Add --disable-admin-operations flag in Block Bucket UI

[harsh-ps-2003]

Signed-off-by: Harsh Pratap Singh [email protected]
Fixes #5390

• I added CHANGELOG entry for this change.
• Change is not relevant to the end user.

Changes

This PR adds a flag, named --disable-admin-operations, to Bucket Web UI to decide whether to disable the corresponding buttons Mark Deletion and Mark No Compaction in the UI as they are admin-level operations. It also restricts the API usage.

Verification

It was tested locally.
The UI test:


The API test:

❯ curl -X POST -d "id=_ulid&action=DELETION" http://localhost:8080/api/v1/blocks/mark

{"status":"error","errorType":"bad_data","error":"Admin operations are disabled"}

cc @yeya24 @GiedriusS @saswatamcode

[saswatamcode]

Thanks! Some comments,

[saswatamcode]

Let's just pass the bool directly in NewBlockAPI, instead of using this?

[harsh-ps-2003]

actaully flagsMap map[string]string will give a string "true" with flagsMap["disable-admin-operations"]. thus I am simply converting it to boolean.

[saswatamcode]

It would be cleaner and more consistent with other such options like disableCors, and we wouldn't need to check a string here at all
But actually, I think we don't even need any changes in BlocksAPI here. The flag value will just directly be used in UI anyway, so we don't need a separate API. See my other comment #6601 (comment)

[harsh-ps-2003]

okay! thanks for the review. i will look into it!

[saswatamcode]

I don't think you need to add a new API for this. We already register api/v1/status/flags as a common endpoint for all components in pkg/api

[harsh-ps-2003]

It would be cleaner and more consistent with other such options like disableCors, and we wouldn't need to check a string here at all
But actually, I think we don't even need any changes in BlocksAPI here. The flag value will just directly be used in UI anyway, so we don't need a separate API. See my other comment #6601 (comment)

@saswatamcode @GiedriusS @yeya24 one problem that I am facing when using /status/flags endpoint is that I am not able to figure out how to get the flags value inside the markBlock function of v1.go. I need it so as to restrict access to the API when the flag is enabled.

[saswatamcode]

Ack! Reading the issue seems like we would need the option passed here as well. To restrict access, both via UI and API. Ignore this comment then,

But actually, I think we don't even need any changes in BlocksAPI here

[harsh-ps-2003]

thanks for the clarification!

[saswatamcode]

Shouldn't this flag be in Compactor (cmd/thanos/compact.go) instead? As that is the component that exposes blocks UI

[harsh-ps-2003]

I lack on a broader knowledge of codebase, but as far as I can understand, If i add the flag in compact.go then the flag will be available in Compactor UI instead of Bucket UI. I can tell this for sure that adding the flag in tools_bucket.go is only affecting Bucket UI. I think we want this flag specifically in Bucket UI not in the Compactor UI right? @yeya24 @GiedriusS @saswatamcode

[saswatamcode]

Ack got confused for a bit. So Thanos users can access the Block UI via two ways I think,

• tools bucket web (i.e which is covered by the flag you added)
• compact (which isn't covered)

So let's add the same flag there too, as you can mark deletion and no compaction there too.

[harsh-ps-2003]

okay! i will add the same flag for Compactor as well as Bucket

[saswatamcode]

Let's try to do this from /status/flags endpoint directly. Take a look at how we use it for defaultStep in PanelList : https://github.com/thanos-io/thanos/blob/main/pkg/ui/react-app/src/pages/graph/PanelList.tsx#L161

[harsh-ps-2003]

its actually very convinent. i use this in blockDetails.tsx and it worked like a charm :

  const { response: flagsRes } = useFetch<FlagMap>(`/api/v1/status/flags`);
  const disableAdminOperations = flagsRes?.data?.['disable-admin-operations'] || false;