Merge remote-tracking branch 'origin/main' into dependabot/docker/docker-dependencies-1784aaf028

svcAPLBot · svcAPLBot · commit 895ace7527d8 · 2025-08-25T13:45:09.000Z
diff --git a/src/pages/network-policies/create-edit/NetworkPoliciesEgressCreateEditPage.tsx b/src/pages/network-policies/create-edit/NetworkPoliciesEgressCreateEditPage.tsx
@@ -21,6 +21,7 @@ import {
 } from 'redux/otomiApi'
 import { useTranslation } from 'react-i18next'
 import { Divider } from 'components/Divider'
+import { isEqual } from 'lodash'
 import { createEgressSchema } from './create-edit-networkPolicies.validator'
 import { useStyles } from './create-edit-networkPolicies.styles'
 import NetworkPolicyEgressPortRow from './NetworkPolicyEgressPortRow'
@@ -178,8 +179,8 @@ export default function NetworkPoliciesEgressCreateEditPage({
               variant='contained'
               color='primary'
               loading={isCreating || isUpdating}
-              disabled={busy}
-              sx={{ float: 'right' }}
+              disabled={busy || isEqual(data, watch())}
+              sx={{ float: 'right', textTransform: 'none' }}
             >
               {networkPolicyName ? 'Save Changes' : 'Create Outbound Rule'}
             </LoadingButton>
diff --git a/src/pages/network-policies/create-edit/NetworkPoliciesIngressCreateEditPage.tsx b/src/pages/network-policies/create-edit/NetworkPoliciesIngressCreateEditPage.tsx
@@ -23,6 +23,7 @@ import { Delete as DeleteIcon } from '@mui/icons-material'
 import { useCallback, useEffect, useState } from 'react'
 import { useTranslation } from 'react-i18next'
 import InformationBanner from 'components/InformationBanner'
+import { isEqual } from 'lodash'
 import { useStyles } from './create-edit-networkPolicies.styles'
 import { createIngressSchema } from './create-edit-networkPolicies.validator'
 import NetworkPolicyPodLabelRow from './NetworkPolicyPodLabelRow'
@@ -152,7 +153,7 @@ export default function NetworkPoliciesIngressCreateEditPage({
               {sourceFields.map((field, index) => (
                 <div key={field.id} style={{ display: 'flex', alignItems: 'flex-end', gap: '8px' }}>
                   <NetworkPolicyPodLabelRow
-                    aplWorkloads={aplWorkloads}
+                    aplWorkloads={aplWorkloads || []}
                     teamId={teamId}
                     rowIndex={index}
                     fieldArrayName={`ruleType.ingress.allow.${index}`}
@@ -191,7 +192,7 @@ export default function NetworkPoliciesIngressCreateEditPage({
 
               {/* Target row needs seperate component becuase of data shape */}
               <NetworkPolicyTargetLabelRow
-                aplWorkloads={aplWorkloads}
+                aplWorkloads={aplWorkloads || []}
                 teamId={teamId}
                 prefixName='ruleType.ingress'
                 showBanner={toggleShowMultiPodInformationBanner}
@@ -216,7 +217,7 @@ export default function NetworkPoliciesIngressCreateEditPage({
               variant='contained'
               color='primary'
               loading={isLoadingCreate || isLoadingUpdate}
-              disabled={isLoadingCreate || isLoadingUpdate || isLoadingDelete}
+              disabled={isLoadingCreate || isLoadingUpdate || isLoadingDelete || isEqual(data, watch())}
               sx={{ float: 'right', textTransform: 'none' }}
             >
               {networkPolicyName ? 'Save Changes' : 'Create Inbound Rule'}
diff --git a/src/pages/network-policies/create-edit/NetworkPolicyPodLabelMatchHelper.ts b/src/pages/network-policies/create-edit/NetworkPolicyPodLabelMatchHelper.ts
@@ -17,6 +17,8 @@ interface WorkloadOption {
  * @returns A PodLabelMatch with the selected label name and value, or null if none matched.
  */
 export function getDefaultPodLabel(workloadName: string, podLabels: Record<string, string>): PodLabelMatch | null {
+  if (!workloadName || !podLabels || typeof podLabels !== 'object') return null
+
   // 1. Exact match on app.kubernetes.io/instance
   const instanceKey = 'app.kubernetes.io/instance'
   const instanceValue = podLabels[instanceKey]
@@ -28,16 +30,16 @@ export function getDefaultPodLabel(workloadName: string, podLabels: Record<strin
   if (componentValue === 'rabbitmq') return { name: instanceKey, value: `${workloadName}-${componentValue}` }
 
