feat: add support for enforcement of approval policy in deployment and configuration change

package.json

@@ -4,7 +4,7 @@
     "private": true,
     "homepage": "/dashboard",
     "dependencies": {
-        "@devtron-labs/devtron-fe-common-lib": "1.3.0",
+        "@devtron-labs/devtron-fe-common-lib": "1.3.0-beta-4",
         "@esbuild-plugins/node-globals-polyfill": "0.2.3",
         "@rjsf/core": "^5.13.3",
         "@rjsf/utils": "^5.13.3",

src/Pages/Applications/DevtronApps/Details/AppConfigurations/AppConfig.constants.ts

@@ -1,7 +1,7 @@
-import { EnvResourceType } from '@devtron-labs/devtron-fe-common-lib'
+import { BASE_CONFIGURATION_ENV_ID, EnvResourceType } from '@devtron-labs/devtron-fe-common-lib'
 
 export const BASE_CONFIGURATIONS = {
-    id: -1,
+    id: BASE_CONFIGURATION_ENV_ID,
     name: 'Base Configurations',
 }
 

src/Pages/Applications/DevtronApps/Details/AppConfigurations/AppConfig.tsx

@@ -26,6 +26,7 @@ import {
     ResourceKindType,
     ToastManager,
     ToastVariantType,
+    ResourceIdToResourceApprovalPolicyConfigMapType,
 } from '@devtron-labs/devtron-fe-common-lib'
 import { URLS, getAppComposeURL, APP_COMPOSE_STAGE, ViewType } from '../../../../../config'
 import { importComponentFromFELibrary } from '../../../../../components/common'
@@ -38,7 +39,6 @@ import {
     AppStageUnlockedType,
     STAGE_NAME,
     DEFAULT_LANDING_STAGE,
-    ConfigProtection,
 } from './AppConfig.types'
 import { getUserRole } from '../../../../GlobalConfigurations/Authorization/authorization.service'
 import { isCIPipelineCreated, isCDPipelineCreated, getNavItems, isUnlocked } from './AppConfig.utils'
@@ -47,13 +47,12 @@ import { UserRoleType } from '../../../../GlobalConfigurations/Authorization/con
 import { AppNavigation } from './Navigation/AppNavigation'
 import { AppConfigStatusItemType } from '../../service.types'
 import { getAppConfigStatus, getEnvConfig } from '../../service'
-import { AppOtherEnvironment } from '../../../../../services/service.types'
 import { deleteApp } from './AppConfig.service'
 import { AppConfigurationProvider } from './AppConfiguration.provider'
 import { ENV_CONFIG_PATH_REG } from './AppConfig.constants'
 
-const ConfigProtectionView = importComponentFromFELibrary('ConfigProtectionView')
-const getConfigProtections = importComponentFromFELibrary('getConfigProtections', null, 'function')
+const getApprovalPolicyConfigForApp: (appId: number) => Promise<ResourceIdToResourceApprovalPolicyConfigMapType> =
+    importComponentFromFELibrary('getApprovalPolicyConfigForApp', null, 'function')
 
