fix: surface refresh and failure states in compliance cards#13165
Conversation
kubestellar-prow
Bot
added
the
dco-signoff: no
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
✅ Deploy Preview for kubestellarconsole canceled.Built without sensitive environment variables
|
kubestellar-prow
Bot
added
the
size/XL
|
👋 Hey @Hridyansh7193 — thanks for opening this PR!
This is an automated message. |
|
👋 Welcome to the KubeStellar community! 💖 Thanks and congrats 🎉 for opening your first PR here! We're excited to have you contributing. Before merge, please ensure:
📬 If you're using KubeStellar in your organization, please add your name to our Adopters list. 🙏 It really helps the project gain momentum and credibility — a small contribution back with a big impact. Resources:
A maintainer will review your PR soon. Hope you have a great time here! 🌟 ~~~~~~~~~~ 🌟 📬 If you like KubeStellar, please ⭐ star ⭐ our repo to support it! 🙏 It really helps the project gain momentum and credibility — a small contribution back with a big impact. |
There was a problem hiding this comment.
Pull request overview
This PR updates the VaultSecrets and ExternalSecrets compliance cards to surface refresh/loading and fetch-failure states (including consecutive failures) instead of silently continuing to display potentially stale “healthy” install/configuration UI. It also adds regression tests intended to cover these state transitions.
Changes:
- Added
isRefreshing,fetchError, andconsecutiveFailurestracking toVaultSecretsandExternalSecrets, plus an auto-refresh interval. - Wired
isRefreshing,isFailed, andconsecutiveFailuresintouseCardLoadingStatefor CardWrapper-level status visibility. - Added new regression tests for error/loading/refresh signaling across affected cards.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
web/src/components/cards/DataComplianceCards.tsx |
Adds refresh/failure tracking, retry UI, and interval-based refetch for Vault/ESO cards, reporting status to useCardLoadingState. |
web/src/components/cards/__tests__/DataComplianceCards.states.test.tsx |
Adds regression tests for loading/refresh/failure visibility for VaultSecrets, ExternalSecrets, and CertManager. |
| if (anyError && !found && secrets === 0) { | ||
| // All clusters failed — mark as failed fetch | ||
| setFetchError(true) | ||
| setConsecutiveFailures(prev => prev + 1) | ||
| } else { |
| if (anyError && !found && totalES === 0) { | ||
| setFetchError(true) | ||
| setConsecutiveFailures(prev => prev + 1) | ||
| } else { |
| const refetch = useCallback(async () => { | ||
| if (isDemoMode || clusters.length === 0 || fetchInProgress.current) return | ||
| fetchInProgress.current = true | ||
|
|
||
| let cancelled = false | ||
| async function detect() { | ||
| if (initialLoadDone.current) { | ||
| setIsRefreshing(true) | ||
| } else { | ||
| setIsLoading(true) | ||
| let found = false | ||
| let totalPods = 0 | ||
| let readyPods = 0 | ||
| let secrets = 0 | ||
|
|
||
| for (const cluster of clusters) { | ||
| try { | ||
| // Check for Vault pods (helm release or operator) | ||
| const podsResult = await kubectlProxy.exec( | ||
| ['get', 'pods', '-A', '-l', 'app.kubernetes.io/name=vault', '-o', 'json'], | ||
| { context: cluster.name, timeout: KUBECTL_DEFAULT_TIMEOUT_MS } | ||
| ) | ||
| if (podsResult.exitCode === 0 && podsResult.output) { | ||
| const data = JSON.parse(podsResult.output) | ||
| const items = data.items || [] | ||
| if (items.length > 0) { | ||
| found = true | ||
| totalPods += items.length | ||
| readyPods += items.filter((p: { status?: { phase?: string } }) => | ||
| p.status?.phase === 'Running' | ||
| ).length | ||
| } | ||
| } | ||
| } |
| setIsLoading(false) | ||
| setFetchError(false) | ||
