firewall: Show any included services on a service

[croissanne]

@martinpitt

[marusak]

Cool stuff :)
I was at first just rather confused :D Have you talked about this with @garrett or @andreasn ?
I know that not always there has to be Details tab. But why the second one has FreeIPA 4 server (itself) but first has Details and not DNS?
Maybe it would be better to have just one tab Included Services and having some listing in there?
What do you think @garrett ?

[croissanne]

@marusak yea I wasn't sure about the design at all. More consistency there would be good I agree.

[garrett]

This is really cool.

I've always thought it's a little odd to have 1 tab for details.

I wonder if it makes sense to remove the tabs altogether and show all the information below.

Is there a service that pulls in more services than FreeIPA currently?

[croissanne]

@garrett I think freeipa-4 includes quite a lot. Most are about 4-5.

[marusak]

Needs to rebase to master since #12367 changed tests names

[martinpitt]

Very nice! Just one fixme in the tests, the rest looks good.

[martinpitt]

This should actually be obsolete now. But let's keep it here, and we can drop all cockpit.all() in a separate PR.

[martinpitt]

Please do an "else:" here, so that we have a reminder (failing test) once firewalld 0.7 trickles into distros. For example, debian-testing already has 0.7, so please add it here.

[croissanne]

I think our debian-testing is still buster?

But i will add the else!

[croissanne]

@garrett Would the updated photo's design work better?

[garrett]

What if the we ditched the tabs entirely and had the services listed under the details text?

Something like this:

---

FreeIPA is an LDAP and Kerberos domain controller for Linux systems. Enable this option if you plan to provide a FreeIPA Domain Controller using the LDAP protocol. You can also enable the 'freeipa-ldaps' service if you want to provide the LDAPS protocol. Enable the 'dns' service if this FreeIPA server provides DNS services and 'freeipa-replication' service if this FreeIPA server is part of a multi-master replication setup.

Included Services

• WWW (HTTP), port 80: HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.
• Secure WWW (HTTPS), port 443: HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.
• Kerberos, port 88: Kerberos network authentication protocol server Kpasswd: Kerberos password (Kpasswd) server
• LDAP, port 389: Lightweight Directory Access Protocol (LDAP) server
• LDAPS, port 636: Lightweight Directory Access Protocol (LDAP) over Secure Sockets Layer (SSL) server

---

It's just a heading (probably an h4 or h5 — whatever is 1 more than the previous heading), which would be styled to be no larger than the row's text (so we'll probably need to do font-size: inherit on it here), then a <li> with <strong> for each item's title.

I don't think it would be too tall to do it this way. As there's nothing but informative text, I'd like it if we could keep it all together in the details.

If we eventually add more features, we could then we could reconsider tabs. But I'm not sure what features that would be. For example: Editing is about which zone the service is in really... or if it's a custom rule, then the ports selected too. (In other words: editing would be in a dialog, not inline in an expanded row.) So if not editing, then what? This is why I don't think we need tabs here, either in the present or the future.

---

TL;DR: Bulleted list with a heading. Names of services would be in a <strong> tag. No tabs.

[marusak]

Looks great now! :) Both debian stable and testing failed in testFirewallPage exactly in the same way which seems suspicious. I've retried it, lets see

[marusak]

this tabs just tests if tabs is defined and if is, then it shows heading? Wouldn't it make sense to just show heading when defined? ({ heading })
Or wouldn something like simpleBody || (heading && tabs) work? (reading like "set simpleBody or heading followed by tabs")

[marusak]

I am afraid that tests are broken on debian. I've seen 4 results and all 4 failed the same way on testFirewallPage. Unfortunately needs work

[martinpitt]

Thanks! This is much more elegant.

[martinpitt]

Too many flakes, retrying a bit. Please self-land when all firewall tests pass.

[martinpitt]

Still two firewall failures, retrying more.

needs rework for changed firewalld API

[martinpitt]

Thanks!

[martinpitt]

Follow-up: Start with this call, and if it fails, fall back to the old one and set includes to empty. Saves one call on new firewalld, and on older versions there's no change (one succeeding and one failing call).

[croissanne]

Right, that would make a lot more sense. I'll do it as a followup, this one has been in the pipeline too long :p

[martinpitt]

@Gundersanne : can you please send a PR against the rhel-8.1 branch with this backported?

[croissanne]

@martinpitt sure, will be my first backport :D

[martinpitt]

@Gundersanne: Sorry, can you please do the screenshot slightly wider (to avoid the label wrap) and have some more context? Right now it's hard to see from where this actually happens.

[croissanne]

@martinpitt