Skip to content

Add Fleet Access page#3095

Merged
david-crespo merged 31 commits intomainfrom
system_level_access_page
Mar 10, 2026
Merged

Add Fleet Access page#3095
david-crespo merged 31 commits intomainfrom
system_level_access_page

Conversation

@charliepark
Copy link
Contributor

@charliepark charliepark commented Feb 26, 2026
edited
Loading

This adds a system-level access page, with a form for setting fleet-level permissions.

Screenshot 2026-02-26 at 4 59 26 AM

One enhancement we might consider: It looks like there are a few booleans — silo_admin and fleet_viewer — on the CurrentUser object coming from Omicron, but there is not a fleet_admin attribute. If we add that in Omicron, we could disable the "Add User or Group" button and other controls on the System Access page for people without a fleet_admin role.

Closes #2916

@vercel
Copy link

vercel bot commented Feb 26, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
console Ready Ready Preview Mar 10, 2026 9:18pm

Request Review

@charliepark charliepark marked this pull request as ready for review February 26, 2026 21:32
@david-crespo
Copy link
Collaborator

david-crespo commented Mar 7, 2026

Seeing that, it does seem worth it to augment it by fetching all silos and listing the fleet role mappings from all of the ones that have it set. Probably in a modal. Not sure whether the blue info thing works — it kinda does, kinda doesn’t. We’ll have to experiment.

@david-crespo
Copy link
Collaborator

david-crespo commented Mar 9, 2026

I could bikeshed the message copy and styling for a week, so let's get PR in without it and figure it out separately.

@david-crespo @charliepark
Refactor to eliminate IpPoolSelector (#3113)
4e4c42a 
After refactors at the end of #3057, there wasn't much left of
`IpPoolSelector`, so I intended to remove it. Essentially all it did was
sort the pools, which we can do at the call sites. Removing it is a net
-40 line change with no loss of functionality.
@david-crespo @charliepark
tools: fix deploy-dogfood for pilot -r flag (#3114)
a0c5c41
@david-crespo david-crespo changed the title Add System Access page Add Fleet Access page Mar 10, 2026
@david-crespo david-crespo force-pushed the system_level_access_page branch from c25e248 to 6941cd4 Compare March 10, 2026 18:20
@david-crespo david-crespo force-pushed the system_level_access_page branch from 6941cd4 to f57ec49 Compare March 10, 2026 18:23
@david-crespo
Copy link
Collaborator

david-crespo commented Mar 10, 2026

2cba589 is this

image image

@david-crespo
Copy link
Collaborator

david-crespo commented Mar 10, 2026
edited
Loading

I'm happy with this. I like the "Any" to avoid the misreading that there is exactly one silo admin in whatever silo. 9429b8a makes sure we fall back to the ID instead of an empty cell when the assigned entity is not in the current user's silo (which is entirely possible with the fleet policy).

image

@david-crespo david-crespo force-pushed the system_level_access_page branch from 5489ef7 to 9429b8a Compare March 10, 2026 20:42
@david-crespo david-crespo enabled auto-merge (squash) March 10, 2026 21:19
@david-crespo david-crespo merged commit 1713e53 into main Mar 10, 2026
7 checks passed
@david-crespo david-crespo deleted the system_level_access_page branch March 10, 2026 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@david-crespo david-crespo david-crespo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

System-level access and IAM page

2 participants

@charliepark @david-crespo