   // 3. Knative serving label
-  const knativeKey = Object.keys(podLabels).find((key) => key.startsWith('serving.knative.dev/service'))
+  const knativeKey = Object.keys(podLabels).find((key) => key?.startsWith('serving.knative.dev/service'))
   if (knativeKey) return { name: knativeKey, value: podLabels[knativeKey] }
 
   // 4. cnpg cluster label
-  const cnpgKey = Object.keys(podLabels).find((key) => key.startsWith('cnpg.io/cluster'))
+  const cnpgKey = Object.keys(podLabels).find((key) => key?.startsWith('cnpg.io/cluster'))
   if (cnpgKey) return { name: cnpgKey, value: podLabels[cnpgKey] }
 
   // 5. Istio canonical name for ksvc workloads
   const istioKey = 'service.istio.io/canonical-name'
-  if (workloadName.startsWith('ksvc-')) {
+  if (workloadName?.startsWith('ksvc-')) {
     const istioValue = podLabels[istioKey]
     if (istioValue === workloadName) return { name: istioKey, value: istioValue }
   }
@@ -55,7 +57,7 @@ export function getInitialActiveWorkloadRow(
   namespaceValue: string,
   workloads: GetAllAplWorkloadNamesApiResponse,
 ): WorkloadOption {
-  if (!labelValue) return { name: 'unknown', namespace: '' }
+  if (!labelValue || !workloads || !Array.isArray(workloads)) return { name: 'unknown', namespace: '' }
 
   const normalizedLabel = normalizeRabbitMQLabel(labelValue)
   const matches = workloads.filter(
@@ -73,7 +75,7 @@ export function getInitialActiveWorkloadTarget(
   labelValue: string,
   workloads: GetAllAplWorkloadNamesApiResponse,
 ): string {
-  if (!labelValue) return 'unknown'
+  if (!labelValue || !workloads || !Array.isArray(workloads)) return 'unknown'
 
   const normalizedLabel = normalizeRabbitMQLabel(labelValue)
   const matches = workloads.filter((w) => w.metadata.name === normalizedLabel)
diff --git a/src/pages/network-policies/create-edit/NetworkPolicyPodLabelRow.tsx b/src/pages/network-policies/create-edit/NetworkPolicyPodLabelRow.tsx
@@ -49,14 +49,14 @@ export default function NetworkPolicyPodLabelRow({
   const [activeWorkload, setActiveWorkload] = useState<WorkloadOption | null>(null)
   const [circuitBreaker, setCircuitBreaker] = useState<boolean>(true)
 
-  const arrayError = (errors.ruleType?.ingress.allow?.root as any)?.message as string | undefined
+  const arrayError = (errors.ruleType?.ingress?.allow?.root as any)?.message as string | undefined
 
   // build and sort workload options
   const workloadOptions = useMemo(
     () =>
       aplWorkloads
-        .map((w) => ({ name: w.metadata.name, namespace: w.metadata.namespace }))
-        .sort((a, b) => a.namespace.localeCompare(b.namespace) || a.name.localeCompare(b.name)),
+        ?.map((w) => ({ name: w.metadata.name, namespace: w.metadata.namespace }))
+        ?.sort((a, b) => a.namespace.localeCompare(b.namespace) || a.name.localeCompare(b.name)),
     [aplWorkloads],
   )
 
@@ -75,7 +75,7 @@ export default function NetworkPolicyPodLabelRow({
     const { fromLabelValue, fromNamespace } = field.value as PodLabelMatch
     if (fromLabelValue) {
       const initialActiveWorkload = getInitialActiveWorkloadRow(fromLabelValue, fromNamespace, aplWorkloads)
-      if (initialActiveWorkload.name === 'unknown' || initialActiveWorkload.name === 'multiple') showBanner()
+      if (initialActiveWorkload.name === 'unknown' || initialActiveWorkload.name === 'multiple') showBanner?.()
       setActiveWorkload(initialActiveWorkload)
     } else setCircuitBreaker(false)
   }, [])
@@ -90,7 +90,9 @@ export default function NetworkPolicyPodLabelRow({
   useEffect(() => {
     if (podLabels && circuitBreaker) setCircuitBreaker(false)
     if (!activeWorkload || !podLabels) return
-    const match = getDefaultPodLabel(activeWorkload.name, podLabels)
+    const currentValue = field.value as PodLabelMatch
+    if (currentValue?.fromLabelName && currentValue?.fromLabelValue) return
+    const match = getDefaultPodLabel(activeWorkload.name, podLabels as Record<string, string>)
     if (match) {
       field.onChange({
         fromNamespace: activeWorkload.namespace,
@@ -111,7 +113,7 @@ export default function NetworkPolicyPodLabelRow({
         groupBy={(opt) => opt.namespace}
         getOptionLabel={(opt) => opt.name}
         value={activeWorkload}
-        onChange={(_e, opt) => setActiveWorkload({ name: opt?.name, namespace: opt?.namespace })}
+        onChange={(_e, opt) => setActiveWorkload(opt ? { name: opt?.name, namespace: opt?.namespace } : null)}
       />
 
