feat(frontend): add section on global urls

frontend/components/workstation/diffViewer.tsx

@@ -1,16 +1,17 @@
 import {
     Diff,
-    WorkstationDiffContainerImage,
+    WorkstationDiffContainerImage, WorkstationDiffDisableGlobalURLAllowList,
     WorkstationDiffMachineType, WorkstationDiffOnPremAllowList,
     WorkstationDiffURLAllowList
 } from "../../lib/rest/generatedDto";
 import {Heading} from "@navikt/ds-react";
 import {MinusCircleIcon, PlusCircleIcon} from "@navikt/aksel-icons";
 
 export const WorkstationDiffDescriptions: { [key: string]: string } = {
-    [WorkstationDiffContainerImage]: "Kjøremiljø",
-    [WorkstationDiffMachineType]: "Maskin type",
-    [WorkstationDiffURLAllowList]: "URL Filter",
+    [WorkstationDiffDisableGlobalURLAllowList]: "Skru av globale åpninger",
+    [WorkstationDiffContainerImage]: "Utviklingsmiljø",
+    [WorkstationDiffMachineType]: "Maskintype",
+    [WorkstationDiffURLAllowList]: "Tillate URL-er",
     [WorkstationDiffOnPremAllowList]: "On-prem kilder",
 };
 
@@ -29,20 +30,16 @@ const DiffViewerComponent: React.FC<DiffViewerProps> = ({diff}) => {
                 return (
                     <div key={key}>
                         <Heading size="xsmall">{WorkstationDiffDescriptions[key]}</Heading>
-                        {value?.value ? (
-                            <p>{value.value}</p>
-                        ) : (
-                            <div>
-                                {(value?.added?.length ?? 0) > 0 && (
-                                    <div><PlusCircleIcon title="lagt til" fontSize="1.5rem"/><p
-                                        style={{color: 'green'}}>{value?.added.join(', ')}</p></div>
-                                )}
-                                {(value?.removed?.length ?? 0) > 0 && (
-                                    <div><MinusCircleIcon title="fjernet" fontSize="1.5rem"/><p
-                                        style={{color: 'red'}}>{value?.removed.join(', ')}</p></div>
-                                )}
-                            </div>
-                        )}
+                        <div>
+                            {(value?.added?.length ?? 0) > 0 && (
+                                <div><PlusCircleIcon title="lagt til" fontSize="1.5rem"/><p
+                                    style={{color: 'green'}}>{value?.added.join(', ')}</p></div>
+                            )}
+                            {(value?.removed?.length ?? 0) > 0 && (
+                                <div><MinusCircleIcon title="fjernet" fontSize="1.5rem"/><p
+                                    style={{color: 'red'}}>{value?.removed.join(', ')}</p></div>
+                            )}
+                        </div>
                     </div>
                 );
             })}

frontend/components/workstation/form.tsx

@@ -16,6 +16,7 @@ import MachineTypeSelector from "./machineTypeSelector";
 import ContainerImageSelector from "./containerImageSelector";
 import FirewallTagSelector from "./firewallTagSelector";
 import UrlListInput from "./urlListInput";
+import GlobalAllowUrlListInput from "./globalAllowURLListInput";
 
 interface WorkstationInputFormProps {
     workstation?: WorkstationOutput;
@@ -41,10 +42,15 @@ const WorkstationInputForm = (props: WorkstationInputFormProps) => {
     const existingFirewallRules = workstation ? workstation.config ? workstation.config.firewallRulesAllowList : [] : []
     const [selectedFirewallHosts, setSelectedFirewallHosts] = useState(new Set(existingFirewallRules))
     const [urlList, setUrlList] = useState(workstation ? workstation.urlAllowList : [])
+    const [disableGlobalURLAllowList, setDisableGlobalURLAllowList] = useState(false)
     const [machineType, setMachineType] = useState(workstationOptions?.machineTypes?.[0]?.machineType ?? "");
     const [containerImage, setContainerImage] = useState(workstationOptions?.containerImages?.[0]?.image ?? "");
     const runningJobs = workstationJobs?.jobs?.filter((job): job is WorkstationJob => job !== undefined && job.state === WorkstationJobStateRunning);
 