 export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigProps) => {
     // HOOKS
@@ -79,8 +78,7 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
         canDeleteApp: false,
         workflowsRes: null,
         environmentList: [],
-        isBaseConfigProtected: false,
-        configProtectionData: [],
+        envIdToEnvApprovalConfigurationMap: {} as ResourceIdToResourceApprovalPolicyConfigMapType,
         envConfig: {
             isLoading: true,
             config: null,
@@ -98,55 +96,36 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
      *
      * The function performs the following steps:
      * 1. Calls `getAppOtherEnvironmentMin` or `getJobOtherEnvironmentMin` (if resource kind is `job` (isJob)) with the application ID (`appId`) to fetch the environment configurations.
-     * 2. Calls `getConfigProtections` with the application ID (`appId`) if the function is defined and resource kind is `job` (isJob), to fetch configuration protections.
+     * 2. Calls `getApprovalPolicyConfigForApp` with the application ID (`appId`) if the function is defined and resource kind is `job` (isJob), to fetch configuration protections.
      * 3. Creates a map (`envProtectMap`) to store protection states for each environment based on the configuration protections response.
      * 4. Filters the environment configurations based on `filteredEnvIds`, if provided, and marks them as protected if they are found in the protection map.
      * 5. Sorts the filtered and updated environments by their names.
      * 6. Determines if base configuration protection is enabled by checking the protection map for the key `-1`.
      *
      * The promise resolves to an object with the following properties:
      * - `updatedEnvs`: An array of updated environment configurations, each marked with a protection status.
-     * - `isBaseConfigProtectionEnabled`: A boolean flag indicating if the base configuration protection is enabled.
      * - `configProtections`: An array of configuration protection objects.
      */
     const fetchEnvironments = (): Promise<{
-        updatedEnvs: AppOtherEnvironment['result']
-        isBaseConfigProtectionEnabled: boolean
-        configProtections: ConfigProtection[]
+        updatedEnvs: AppConfigState['environmentList']
+        envIdToEnvApprovalConfigurationMap: ResourceIdToResourceApprovalPolicyConfigMapType
     }> =>
         Promise.all([
             isJob ? getJobOtherEnvironmentMin(appId) : getAppOtherEnvironmentMin(appId),
-            typeof getConfigProtections === 'function' && !isJob ? getConfigProtections(Number(appId)) : null,
-        ]).then(([envResult, configProtectionsResp]) => {
-            let envProtectMap: Record<number, boolean> = {}
-
-            if (configProtectionsResp?.result) {
-                envProtectMap = configProtectionsResp.result.reduce((acc, config) => {
-                    acc[config.envId] = config.state === 1
-                    return acc
-                }, {})
-            }
-
+            typeof getApprovalPolicyConfigForApp === 'function' && !isJob
+                ? getApprovalPolicyConfigForApp(Number(appId))
+                : null,
+        ]).then(([envResult, envIdToEnvApprovalConfigurationMap]) => {
             const filteredEnvMap = filteredEnvIds?.split(',').reduce((agg, curr) => agg.set(+curr, true), new Map())
 
-            const updatedEnvs =
+            const updatedEnvs: AppConfigState['environmentList'] =
                 envResult.result
                     ?.filter((env) => !filteredEnvMap || filteredEnvMap.get(env.environmentId))
-                    .map((env) => {
-                        const envData = { ...env, isProtected: false }
-                        if (envProtectMap[env.environmentId]) {
-                            envData.isProtected = true
-                        }
-                        return envData
-                    })
                     ?.sort((envA, envB) => envA.environmentName.localeCompare(envB.environmentName)) || []
 
-            const isBaseConfigProtectionEnabled = envProtectMap[-1] ?? false
-
             return {
                 updatedEnvs,
-                isBaseConfigProtectionEnabled,
-                configProtections: configProtectionsResp?.result ?? [],
+                envIdToEnvApprovalConfigurationMap,
             }
         })
 
@@ -271,15 +250,24 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
         }
     }
 