       <Autocomplete
@@ -121,11 +123,15 @@ export default function NetworkPolicyPodLabelRow({
         multiple={false}
         errorText={arrayError && rowIndex === 0 ? arrayError : ''}
         helperText={arrayError && rowIndex === 0 ? arrayError : ''}
-        options={Object.entries((podLabels as Record<string, string>) ?? {}).map(([k, v]) => `${k}:${v}`)}
-        value={field.value?.fromLabelName ? `${field.value.fromLabelName}:${field.value.fromLabelValue ?? ''}` : null}
+        options={
+          podLabels && typeof podLabels === 'object'
+            ? Object.entries(podLabels as Record<string, string>).map(([k, v]) => `${k}=${v}`)
+            : []
+        }
+        value={field.value?.fromLabelName ? `${field.value.fromLabelName}=${field.value.fromLabelValue ?? ''}` : null}
         onChange={(_e, raw: string | null) => {
-          const [name, value] = raw?.split(':', 2) ?? []
-          field.onChange({ fromNamespace: activeWorkload.namespace, fromLabelName: name, fromLabelValue: value })
+          const [name, value] = raw?.split('=', 2) ?? []
+          field.onChange({ fromNamespace: activeWorkload?.namespace, fromLabelName: name, fromLabelValue: value })
         }}
       />
     </FormRow>
diff --git a/src/pages/network-policies/create-edit/NetworkPolicyTargetPodLabelRow.tsx b/src/pages/network-policies/create-edit/NetworkPolicyTargetPodLabelRow.tsx
@@ -51,46 +51,46 @@ export default function NetworkPolicyTargetLabelRow({
   // build workload options, but only those in this team’s namespace
   const workloadOptions = useMemo<WorkloadOption[]>(() => {
     return aplWorkloads
-      .map((w) => ({ name: w.metadata.name, namespace: w.metadata.namespace }))
-      .filter((o) => o.namespace === `team-${teamId}`)
-      .sort((a, b) => a.namespace.localeCompare(b.namespace) || a.name.localeCompare(b.name))
+      ?.map((w) => ({ name: w.metadata.name, namespace: w.metadata.namespace }))
+      ?.filter((o) => o.namespace === `team-${teamId}`)
+      ?.sort((a, b) => a.namespace.localeCompare(b.namespace) || a.name.localeCompare(b.name))
   }, [aplWorkloads, teamId])
 
   // find the currently selected option object
-  const selectedWorkloadOption = workloadOptions.find((o) => o.name === activeWorkload) || null
+  const selectedWorkloadOption = workloadOptions?.find((o) => o.name === activeWorkload) || null
 
   // fetch the label→value map for that pod spec
   const { data: podLabels } = useGetK8SWorkloadPodLabelsQuery(
     { teamId, workloadName: activeWorkload, namespace: `team-${teamId}` },
     { skip: !activeWorkload },
   )
-  const labelOptions = useMemo(() => Object.entries(podLabels ?? {}).map(([k, v]) => `${k}:${v}`), [podLabels])
+  const labelOptions = useMemo(() => Object.entries(podLabels ?? {}).map(([k, v]) => `${k}=${v}`), [podLabels])
 
   // Initial edit-mode circuitbreaker, prevent prepopulated fields from starting a rerender loop
   useEffect(() => {
     if (toValue && circuitBreaker) {
       setCircuitBreaker(false)
       if (isEditMode) {
         const initialActiveWorkload = getInitialActiveWorkloadTarget(toValue, aplWorkloads)
-        if (initialActiveWorkload === 'unknown' || initialActiveWorkload === 'multiple') showBanner()
+        if (initialActiveWorkload === 'unknown' || initialActiveWorkload === 'multiple') showBanner?.()
         else setActiveWorkload(initialActiveWorkload)
       }
     }
   }, [toValue])
 
