feat: now safeguard impact metrics are not editable or deletable (#11006)

frontend/src/component/impact-metrics/ChartItem.tsx

@@ -104,22 +104,24 @@ export const ChartItem: FC<ChartItemProps> = ({
                     {getConfigDescription(config)}
                 </Typography>
             </StyledChartTitle>
-            <StyledChartActions>
-                <PermissionIconButton
-                    onClick={() => onEdit(config)}
-                    permission={permission}
-                    projectId={projectId}
-                >
-                    <Edit />
-                </PermissionIconButton>
-                <PermissionIconButton
-                    onClick={() => onDelete(config.id)}
-                    permission={permission}
-                    projectId={projectId}
-                >
-                    <Delete />
-                </PermissionIconButton>
-            </StyledChartActions>
+            {config.mode !== 'read' && (
+                <StyledChartActions>
+                    <PermissionIconButton
+                        onClick={() => onEdit(config)}
+                        permission={permission}
+                        projectId={projectId}
+                    >
+                        <Edit />
+                    </PermissionIconButton>
+                    <PermissionIconButton
+                        onClick={() => onDelete(config.id)}
+                        permission={permission}
+                        projectId={projectId}
+                    >
+                        <Delete />
+                    </PermissionIconButton>
+                </StyledChartActions>
+            )}
         </StyledHeader>
 
         <StyledChartContent>

frontend/src/component/impact-metrics/types.ts

@@ -20,6 +20,7 @@ export type AggregationMode =
 export type DisplayChartConfig = ChartConfig & {
     type: 'counter' | 'gauge' | 'histogram' | 'unknown';
     displayName: string; // e.g. my_metric with unleash_counter stripped
+    mode?: 'read' | 'write';
 };
 
 export type LayoutItem = {

frontend/src/openapi/models/eventSchemaType.ts

@@ -150,6 +150,8 @@ export const EventSchemaType = {
     'banner-created': 'banner-created',
     'banner-updated': 'banner-updated',
     'banner-deleted': 'banner-deleted',
+    'safeguard-changed': 'safeguard-changed',
+    'safeguard-deleted': 'safeguard-deleted',
     'project-environment-added': 'project-environment-added',
     'project-environment-removed': 'project-environment-removed',
     'default-strategy-updated': 'default-strategy-updated',

frontend/src/openapi/models/impactMetricsConfigSchema.ts

@@ -5,6 +5,7 @@
  */
 import type { ImpactMetricsConfigSchemaAggregationMode } from './impactMetricsConfigSchemaAggregationMode.js';
 import type { ImpactMetricsConfigSchemaLabelSelectors } from './impactMetricsConfigSchemaLabelSelectors.js';
+import type { ImpactMetricsConfigSchemaMode } from './impactMetricsConfigSchemaMode.js';
 import type { ImpactMetricsConfigSchemaTimeRange } from './impactMetricsConfigSchemaTimeRange.js';
 import type { ImpactMetricsConfigSchemaType } from './impactMetricsConfigSchemaType.js';
 import type { ImpactMetricsConfigSchemaYAxisMin } from './impactMetricsConfigSchemaYAxisMin.js';
@@ -23,6 +24,8 @@ export interface ImpactMetricsConfigSchema {
     labelSelectors: ImpactMetricsConfigSchemaLabelSelectors;
     /** The Prometheus metric series to query. It includes both unleash prefix and metric type and display name */
     metricName: string;
+    /** The access mode for this impact metric configuration: "read" when referenced by a safeguard, "write" otherwise. */
+    mode?: ImpactMetricsConfigSchemaMode;
     /** The time range for the metric data. */
     timeRange: ImpactMetricsConfigSchemaTimeRange;
     /**

frontend/src/openapi/models/impactMetricsConfigSchemaMode.ts

@@ -0,0 +1,17 @@
+/**
+ * Generated by Orval
+ * Do not edit manually.
+ * See `gen:api` script in package.json
+ */
+
+/**
+ * The access mode for this impact metric configuration: "read" when referenced by a safeguard, "write" otherwise.
+ */
+export type ImpactMetricsConfigSchemaMode =
+    (typeof ImpactMetricsConfigSchemaMode)[keyof typeof ImpactMetricsConfigSchemaMode];
+
+// eslint-disable-next-line @typescript-eslint/no-redeclare
+export const ImpactMetricsConfigSchemaMode = {
+    read: 'read',
+    write: 'write',
+} as const;