+    const handleDisableGlobalURLAllowList = (value: any) => {
+        setDisableGlobalURLAllowList(value === "true")
+    }
+
     const handleUrlListUpdate = (event: any) => {
         setUrlList(event.target.value.split("\n"))
     }
@@ -66,7 +72,8 @@ const WorkstationInputForm = (props: WorkstationInputFormProps) => {
             machineType: machineType,
             containerImage: containerImage,
             onPremAllowList: Array.from(selectedFirewallHosts),
-            urlAllowList: urlList
+            urlAllowList: urlList,
+            disableGlobalURLAllowList: disableGlobalURLAllowList
         };
 
         try {
@@ -100,7 +107,10 @@ const WorkstationInputForm = (props: WorkstationInputFormProps) => {
                         onToggleSelected={handleFirewallTagChange}
                     />
                     <UrlListInput urlList={urlList} onUrlListUpdate={handleUrlListUpdate}
-                                  defaultUrlList={workstationOptions?.defaultURLAllowList || []}
+                                  defaultUrlList={urlList}
+                    />
+                    <GlobalAllowUrlListInput urlList={workstationOptions?.globalURLAllowList ?? ["Klarte ikke hente listen."]}
+                                             onDisableGlobalURLAllowList={handleDisableGlobalURLAllowList}
                     />
                     <div className="flex flex-row gap-3">
                         {(workstation === null || workstation === undefined) ?

frontend/components/workstation/globalAllowURLListInput.tsx

@@ -0,0 +1,35 @@
+import {Textarea, RadioGroup, Radio, Stack} from "@navikt/ds-react";
+
+interface GlobalAllowURLListInputProps {
+    urlList: string[];
+    onDisableGlobalURLAllowList: (event: any) => void;
+}
+
+const GlobalAllowUrlListInput: React.FC<GlobalAllowURLListInputProps> = ({ urlList, onDisableGlobalURLAllowList }) => {
+    return (
+        <div className="flex gap-2 flex-col">
+            <RadioGroup
+                legend="Behold globale åpninger"
+                defaultValue="false"
+                onChange={onDisableGlobalURLAllowList}
+                description="Vi har lagt til en liste over URL-er som er administrert sentralt, og tilgjengelig for alle brukere. Dette er åpninger som vil gi deg en bedre brukeropplevelse.
+                Hvis du har behov, så kan du melde deg av disse URL-ene, men vi anbefaler at du ikke gjør det."
+            >
+                <Stack gap="0 6" direction={{ xs: "column", sm: "row" }} wrap={false}>
+                    <Radio value="false">Ja (anbefalt)</Radio>
+                    <Radio value="true">Nei</Radio>
+                </Stack>
+            </RadioGroup>
+            <Textarea
+                label="URL-er som er lagt til globalt"
+                defaultValue={urlList.join("\n")}
+                size="small"
+                maxRows={2500}
+                readOnly
+                resize
+            />
+        </div>
+    );
+};
+
+export default GlobalAllowUrlListInput;

frontend/components/workstation/urlListInput.tsx

@@ -3,11 +3,10 @@ import { ExternalLink } from "@navikt/ds-icons";
 
 interface UrlListInputProps {
     urlList: string[];
-    defaultUrlList: string[];
     onUrlListUpdate: (event: any) => void;
 }
 
-const UrlListInput: React.FC<UrlListInputProps> = ({ urlList, defaultUrlList, onUrlListUpdate }) => {
+const UrlListInput: React.FC<UrlListInputProps> = ({ urlList, onUrlListUpdate }) => {
     return (
         <div className="flex gap-2 flex-col">
             <Label>Oppgi hvilke internett-URL-er du vil åpne mot</Label>
@@ -19,7 +18,7 @@ const UrlListInput: React.FC<UrlListInputProps> = ({ urlList, defaultUrlList, on
             </p>
             <Textarea
                 onChange={onUrlListUpdate}
-                defaultValue={urlList.length > 0 ? urlList.join("\n") : defaultUrlList.join("\n")}
+                defaultValue={urlList ? urlList.length > 0 ? urlList.join("\n") : "" : ""}
                 size="medium"
                 maxRows={2500}
                 hideLabel