-    const processConfigStatusData = (configStatusRes: AppConfigStatusItemType[]) => {
+    const processConfigStatusData = (
+        configStatusRes: AppConfigStatusItemType[],
+        envIdToEnvApprovalConfigurationMap: AppConfigState['envIdToEnvApprovalConfigurationMap'],
+    ) => {
         const _isGitOpsConfigurationRequired = configStatusRes.find(
             ({ stageName }) => stageName === STAGE_NAME.GITOPS_CONFIG,
         )?.required
         const { configs, lastConfiguredStage } = getUnlockedConfigsAndLastStage(
             configStatusRes,
             _isGitOpsConfigurationRequired,
         )
-        const { navItems } = getNavItems(configs, appId, resourceKind, _isGitOpsConfigurationRequired)
+        const { navItems } = getNavItems({
+            _isUnlocked: configs,
+            appId,
+            resourceKind,
+            isGitOpsConfigurationRequired: _isGitOpsConfigurationRequired,
+            envIdToEnvApprovalConfigurationMap,
+        })
         // Finding index of navItem which is locked and is not of alternate nav menu (nav-item rendering on different path)
         let index = navItems.findIndex((item) => !item.altNavKey && item.isLocked)
         if (index < 0) {
@@ -294,10 +282,9 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
     useEffect(() => {
         if (appConfigData) {
             // SET APP CONFIG DATA IN STATE
-            const [configStatusRes, workflowRes, { updatedEnvs, configProtections, isBaseConfigProtectionEnabled }] =
-                appConfigData
+            const [configStatusRes, workflowRes, { updatedEnvs, envIdToEnvApprovalConfigurationMap }] = appConfigData
             const { navItems, isCDPipeline, isCiPipeline, configs, redirectUrl, lastConfiguredStage } =
-                processConfigStatusData(configStatusRes.result)
+                processConfigStatusData(configStatusRes.result, envIdToEnvApprovalConfigurationMap)
 
             setState({
                 ...state,
@@ -314,8 +301,7 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
                 canDeleteApp: workflowRes.result.workflows.length === 0,
                 workflowsRes: workflowRes.result,
                 environmentList: updatedEnvs,
-                isBaseConfigProtected: isBaseConfigProtectionEnabled,
-                configProtectionData: configProtections,
+                envIdToEnvApprovalConfigurationMap,
             })
             if (location.pathname === match.url) {
                 history.replace(redirectUrl)
@@ -370,6 +356,7 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
             .then((configStatusRes) => {
                 const { navItems, isCDPipeline, isCiPipeline, configs, redirectUrl } = processConfigStatusData(
                     configStatusRes.result,
+                    state.envIdToEnvApprovalConfigurationMap,
                 )
                 setState((prevState) => ({
                     ...prevState,
@@ -394,12 +381,11 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
 
     const reloadEnvironments = () => {
         fetchEnvironments()
-            .then(({ updatedEnvs, isBaseConfigProtectionEnabled, configProtections }) => {
+            .then(({ updatedEnvs, envIdToEnvApprovalConfigurationMap }) => {
                 setState((prevState) => ({
                     ...prevState,
                     environmentList: updatedEnvs,
-                    isBaseConfigProtected: isBaseConfigProtectionEnabled,
-                    configProtectionData: configProtections,
+                    envIdToEnvApprovalConfigurationMap,
                 }))
             })
             .catch((errors) => {
@@ -477,9 +463,7 @@ export const AppConfig = ({ appName, resourceKind, filteredEnvIds }: AppConfigPr
                 : 'app-compose-with-no-gitops-config__nav'
         } ${isJob ? 'job-compose__side-nav' : ''} ${
             !showCannotDeleteTooltip ? 'dc__position-rel' : ''
-        }  ${hideConfigHelp ? 'hide-app-config-help' : ''} ${!canShowExternalLinks ? 'hide-external-links' : ''} ${
-            state.isUnlocked.workflowEditor && ConfigProtectionView && !isJob ? 'config-protection__side-nav' : ''
-        }`
+        }  ${hideConfigHelp ? 'hide-app-config-help' : ''} ${!canShowExternalLinks ? 'hide-external-links' : ''}`
     }
 
     const toggleRepoSelectionTippy = () => {

src/Pages/Applications/DevtronApps/Details/AppConfigurations/AppConfig.types.ts

@@ -20,6 +20,7 @@ import {
     AppEnvDeploymentConfigType,
     EnvResourceType,
     AppEnvironment,
+    ResourceIdToResourceApprovalPolicyConfigMapType,
 } from '@devtron-labs/devtron-fe-common-lib'
 
 import { ViewType } from '@Config/constants'
@@ -43,7 +44,6 @@ export enum STAGE_NAME {
     SECRETS = 'SECRETS',
     ENV_OVERRIDE = 'ENV_OVERRIDE',
     EXTERNAL_LINKS = 'EXTERNAL_LINKS',
-    PROTECT_CONFIGURATION = 'PROTECT_CONFIGURATION',
     REDIRECT_ITEM = 'REDIRECT_ITEM',
 }
 
