 type: kubernetes.io/dockerconfigjson`
 }

diff --git a/frontend/types/types.ts b/frontend/types/types.ts
@@ -127,10 +127,19 @@ export interface EntryCardRevisionInterface {
   updatedAt: string
 }
 
+export const RoleKind = {
+  ENTRY: 'entry',
+  SCHEMA: 'schema',
+} as const
+
+export type RoleKindKeys = (typeof RoleKind)[keyof typeof RoleKind]
+
 export interface Role {
   id: string
   name: string
   short?: string
+  kind?: RoleKindKeys
+  description?: string
 }
 
 export const SchemaKind = {

diff --git a/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml b/infrastructure/helm/bailo/templates/bailo/bailo.deployment.yaml
@@ -21,6 +21,9 @@ spec:
       labels:
         name: backend
     spec:
+      {{- if .Values.backend.serviceAccount }}
+      serviceAccountName: {{ .Values.backend.serviceAccount }}
+      {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}

diff --git a/infrastructure/helm/bailo/templates/certs.yaml b/infrastructure/helm/bailo/templates/certs.yaml
@@ -6,4 +6,4 @@ metadata:
     {{- include "bailo.labels" . | nindent 4 }}
 type: Opaque
 data:
-{{ (.Files.Glob "certs/**.pem").AsSecrets | indent 2 }}
+{{ (.Files.Glob "{certs/**.pem,certs/jwks.json}").AsSecrets | indent 2 }}
diff --git a/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml b/infrastructure/helm/bailo/templates/registry/registry.configmap.yaml
@@ -16,7 +16,7 @@ data:
       cache:
         blobdescriptor: inmemory
       s3:
-       {{- if .Values.minio.enabled }}
+        {{- if .Values.minio.enabled }}
         regionendpoint: {{ ternary "https" "http" (eq .Values.minio.useSSL true)}}://{{ include "bailo.minio.host" . }}:{{ .Values.minio.service.ports.api }}
         {{- end }}
         bucket: {{ .Values.minio.registryBucket }}

diff --git a/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml b/infrastructure/helm/bailo/templates/registry/registry.deployment.yaml
@@ -15,6 +15,9 @@ spec:
       labels:
         name: registry
     spec:
+      {{- if .Values.registry.serviceAccount }}
+      serviceAccountName: {{ .Values.registry.serviceAccount }}
+      {{- end }}
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -61,6 +64,8 @@ spec:
           value: "RegistryIssuer"
         - name: REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE
           value: {{ .Values.registry.certDir }}/{{ .Values.registry.certFile }}
+        - name: REGISTRY_AUTH_TOKEN_JWKS
+          value: {{ .Values.registry.certDir }}/{{ .Values.registry.jwksFile }}
         - name: REGISTRY_HTTP_SECRET
           valueFrom:
             secretKeyRef:
@@ -87,3 +92,5 @@ spec:
               path: {{ .Values.registry.certFile }}
             - key: {{ .Values.nginxcert.key }}
               path: {{ .Values.registry.keyFile }}
+            - key: {{ .Values.registry.jwksFile }}
+              path: {{ .Values.registry.jwksFile }}
diff --git a/infrastructure/helm/bailo/values.yaml b/infrastructure/helm/bailo/values.yaml
@@ -178,15 +178,17 @@ minio:
 # Registry Dependencies
 registry:
   repository: registry
-  tag: 2
+  tag: 3.0.0-alpha.1
   enabled: true
   protocol: "https"
   #host: "bailo-registry" # service name
   port: 5000 # default 5000
   insecure: "true"
   certDir: "/certs"
   certFile: cert.pem #use san.cnf to create certs
+  jwksFile: jwks.json
   keyFile: key.pem
+  serviceAccount: ''
 
 # Nginx Dependencies
 nginxAuth:
@@ -210,11 +212,6 @@ openshift:
 
 # Instance Settings
 config:
-  s2i:
-    name: "seldonio - 1.10.0"
-    image: seldonio/seldon-core-s2i-python37:1.10.0
-  supportEmail: "[email protected]"
-
   ui:
     banner:
       enabled: false
@@ -231,9 +228,6 @@ config:
     pass: "mailpass"
     from: "[email protected]"
 
-  build:
-    environment: img # 'img' for k8s | eks and  'openshfit' for openshift
-
   app:
     protocol: "https"
     port: 443
@@ -263,3 +257,6 @@ inference:
   # Url for the inferencing cluster
   host: 'https://example.com'
   gpus:
+
+backend:
+  serviceAccount: ''