frontend/src/openapi/models/index.ts

@@ -949,6 +949,7 @@ export * from './impactMetricsConfigListSchema.js';
 export * from './impactMetricsConfigSchema.js';
 export * from './impactMetricsConfigSchemaAggregationMode.js';
 export * from './impactMetricsConfigSchemaLabelSelectors.js';
+export * from './impactMetricsConfigSchemaMode.js';
 export * from './impactMetricsConfigSchemaTimeRange.js';
 export * from './impactMetricsConfigSchemaType.js';
 export * from './impactMetricsConfigSchemaYAxisMin.js';
@@ -1283,6 +1284,9 @@ export * from './resetUserPassword401.js';
 export * from './resetUserPassword403.js';
 export * from './resetUserPassword404.js';
 export * from './resourceLimitsSchema.js';
+export * from './resumeMilestoneProgressions401.js';
+export * from './resumeMilestoneProgressions403.js';
+export * from './resumeMilestoneProgressions404.js';
 export * from './reviveFeature400.js';
 export * from './reviveFeature401.js';
 export * from './reviveFeature403.js';

frontend/src/openapi/models/oidcSettingsResponseSchema.ts

@@ -32,10 +32,10 @@ export interface OidcSettingsResponseSchema {
     enabled?: boolean;
     /** Should we enable group syncing. Refer to the documentation [Group syncing](https://docs.getunleash.io/how-to/how-to-set-up-group-sso-sync) */
     enableGroupSyncing?: boolean;
+    /** Enable PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients and provides additional protection against authorization code interception attacks. */
+    enablePkce?: boolean;
     /** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
     enableSingleSignOut?: boolean;
-    /** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
-    enablePkce?: boolean;
     /** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
     groupJsonPath?: string;
     /** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */

frontend/src/openapi/models/oidcSettingsSchemaOneOf.ts

@@ -29,10 +29,10 @@ export type OidcSettingsSchemaOneOf = {
     enabled: boolean;
     /** Should we enable group syncing. Refer to the documentation [Group syncing](https://docs.getunleash.io/how-to/how-to-set-up-group-sso-sync) */
     enableGroupSyncing?: boolean;
+    /** Enable PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients and provides additional protection against authorization code interception attacks. */
+    enablePkce?: boolean;
     /** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
     enableSingleSignOut?: boolean;
-    /** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
-    enablePkce?: boolean;
     /** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
     groupJsonPath?: string;
     /** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */

frontend/src/openapi/models/oidcSettingsSchemaOneOfFour.ts

@@ -29,10 +29,10 @@ export type OidcSettingsSchemaOneOfFour = {
     enabled?: boolean;
     /** Should we enable group syncing. Refer to the documentation [Group syncing](https://docs.getunleash.io/how-to/how-to-set-up-group-sso-sync) */
     enableGroupSyncing?: boolean;
+    /** Enable PKCE (Proof Key for Code Exchange) for enhanced security. Recommended for public clients and provides additional protection against authorization code interception attacks. */
+    enablePkce?: boolean;
     /** Support Single sign out when user clicks logout in Unleash. If `true` user is signed out of all OpenID Connect sessions against the clientId they may have active */
     enableSingleSignOut?: boolean;
-    /** Enable Proof Key for Code Exchange (PKCE) when performing the OIDC authorization code flow. */
-    enablePkce?: boolean;
     /** Specifies the path in the OIDC token response to read which groups the user belongs to from. */
     groupJsonPath?: string;
     /** The signing algorithm used to sign our token. Refer to the [JWT signatures](https://jwt.io/introduction) documentation for more information. */

frontend/src/openapi/models/resumeMilestoneProgressions401.ts

@@ -0,0 +1,14 @@
+/**
+ * Generated by Orval
+ * Do not edit manually.
+ * See `gen:api` script in package.json
+ */
+
+export type ResumeMilestoneProgressions401 = {
+    /** The ID of the error instance */
+    id?: string;
+    /** A description of what went wrong. */
+    message?: string;
+    /** The name of the error kind */
+    name?: string;
+};

frontend/src/openapi/models/resumeMilestoneProgressions403.ts

@@ -0,0 +1,14 @@
+/**
+ * Generated by Orval
+ * Do not edit manually.
+ * See `gen:api` script in package.json
+ */
+
+export type ResumeMilestoneProgressions403 = {
+    /** The ID of the error instance */
+    id?: string;
+    /** A description of what went wrong. */
+    message?: string;
+    /** The name of the error kind */
+    name?: string;
+};

frontend/src/openapi/models/resumeMilestoneProgressions404.ts

@@ -0,0 +1,14 @@
+/**
+ * Generated by Orval
+ * Do not edit manually.
+ * See `gen:api` script in package.json
+ */
+
+export type ResumeMilestoneProgressions404 = {
+    /** The ID of the error instance */
+    id?: string;
+    /** A description of what went wrong. */
+    message?: string;
+    /** The name of the error kind */
+    name?: string;
+};