Respect purpose === evaluation for add-ons (gardener#2031)

* Respect purpose === evaluation for add-ons

* fixed typo

---------

Co-authored-by: Holger Koser <[email protected]>

frontend/src/components/GPurpose.vue

@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 <template>
   <v-select
     v-model="v$.internalValue.$model"
-    hint="Indicate the importance of the cluster"
+    hint="Indicate the importance of the cluster. Available purposes may be limited by the selected secret. If any add-on is enabled, only purpose evaluation can be selected."
     color="primary"
     item-color="primary"
     label="Purpose"

frontend/src/components/ShootAddons/GAddonConfiguration.vue

@@ -15,15 +15,15 @@ SPDX-License-Identifier: Apache-2.0
   >
     <template #content>
       <v-card-text>
-        <g-manage-shoot-addons />
+        <g-manage-addons />
       </v-card-text>
     </template>
   </g-action-button-dialog>
 </template>
 
 <script>
 import GActionButtonDialog from '@/components/dialogs/GActionButtonDialog'
-import GManageShootAddons from '@/components/ShootAddons/GManageAddons'
+import GManageAddons from '@/components/ShootAddons/GManageAddons'
 
 import { useShootContext } from '@/composables/useShootContext'
 import { useShootItem } from '@/composables/useShootItem'
@@ -33,7 +33,7 @@ import { errorDetailsFromError } from '@/utils/error'
 export default {
   components: {
     GActionButtonDialog,
-    GManageShootAddons,
+    GManageAddons,
   },
   inject: ['api', 'logger'],
   setup () {

frontend/src/components/ShootAddons/GManageAddons.vue

@@ -33,6 +33,14 @@ SPDX-License-Identifier: Apache-2.0
             {{ description }}
           </div>
         </div>
+        <v-tooltip
+          :disabled="!getDisabled(name)"
+          location="top"
+          activator="parent"
+        >
+          <span v-if="getDisabledForbidden(name)">Add-on cannot be disabled</span>
+          <span v-if="getDisabledPurpose()">Add-ons are only available if cluster has purpose <code>evaluation</code></span>
+        </v-tooltip>
       </div>
     </v-row>
   </div>
@@ -53,13 +61,22 @@ const {
   workerless,
   getAddonEnabled,
   setAddonEnabled,
+  purpose,
 } = useShootContext()
 
-function getDisabled (name) {
+function getDisabledForbidden (name) {
   const { forbidDisable = false } = addonDefinitions.value[name]
   return !props.createMode && forbidDisable && getAddonEnabled(name)
 }
 
+function getDisabledPurpose () {
+  return purpose.value !== 'evaluation'
+}
+
+function getDisabled (name) {
+  return getDisabledForbidden(name) || getDisabledPurpose()
+}
+
 function getTextClass (name) {
   return getDisabled(name)
     ? 'text-disabled'

frontend/src/components/ShootDetails/GShootDetailsCard.vue

@@ -188,7 +188,7 @@ SPDX-License-Identifier: Apache-2.0
           </template>
           <g-list-item-content>
             <template #label>
-              Add-ons <span class="text-caption">(not actively monitored and provided on a best-effort basis only)</span>
+              Add-ons <span class="text-caption">(not actively monitored and available for clusters with purpose evaluation only)</span>
             </template>
             <div
               v-if="shootAddonNames.length"

frontend/src/composables/useShootHelper.js

@@ -36,6 +36,7 @@ const shootPropertyMappings = Object.freeze({
   secretBindingName: 'spec.secretBindingName',
   kubernetesVersion: 'spec.kubernetes.version',
   providerType: 'spec.provider.type',
+  addons: 'spec.addons',
 })
 
 export function createShootHelperComposable (shootItem, options = {}) {
@@ -54,6 +55,7 @@ export function createShootHelperComposable (shootItem, options = {}) {
     secretBindingName,
     kubernetesVersion,
     providerType,
+    addons,
   } = mapValues(shootPropertyMappings, path => {
     return computed(() => get(shootItem.value, path))
   })
@@ -126,7 +128,12 @@ export function createShootHelperComposable (shootItem, options = {}) {
   })
 