frontend/lib/rest/generatedDto/index.ts

@@ -955,6 +955,7 @@ export const FirewallAllowRulePriorityMin = 1000;
 export const FirewallAllowRulePriorityMax = 200_000_000;
 export const FirewallDenyRulePriorityMin = 210_000_000;
 export const FirewallDenyRulePriorityMax = 410_000_000;
+export const GlobalURLAllowListName = "global-allow";
 export type SecureWebProxyAPI = any;
 export interface EnsureProxyRuleWithURLList {
   /**
@@ -1475,12 +1476,14 @@ export const MachineTypeN2DStandard32 = "n2d-standard-32";
 export const ContainerImageVSCode = "europe-north1-docker.pkg.dev/cloud-workstations-images/predefined/code-oss:latest";
 export const ContainerImageIntellijUltimate = "europe-north1-docker.pkg.dev/cloud-workstations-images/predefined/intellij-ultimate:latest";
 export const ContainerImagePosit = "europe-north1-docker.pkg.dev/posit-images/cloud-workstations/workbench:latest";
+export const WorkstationDiffDisableGlobalURLAllowList = "disable_global_url_allow_list";
 export const WorkstationDiffContainerImage = "container_image";
 export const WorkstationDiffMachineType = "machine_type";
 export const WorkstationDiffURLAllowList = "url_allow_list";
 export const WorkstationDiffOnPremAllowList = "on_prem_allow_list";
 export const WorkstationUserRole = "roles/workstations.user";
 export const WorkstationImagesTag = "latest";
+export const WorkstationDisableGlobalURLAllowListAnnotation = "disable-global-url-allow-list";
 export const WorkstationOnpremAllowlistAnnotation = "onprem-allowlist";
 export const WorkstationConfigIDLabel = "workstation_config_id";
 export const DefaultWorkstationProxyURL = "http://proxy.knada.local:443";
@@ -1512,14 +1515,14 @@ export interface WorkstationJob {
   containerImage: string;
   urlAllowList: string[];
   onPremAllowList: string[];
+  disableGlobalURLAllowList: boolean;
   startTime: string /* RFC3339 */;
   state: WorkstationJobState;
   duplicate: boolean;
   errors: string[];
   diff: { [key: string]: Diff | undefined};
 }
 export interface Diff {
-  value: string;
   added: string[];
   removed: string[];
 }
@@ -1559,9 +1562,9 @@ export interface WorkstationOptions {
    */
   machineTypes: (WorkstationMachineType | undefined)[];
   /**
-   * Default URL allow list
+   * Global URL allow list
    */
-  defaultURLAllowList: string[];
+  globalURLAllowList: string[];
 }
 export interface FirewallTag {
   name: string;
@@ -1587,6 +1590,10 @@ export interface WorkstationInput {
    * ContainerImage is the image that will be used to run the workstation
    */
   containerImage: string;
+  /**
+   * DisableGlobalURLAllowList is a flag to disable the global URL allow list
+   */
+  disableGlobalURLAllowList: boolean;
   /**
    * URLAllowList is a list of the URLs allowed to access from workstation
    */
@@ -1848,6 +1855,10 @@ export interface WorkstationConfigOutput {
    * The firewall rules that the user has associated with their workstation
    */
   firewallRulesAllowList: string[];
+  /**
+   * Has the global URL allow list been disabled for this workstation
+   */
+  disableGlobalURLAllowList: boolean;
   /**
    * Environment variables passed to the container's entrypoint.
    */

pkg/service/core/service_workstations.go

@@ -407,6 +407,10 @@ func (s *workstationService) EnsureWorkstation(ctx context.Context, user *servic
 	urlList := input.URLAllowList
 	uniqueURLList := make(map[string]struct{})
 	for _, u := range urlList {
+		if len(u) == 0 {
+			continue
+		}
+
 		uniqueURLList[u] = struct{}{}
 	}
 
@@ -611,6 +615,10 @@ func (s *workstationService) UpdateWorkstationURLList(ctx context.Context, user
 	urlList := input.URLAllowList
 	uniqueURLList := make(map[string]struct{})
 	for _, u := range urlList {
+		if len(u) == 0 {
+			continue
+		}
+
 		uniqueURLList[u] = struct{}{}
 	}