All the UI fixes for now

2026-04-11 17:21:52 +02:00
parent 1bd51ecb5d
commit c67259ebe0
15 changed files with 565 additions and 112 deletions
--- a/src/app/api/admin/requests/[id]/approve/route.ts
+++ b/src/app/api/admin/requests/[id]/approve/route.ts
@@ -1,12 +1,19 @@
 import { NextResponse } from "next/server";
 import { requirePlatformRole } from "@/lib/session";
-import { getTenantRequestById, updateTenantRequestStatus } from "@/lib/db";
+import { getTenantRequestById, updateTenantRequestStatus, clearEncryptedSecrets } from "@/lib/db";
 import { createTenant } from "@/lib/k8s";
 import { sendApprovalEmail } from "@/lib/email";
+import { decryptSecrets } from "@/lib/crypto";
+import { writePackageSecrets } from "@/lib/openbao";

 /**
 * POST /api/admin/requests/[id]/approve
- * Approve a tenant request: create the PiecedTenant CR, update status, notify customer.
+ * Approve a tenant request:
+ *  1. Decrypt stored package secrets (if any)
+ *  2. Write each package's secrets to OpenBao at secret/data/tenants/{tenant-name}/{package}
+ *  3. Null the encrypted_secrets column
+ *  4. Create PiecedTenant CR
+ *  5. Update request status, notify customer.
 * Also supports re-approving a previously rejected request (clears admin notes).
 */
 export async function POST(
@@ -48,7 +55,17 @@ export async function POST(
    .slice(0, 63) || `tenant-${tenantRequest.id.slice(0, 8)}`;

  try {
-    // Create the PiecedTenant CR
+    // Step 1: Decrypt and write package secrets to OpenBao (if collected during wizard)
+    if (tenantRequest.encryptedSecrets) {
+      const secrets = await decryptSecrets(tenantRequest.encryptedSecrets);
+      for (const [packageId, pkgSecrets] of Object.entries(secrets)) {
+        await writePackageSecrets(`tenant-${tenantName}`, packageId, pkgSecrets);
+      }
+      // Step 2: Null the encrypted column — secrets are now safely in OpenBao
+      await clearEncryptedSecrets(id);
+    }
+
+    // Step 3: Create the PiecedTenant CR
    await createTenant(
      tenantName,
      {
@@ -64,14 +81,14 @@ export async function POST(
      }
    );

-    // Update request status — clear admin notes on re-approval
+    // Step 4: Update request status — clear admin notes on re-approval
    const updated = await updateTenantRequestStatus(id, "provisioning", {
      adminNotes: isReApproval ? null : adminNotes,
      tenantName,
      clearAdminNotes: isReApproval,
    });

-    // Notify customer
+    // Step 5: Notify customer
    await sendApprovalEmail(
      tenantRequest.contactEmail,
      tenantRequest.contactName,