   const allPurposes = computed(() => {
-    return utils.purposesForSecret(infrastructureSecret.value)
+    if (some(addons.value, 'enabled')) {
+      return ['evaluation']
+    }
+    return utils.selfTerminationDaysForSecret(infrastructureSecret.value)
+      ? ['evaluation']
+      : ['evaluation', 'development', 'testing', 'production']
   })
 
   const allLoadBalancerProviderNames = computed(() => {

frontend/src/utils/index.js

@@ -390,24 +390,18 @@ export function selfTerminationDaysForSecret (secret) {
   return terminationDays
 }
 
-export function purposesForSecret (secret) {
-  return selfTerminationDaysForSecret(secret)
-    ? ['evaluation']
-    : ['evaluation', 'development', 'testing', 'production']
-}
-
 export const shootAddonList = [
   {
     name: 'kubernetesDashboard',
     title: 'Dashboard',
-    description: 'General-purpose web UI for Kubernetes clusters. Several high-profile attacks have shown weaknesses, so installation is not recommend, especially not for production clusters.',
+    description: 'The general-purpose web UI for Kubernetes clusters has exhibited vulnerabilities in several high-profile attacks, making its installation not recommended.',
     visible: true,
     enabled: false,
   },
   {
     name: 'nginxIngress',
     title: 'Nginx Ingress',
-    description: 'Default ingress-controller with static configuration and conservatively sized (cannot be changed). Therefore, it is not recommended for production clusters. We recommend alternatively to install an ingress-controller of your liking, which you can freely configure, program, and scale to your production needs.',
+    description: 'The default ingress controller has a static configuration and a conservative size, which cannot be changed. For production clusters, we recommend installing an alternative ingress controller of your choice, which you can freely configure, program, and scale according to your production needs.',
     visible: true,
     enabled: false,
   },
@@ -680,7 +674,6 @@ export default {
   encodeBase64Url,
   shortRandomString,
   selfTerminationDaysForSecret,
-  purposesForSecret,
   shootAddonList,
   htmlToDocumentFragment,
   documentFragmentToHtml,

frontend/src/views/GNewShoot.vue

@@ -70,10 +70,10 @@ SPDX-License-Identifier: Apache-2.0
         class="mt-4"
       >
         <g-toolbar
-          title="Add-Ons (not actively monitored and provided on a best-effort basis only)"
+          title="Add-Ons (not actively monitored and available for clusters with purpose evaluation only)"
         />
         <v-card-text>
-          <g-manage-shoot-addons create-mode />
+          <g-manage-addons create-mode />
         </v-card-text>
       </v-card>
       <v-card class="mt-4">
@@ -146,7 +146,7 @@ import GNewShootInfrastructureDetails from '@/components/NewShoot/GNewShootInfra
 import GNewShootSelectInfrastructure from '@/components/NewShoot/GNewShootSelectInfrastructure'
 import GMaintenanceComponents from '@/components/ShootMaintenance/GMaintenanceComponents'
 import GMaintenanceTime from '@/components/ShootMaintenance/GMaintenanceTime'
-import GManageShootAddons from '@/components/ShootAddons/GManageAddons'
+import GManageAddons from '@/components/ShootAddons/GManageAddons'
 import GManageDns from '@/components/ShootDns/GManageDns'
 import GManageControlPlaneHighAvailability from '@/components/ControlPlaneHighAvailability/GManageControlPlaneHighAvailability'
 import GToolbar from '@/components/GToolbar.vue'
@@ -162,7 +162,7 @@ export default {
     GNewShootInfrastructureDetails,
     GAccessRestrictions,
     GNewShootDetails,
-    GManageShootAddons,
+    GManageAddons,
     GManageDns,
     GMaintenanceComponents,
     GMaintenanceTime,