-  // once podLabels arrive, and no explicit toName, apply default
+  // once podLabels arrive, and no explicit toName, apply default (only on initial load, not after user clears)
   useEffect(() => {
-    if (activeWorkload && podLabels) {
+    if (activeWorkload && podLabels && !toName && !toValue && circuitBreaker) {
       const match = getDefaultPodLabel(activeWorkload, podLabels)
       if (match) {
         setValue(`${prefixName}.toLabelName`, match.name)
         setValue(`${prefixName}.toLabelValue`, match.value)
       }
     }
-  }, [activeWorkload, podLabels])
+  }, [activeWorkload, podLabels, toName, toValue, circuitBreaker])
 
   // once the user has picked or defaulted a toName/toValue, fetch matching pod names
-  const rawSelector = toName && toValue ? `${toName}:${toValue}` : ''
+  const rawSelector = toName && toValue ? `${toName}=${toValue}` : ''
 
   return (
     <FormRow spacing={10}>
@@ -104,6 +104,9 @@ export default function NetworkPolicyTargetLabelRow({
         value={selectedWorkloadOption}
         onChange={(_e, opt) => {
           setActiveWorkload(opt?.name ?? '')
+          if (!opt) setCircuitBreaker(false)
+          setValue(`${prefixName}.toLabelName`, '')
+          setValue(`${prefixName}.toLabelValue`, '')
         }}
       />
 
@@ -117,9 +120,10 @@ export default function NetworkPolicyTargetLabelRow({
           if (!newVal) {
             setValue(`${prefixName}.toLabelName`, '')
             setValue(`${prefixName}.toLabelValue`, '')
+            setCircuitBreaker(false)
             return
           }
-          const [name, value] = newVal.split(':', 2)
+          const [name, value] = newVal.split('=', 2) ?? []
           setValue(`${prefixName}.toLabelName`, name)
           setValue(`${prefixName}.toLabelValue`, value)
         }}
diff --git a/src/pages/network-policies/create-edit/create-edit-networkPolicies.validator.ts b/src/pages/network-policies/create-edit/create-edit-networkPolicies.validator.ts
@@ -47,7 +47,14 @@ export interface CreateEgressNetpolApiResponse {
 export const createIngressSchema = yup.object({
   id: yup.string().optional(),
   teamId: yup.string().optional(),
-  name: yup.string().required('Inbound rule name is required').max(24, 'Name must not exceed 24 characters'),
+  name: yup
+    .string()
+    .required('Inbound rule name is required')
+    .max(24, 'Name must not exceed 24 characters')
+    .matches(
+      /^[a-z](?:[a-z0-9-]*[a-z0-9])?$/,
+      'Name must start with a lowercase letter, contain only lowercase letters, numbers, and hyphens, and end with a letter or number',
+    ),
   ruleType: yup
     .object({
       type: yup.mixed<IngressRuleType['type']>().oneOf(['ingress']).required(),
@@ -89,7 +96,14 @@ export const createIngressSchema = yup.object({
 export const createEgressSchema = yup.object({
   id: yup.string().optional(),
   teamId: yup.string().optional(),
-  name: yup.string().required('Name is required').max(24, 'Name must not exceed 24 characters'),
+  name: yup
+    .string()
+    .required('Name is required')
+    .max(24, 'Name must not exceed 24 characters')
+    .matches(
+      /^[a-z](?:[a-z0-9-]*[a-z0-9])?$/,
+      'Name must start with a lowercase letter, contain only lowercase letters, numbers, and hyphens, and end with a letter or number',
+    ),
   ruleType: yup
     .object({
       type: yup.mixed<EgressRuleType['type']>().oneOf(['egress']).required(),
@@ -115,6 +129,36 @@ export const createEgressSchema = yup.object({
                   .required('Protocol is required'),
               }),
             )
+            .test('unique-ports', function (ports) {
+              if (!ports || ports.length <= 1) return true
+
+              const portNumbers: number[] = []
+              const duplicateIndexes: number[] = []
+
+              // Find all duplicate port numbers and their indexes
+              ports.forEach((port: any, index: number) => {
+                if (port?.number) {
+                  const existingIndex = portNumbers.indexOf(port.number as number)
+                  if (existingIndex !== -1) {
+                    // Mark both the original and current as duplicates
+                    if (!duplicateIndexes.includes(existingIndex)) duplicateIndexes.push(existingIndex)
+                    duplicateIndexes.push(index)
+                  } else portNumbers.push(port.number as number)
+                }
+              })
+
+              if (duplicateIndexes.length === 0) return true
+
+              // Create errors for each duplicate port
+              const errors = duplicateIndexes.map((index) =>
+                this.createError({
+                  path: `${this.path}[${index}].number`,
+                  message: 'Port number is already used',
+                }),
+              )
+
+              return new yup.ValidationError(errors)
+            })
             .optional(),
         })
         .required(),
