Only show patches for the currently viewed machine on the Patches tab of a clustered or unclustered machine.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Refactor the final use cases of watch.setup (excluding TList) to be useResourceWatch. TList must be tackled on its own in #1534
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Add some QoL updates for machine management to Omni frontend.
1. Add a copy machine UUID button to the cluster machine page
2. Add a toggle between hostnames and UUIDs to the machines list page (copy will copy what it sees, preference is saved)
3. Add kernel args tabs to machine and cluster machine pages, to allow editing kernel args. The "Update kernel args" button from machines list dropdown menu will now redirect to here instead of opening a modal.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
InstallationMediaConfig can now use empty strings for talosVersion and joinToken, which resolve to the current stable version and default token at download time.
The create wizard adds "Automatic" options to the version and token dropdowns, and the download modal shows version/token/arch pickers for all presets.
Co-authored-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Signed-off-by: Oguz Kilcan <oguz.kilcan@siderolabs.com>
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Machines that were shutting down and then disconnect are now shown as "Powered Off" in the UI instead of being stuck in "Shutting Down" with a greyed-out unreachable state.
For machines managed by a static infra provider, shutting down a machine now prevents the provider from automatically powering it back on due to cluster allocation. The provider honors the shutdown request until the machine goes through a deallocation cycle, at which point the request is considered stale.
Intentionally powered-off machines are also excluded from the "disconnected machines" list on the frontend when destroying a cluster, to avoid them being force-destroyed.
The shutdown modal in the frontend now calls a new management API endpoint instead of the Talos API directly. The CLI gains \`omnictl machine shutdown\` and \`omnictl machine power-on\` commands.
Closessiderolabs/omni#1634.
Part of siderolabs/omni-infra-provider-bare-metal#103.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
If initial EULA request fails, we will show AppUnavailable instead of sending to /eula. If you navigate directly /eula and its already accepted, navigate away to the Home page.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Add a support modal to Omni, providing links to github issues, support, docs, community links, and office hours.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Show disks and devices for machines in the machines/machine page, even for maintenance mode machines.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Fix the indeterminate state for UpdateExtensions modal. It was never setting up the watch, so the information was not available. As part of this, refactored it to useResourceWatch and the new modal system and created stories for it. Also started moving refactored modals from views/modals into components/modals, as they are more of a component than a view anyway.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Allow quickly switching between cluster machines on the cluster machine page via a select dropdown. Reactivity was not working on most of the pages due to getContext only being checked once in setup, so had to fix a lot of things there.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
After clearing keys, use location.replace instead of router.replace to do a full page reload to clear any invalid key related state. This addresses an issue where user might see a blank screen if something breaks with their keys whilst still having a valid auth session. Usually an invalid auth session triggers a redirect to the auth provider, causing the same state reset. This also fixes a flakey test in e2e-talemu suite which was suffering from this.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
* Track machines running Talos versions approaching or past end of support relative to MinTalosVersion.
* Replace the config-driven non-ImageFactory deprecation notification with hardcoded constants and add two new notifications (approaching end of support, end of support reached) with corresponding Prometheus metrics.
* Add startup validation hooks (currently disabled) that will refuse to start when unsupported machines are detected.
* Fix frontend notification namespace from Default to Ephemeral.
Signed-off-by: Oguz Kilcan <oguz.kilcan@siderolabs.com>
Select the default join token in the installation media wizard. Also bump tsconfig to ES2023 (which is baseline widely available) to get access to .toSorted().
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
After download completes on the Omni support bundle, the user may click save again to save the bundle again without having to initiate the download again. This helps incase you accidentally click out of the first save, or deleted it, or anything like that. If you want a fresh bundle, you can still get that when you close & re-open the modal.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Add multiple new filters to audit logs. Through the UI, there will be a generic search box and the ability to sort columns. Through the CLI, there will be support for the same plus also direct filters for event_type, resource_type, resource_id, cluster_id, and actor.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Add creation timestamps and per-key last-active tracking to service account key listings. The `omnictl serviceaccount list` command now shows KEY CREATED and KEY LAST ACTIVE columns for each public key, alongside the existing SA-level LAST ACTIVE.
A new PublicKeyLastActive resource tracks per-key usage. The activity interceptor now extracts the signing key fingerprint from the auth context and records last-used timestamps per key, with independent debouncing. The ServiceAccountStatusController aggregates this data into the service account status for display.
A cleanup controller removes PublicKeyLastActive resources when their corresponding public key is torn down.
Closes: siderolabs/omni#2661
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Update the text shown when selecting the Talos version on the Installation Media wizard to be the latest recommended version, rather than the latest.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Implement a guard for Omni to prevent usage until users accept an EULA through the UI or a startup flag.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Machine requests are now created without a controller owner, allowing operators and admins to teardown stuck or unwanted requests directly. The controller replaces destroyed requests automatically to maintain the desired machine count. Includes a migration to clear ownership on existing requests.
Signed-off-by: Oguz Kilcan <oguz.kilcan@siderolabs.com>
If Omni is running with workload proxying disabled, then disable the checkbox to enable workload proxying on the frontend.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
When creating or scaling a cluster, for the list of machines keep the labels on a new line, as in the main machines page.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Currently we erroneously show the machine tutorial card if we have machines in an instance but they get filtered out for some reason. This is not necessary as the user has already been able to have machines join his instance.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Fix a UI error on the cluster all nodes page and add E2E tests to validate that and other cluster specific sidebar pages.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
- Update interceptor to invalidate keys if a signed request is rejected with a 401 whilst having keys stored in the frontend.
- Update some k8s proxy response codes from 401 to more correct ones 500/403 for the relevant cases
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Update public key confirmation logic to cater for a situation where an auth0 login was required, but keys were saved before being confirmed.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Bump all dependencies. Update default Talos version to 1.12.6 and default Kubernetes version to 1.35.3.
Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Bring back router guards to block entering pages that have certain auth requirements, and wait for nextTick when setting local storage based items due to pre flush syncing behavior.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
Manifests support two modes:
- `FULL` - Omni will keep the manifest in sync always.
- `ONE_TIME` - Omni will apply the manifest only if it doesn't exist. If the manifest is removed by hand and then changed in Omni it will be applied too.
Manifests are applied using service side apply, Omni now has three inventories: `omni-internal-inventory`, `omni-user-inventory` and `omny-sync-one-time`:
- User inventory will be used for user managed manifests.
- Internal one will be used for the manifests which are created by Omni controllers (workloadproxy, advanced healtcheck service).
- One time inventory is used with NoPrune enabled. If the manifest is
applied it's just removed from the list of applied manifests: that
ensures that manifests changes are not going happen.
Manifests also support setting namespace to all namespaced resources. It might be useful for the huge manifest files which are supplied without the namespace (similar to `kubectl apply -n namespace -f manifest.yaml`).
Signed-off-by: Artem Chernyshev <artem.chernyshev@talos-systems.com>
Refactor Watch class to use effectScope instead of component lifecycle (e.g. onMounted). This allows us to register listeners outside of components, and as a result create singletons for certain resources. In this case, useFeatures is now a singleton. So we only listen to features once, across the entire app, no matter many times we request for features.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
During cluster creation the embedded discovery checkbox was not being respected. This fixes it to correctly use v-model, and simplfies the code a bit by reactively computing enabled/disabled staff off of useFeatures.
Signed-off-by: Edward Sammut Alessi <edward.sammutalessi@siderolabs.com>