@@ -92,10 +92,7 @@ export interface AppConfigState {
     workflowsRes?: WorkflowResult
     /** Array containing environments data. */
     environmentList?: AppEnvironment[]
-    /** Boolean indicating if the base configuration is protected. */
-    isBaseConfigProtected?: boolean
-    /** Array of configuration protection data which denotes which env is in protected state. */
-    configProtectionData?: ConfigProtection[]
+    envIdToEnvApprovalConfigurationMap: ResourceIdToResourceApprovalPolicyConfigMapType
     /** The environment config containing the loading state, configState and title of deployment template, configmaps & secrets. */
     envConfig: EnvConfigurationState
 }
@@ -140,17 +137,6 @@ export interface NextButtonProps {
     isDisabled: boolean
 }
 
-export enum ProtectionState {
-    ENABLED = 1,
-    DISABLED = 2,
-}
-
-export type ConfigProtection = {
-    appId: number
-    envId: number
-    state: ProtectionState
-}
-
 interface CommonAppConfigurationProps {
     appId: string
     resourceKind: Extract<ResourceKindType, ResourceKindType.devtronApplication | ResourceKindType.job>
@@ -169,17 +155,18 @@ interface CommonAppConfigurationProps {
     fetchEnvConfig: (envId: number) => void
 }
 
-export interface AppConfigurationContextType extends CommonAppConfigurationProps {
+export interface AppConfigurationContextType
+    extends CommonAppConfigurationProps,
+        Pick<AppConfigState, 'envIdToEnvApprovalConfigurationMap'> {
     isUnlocked: AppStageUnlockedType
     navItems: CustomNavItemsType[]
     isCiPipeline: boolean
     isCDPipeline: boolean
-    environments: AppEnvironment[]
+    environments: AppConfigState['environmentList']
     workflowsRes: WorkflowResult
     setRepoState: React.Dispatch<React.SetStateAction<string>>
     isJobView: boolean
-    isBaseConfigProtected: boolean
-    configProtectionData: ConfigProtection[]
+    envIdToEnvApprovalConfigurationMap: ResourceIdToResourceApprovalPolicyConfigMapType
     lastUnlockedStage: string
     isWorkflowEditorUnlocked: boolean
     getRepo: string
@@ -214,13 +201,11 @@ export enum EnvConfigObjectKey {
 export interface EnvironmentOptionType {
     name: string
     id: number
-    isProtected?: boolean
 }
 
-export interface EnvConfigurationsNavProps {
+export interface EnvConfigurationsNavProps extends Pick<AppConfigState, 'envIdToEnvApprovalConfigurationMap'> {
     envConfig: EnvConfigurationState
     fetchEnvConfig: (envId: number) => void
-    isBaseConfigProtected?: boolean
     environments: EnvironmentOptionType[]
     paramToCheck?: 'appId' | 'envId'
     goBackURL: string
@@ -259,9 +244,9 @@ export interface DeploymentConfigParams {
 }
 
 export type DeploymentConfigCompareProps = {
+    appOrEnvIdToResourceApprovalConfigurationMap: AppConfigState['envIdToEnvApprovalConfigurationMap']
     environments: EnvironmentOptionType[]
     goBackURL?: string
-    isBaseConfigProtected?: boolean
     getNavItemHref: (resourceType: EnvResourceType, resourceName: string) => string
     overwriteNavHeading?: string
 } & (

src/Pages/Applications/DevtronApps/Details/AppConfigurations/AppConfig.utils.ts

@@ -14,12 +14,17 @@
  * limitations under the License.
  */
 
-import { ResourceKindType, stringComparatorBySortOrder, ConfigResourceType } from '@devtron-labs/devtron-fe-common-lib'
+import {
+    ResourceKindType,
+    stringComparatorBySortOrder,
+    ConfigResourceType,
+    BASE_CONFIGURATION_ENV_ID,
+} from '@devtron-labs/devtron-fe-common-lib'
 