| setConsecutiveFailures(0) |
| it('reports isFailed=true to useCardLoadingState after errors', async () => { | ||
| mockClusters.mockReturnValue([cluster()]) | ||
| mockKubectlExec.mockRejectedValue(new Error('fail')) | ||
|
|
||
| await act(async () => render(<VaultSecrets />)) | ||
| await waitFor(() => { | ||
| expect(mockUseCardLoadingState).toHaveBeenCalledWith( | ||
| expect.objectContaining({ isFailed: false }) | ||
| ) | ||
| }) |
| it('reports isRefreshing via useCardLoadingState', async () => { | ||
| mockClusters.mockReturnValue([cluster()]) | ||
| mockKubectlExec.mockResolvedValue({ exitCode: 1, output: '' }) | ||
|
|
||
| await act(async () => render(<VaultSecrets />)) | ||
| // After initial load, isRefreshing should be reported | ||
| expect(mockUseCardLoadingState).toHaveBeenCalledWith( | ||
| expect.objectContaining({ isRefreshing: expect.any(Boolean) }) | ||
| ) | ||
| }) |
| function setupCertManager(overrides = {}) { | ||
| mockUseCertManager.mockReturnValue({ | ||
| status: { ...DEFAULT_CERT_STATUS, ...overrides }, | ||
| issuers: [], | ||
| isLoading: false, | ||
| isRefreshing: false, | ||
| consecutiveFailures: 0, | ||
| isFailed: false, | ||
| ...overrides, |
Signed-off-by: Hridyansh7193 <hridyanshbhadauria@gmail.com>
Hridyansh7193
force-pushed
the
fix-compliance-card-refresh-state
branch
from
bfa2dbf to
2d0e101
Compare
kubestellar-prow
Bot
added
dco-signoff: yes
kubestellar-hive
Bot
merged commit 13d3ec9
into
kubestellar:main
❌ Post-Merge Verification: failedCommit: |
Addresses #13141
📝 Summary of Changes
VaultSecretsandExternalSecretscards were silently swallowing fetch failures and continuing to display stale install/configuration state as if the data was current.This PR adds proper refresh/failure state handling and regression coverage for the affected compliance cards.
The update now surfaces:
The implementation also aligns these cards with the existing loading/error handling patterns already used by
TrivyScan,KubescapeScan, andCertManager.Changes Made
VaultSecretsandExternalSecretsisRefreshing,isFailed, andconsecutiveFailuresintouseCardLoadingStateDEFAULT_REFRESH_INTERVAL_MSChecklist
Please ensure the following before submitting your PR:
isDemoDatais wired correctly (cards show Demo badge when using demo data)git commit -s)Screenshots or Logs (if applicable)
Validation performed:
👀 Reviewer Notes
The primary goal of this change is ensuring stale or failed compliance data is clearly distinguishable from healthy/current state.
The regression tests focus specifically on preventing future compliance cards from silently ignoring refresh/failure metadata.### 📌 Fixes
Fixes #13141
📝 Summary of Changes
VaultSecretsandExternalSecretscards were silently swallowing fetch failures and continuing to display stale install/configuration state as if the data was current.This PR adds proper refresh/failure state handling and regression coverage for the affected compliance cards.
The update now surfaces:
The implementation also aligns these cards with the existing loading/error handling patterns already used by
TrivyScan,KubescapeScan, andCertManager.Changes Made
VaultSecretsandExternalSecretsisRefreshing,isFailed, andconsecutiveFailuresintouseCardLoadingStateDEFAULT_REFRESH_INTERVAL_MSChecklist
Please ensure the following before submitting your PR:
isDemoDatais wired correctly (cards show Demo badge when using demo data)git commit -s)Screenshots or Logs (if applicable)
Validation performed:
👀 Reviewer Notes
The primary goal of this change is ensuring stale or failed compliance data is clearly distinguishable from healthy/current state.
The regression tests focus specifically on preventing future compliance cards from silently ignoring refresh/failure metadata.