Backup credentials (5): operator UI — onboarding, escrow, scheduling, stats#227
Open
passcod wants to merge 2 commits into
Open
Backup credentials (5): operator UI — onboarding, escrow, scheduling, stats#227passcod wants to merge 2 commits into
passcod wants to merge 2 commits into
Conversation
passcod
force-pushed
the
component-operator-ui
branch
from
7673056 to
de58aca
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
faa4831 to
a1f8ef3
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
de58aca to
5295890
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
a1f8ef3 to
3ffa45a
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
5295890 to
fc3c8ab
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
3ffa45a to
af66062
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
fc3c8ab to
7150963
Compare
passcod
force-pushed
the
component-jobs-detect
branch
2 times, most recently
from
6303de4 to
ea05619
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
7150963 to
ca6360c
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
ea05619 to
e61e0d9
Compare
passcod
force-pushed
the
component-operator-ui
branch
2 times, most recently
from
682a275 to
9813603
Compare
passcod
force-pushed
the
component-jobs-detect
branch
2 times, most recently
from
f0ca99b to
8af4282
Compare
passcod
force-pushed
the
component-operator-ui
branch
2 times, most recently
from
f2b3d2e to
b572238
Compare
passcod
force-pushed
the
component-jobs-detect
branch
2 times, most recently
from
3ebbb7d to
dfc7b2e
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
b572238 to
a89532e
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
dfc7b2e to
1105e20
Compare
passcod
force-pushed
the
component-operator-ui
branch
2 times, most recently
from
21c7b8a to
8e6541f
Compare
passcod
force-pushed
the
component-jobs-detect
branch
from
1105e20 to
1c6c756
Compare
passcod
changed the base branch from
component-jobs-detect
to
component-jobs-maint
passcod
force-pushed
the
component-operator-ui
branch
from
8e6541f to
05a10fe
Compare
passcod
force-pushed
the
component-jobs-maint
branch
2 times, most recently
from
e42e9b5 to
d894c58
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
05a10fe to
7c61348
Compare
passcod
force-pushed
the
component-jobs-maint
branch
from
d894c58 to
13b32fc
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
7c61348 to
8fa07dd
Compare
passcod
force-pushed
the
component-jobs-maint
branch
from
13b32fc to
f2641ab
Compare
passcod
force-pushed
the
component-operator-ui
branch
from
8fa07dd to
d3f7c02
Compare
…& stats (component 5)
Private-server /api/backups/* TailscaleAdmin-gated fns + the private-web
React screens that drive the group backup lifecycle:
- backups_{get,list,create,update,set_schedule,create_repo,reveal_escrow,
ack_escrow,request_now,cancel_request,stats,delete}
- BackupPanel (status/stats/runs/backup-now), BackupConfig (onboarding +
edit, retention-floor validation, manual-only toggle), BackupEscrow
(reveal-once + Bitwarden ack), GroupDetail backups card.
DB: adds server_group_backup_config lifecycle columns (mode, last_init_error,
escrow_acked_at/by) via migration; RetentionPolicy typed struct + floor
validation; BackupRepoMode enum. private-server gains a kube Secret reader
(reuses public-server BackupSecrets) for escrow reveal.
Fixes the text_enum! ToSchema to emit serde-renamed wire strings so the
generated TS unions match the lowercase JSON.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ed issue (nullable server_id) handling + spec refresh
passcod
force-pushed
the
component-operator-ui
branch
from
d3f7c02 to
fec1b78
Compare
passcod
force-pushed
the
component-jobs-maint
branch
from
f2641ab to
86a6024
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Component 5 — operator UI for backup-credentials onboarding/escrow/scheduling/stats. Stacked on the component-4 detection PR (base
component-jobs-detect); a sibling of #226. Review #223/#224/#225 first.private-server
/api/backups/*(TailscaleAdmin-gated except read endpoints)get/list/create/update/set_schedule/create_repo/reveal_escrow/ack_escrow/request_now/cancel_request/stats/delete. Reconciled to the real(group, type)model —expected_interval/retentionlive onserver_group_backup_scheduleper type (addedbackups_set_schedule+BackupConfigView.schedules);request_nowis type-aware. No newAppErrorvariants.DB
New migration
backup_config_lifecycle_columnsaddsmode(from_birth|import, CHECK),last_init_error,escrow_acked_at,escrow_acked_bytoserver_group_backup_config;BackupRepoModeenum + a typedRetentionPolicy(floor-validated) indatabase::backups.private-web
New routes
BackupConfig/BackupEscrow/BackupPanel, wired intoGroupDetail;e2e/backups.spec.ts(9 tests, all pass) + seed helpers.Cross-cutting fixes (flagged for reconciliation)
text_enum!macro (commons-types): theToSchemaderive wasn't reflecting the serderename, so the generated OpenAPI emitted PascalCase enum values ("Backup") instead of the wire form ("backup"). Added#[schema(rename = …)]; regenerated openapi/api-types. This corrects the enum schemas in Backup credentials (2): public-server device endpoints + AWS/kube on AppState #224's surface too — that fix ideally belongs on Backup credentials: plan + database layer (component 1) #223 (where the enums live); folded here because it blocked correct api-types.IssueRow.tsxnow handles the nullableissue.server_id(group-scoped issues have no server) — the two typecheck errors the original Backup credentials (4): detection — group-scoped issues, staleness/reconcile #225 left.Verification
cargo check --workspace --tests✅;just typecheck✅; private-server + database backups tests 24/24; e2e 9/9;just gen-openapirun + committed.Stubbed pending component 3 (#226)
create_repoonly records intent (provisioning, clearslast_init_error) — it does not spawn the init Job; the UI observes thestatus/last_init_errorfields.reveal_escrowreads the k8s Secret (502 when kube unavailable, e.g. tests). Reconciliation note:RetentionPolicynow exists both here (database::backups) and in #226 (commons-servers::backup_jobs) — consolidate to one on final integration.Part of TAM-6877.
🤖 Generated with Claude Code