-import { URLS, DOCUMENTATION } from '@Config/index'
+import { DOCUMENTATION } from '@Config/index'
 
 import { AppConfigStatusItemType, EnvConfigDTO } from '../../service.types'
-import { AppStageUnlockedType, CustomNavItemsType, EnvConfigType, STAGE_NAME } from './AppConfig.types'
+import { AppConfigState, AppStageUnlockedType, CustomNavItemsType, EnvConfigType, STAGE_NAME } from './AppConfig.types'
 
 // stage: last configured stage
 const isCommonUnlocked = (stage, isGitOpsConfigurationRequired) =>
@@ -92,12 +97,18 @@ export const getCompletedStep = (
     return 0
 }
 
-export const getNavItems = (
-    _isUnlocked: AppStageUnlockedType,
-    appId: string,
-    resourceKind: ResourceKindType,
-    isGitOpsConfigurationRequired: boolean,
-): { navItems: CustomNavItemsType[] } => {
+export const getNavItems = ({
+    _isUnlocked,
+    appId,
+    resourceKind,
+    isGitOpsConfigurationRequired,
+    envIdToEnvApprovalConfigurationMap,
+}: Pick<AppConfigState, 'envIdToEnvApprovalConfigurationMap'> & {
+    _isUnlocked: AppStageUnlockedType
+    appId: string
+    resourceKind: ResourceKindType
+    isGitOpsConfigurationRequired: boolean
+}): { navItems: CustomNavItemsType[] } => {
     const completedSteps = getCompletedStep(
         _isUnlocked,
         resourceKind === ResourceKindType.job,
@@ -203,7 +214,8 @@ export const getNavItems = (
                         href: `/app/${appId}/edit/deployment-template`,
                         stage: STAGE_NAME.REDIRECT_ITEM,
                         isLocked: !_isUnlocked.deploymentTemplate,
-                        isProtectionAllowed: true,
+                        isProtectionAllowed:
+                            envIdToEnvApprovalConfigurationMap?.[BASE_CONFIGURATION_ENV_ID]?.isApprovalApplicable,
                         required: true,
                     },
                     {
@@ -270,12 +282,6 @@ export const getNavItems = (
                         flowCompletionPercent: completedPercent,
                         currentStep: completedSteps,
                     },
-                    {
-                        title: 'Protect Configuration',
-                        href: `/app/${appId}/edit/${URLS.APP_CONFIG_PROTECTION}`,
-                        stage: STAGE_NAME.PROTECT_CONFIGURATION,
-                        isLocked: false,
-                    },
                     {
                         title: 'Environment Override',
                         href: `/app/${appId}/edit/env-override`,

src/Pages/Applications/DevtronApps/Details/AppConfigurations/AppConfiguration.provider.tsx

@@ -59,7 +59,6 @@ export const AppConfigurationProvider = (props: AppConfigurationProviderProps) =
             hideConfigHelp,
             workflowsRes: state.workflowsRes,
             getWorkflows,
-            isBaseConfigProtected: state.isBaseConfigProtected,
             reloadEnvironments,
             isGitOpsConfigurationRequired,
             isUnlocked: state.isUnlocked,
@@ -69,7 +68,7 @@ export const AppConfigurationProvider = (props: AppConfigurationProviderProps) =
             environments: state.environmentList,
             userRole,
             setRepoState: setShowRepoOnDelete,
-            configProtectionData: state.configProtectionData,
+            envIdToEnvApprovalConfigurationMap: state.envIdToEnvApprovalConfigurationMap,
             filteredEnvIds,
             reloadAppConfig,
             lastUnlockedStage: state.redirectionUrl,