Merging in main

.fides/db_dataset.yml

@@ -1141,6 +1141,10 @@ dataset:
       description: 'Fides Generated Description for Column: updated_at'
       data_categories: [system.operations]
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: replaceable
+      description: 'Fides Generated Description for Column: replaceable'
+      data_categories: [system.operations]
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: datasetconfig
     data_categories: []
     data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified

.github/workflows/backend_checks.yml

@@ -148,9 +148,10 @@ jobs:
           - "ops-unit"
           - "ops-integration"
           - "lib"
+          - "nox"
 
     runs-on: ubuntu-latest
-    timeout-minutes: 15
+    timeout-minutes: 20
     continue-on-error: true
     steps:
       - name: Download container

.github/workflows/frontend_checks.yml

@@ -71,7 +71,7 @@ jobs:
           install: false
           start: npm run cy:start
           wait-on: "http://localhost:3000"
-          wait-on-timeout: 120
+          wait-on-timeout: 180
 
       - uses: actions/upload-artifact@v3
         if: failure()

CHANGELOG.md

@@ -17,6 +17,25 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.10.0...main)
 
+### Added
+* Access support for Shippo [#2484](https://github.com/ethyca/fides/pull/2484)
+* Feature flags can be set such that they cannot be modified by the user [#2966](https://github.com/ethyca/fides/pull/2966)
+* Added the datamap UI to make it open source [#2988](https://github.com/ethyca/fides/pull/2988)
+* Introduced a `FixedLayout` component (from the datamap UI) for pages that need to be a fixed height and scroll within [#2992](https://github.com/ethyca/fides/pull/2992)
+
+### Changed
+* Set `privacyDeclarationDeprecatedFields` flags to false and set `userCannotModify` to true [2987](https://github.com/ethyca/fides/pull/2987)
+* Restored `nav-config` back to the admin-ui [#2990](https://github.com/ethyca/fides/pull/2990)
+
+### Removed
+* Removed interzone navigation logic now that the datamap UI and admin UI are one app [#2990](https://github.com/ethyca/fides/pull/2990)
+
+### Changed
+* Updated the check for if a user can assign owner roles to be scope-based instead of role-based [#2964](https://github.com/ethyca/fides/pull/2964)
+
+### Developer Experience
+* Nox commands for git tagging to support feature branch builds [#2979](https://github.com/ethyca/fides/pull/2979)
+
 ## [2.10.0](https://github.com/ethyca/fides/compare/2.9.2...2.10.0)
 
 ### Added
@@ -45,6 +64,8 @@ The types of changes are:
 * Restricted setting Approvers as System Managers [#2891](https://github.com/ethyca/fides/pull/2891)
 * Adds confirmation modal when downgrading user to "approver" role via Admin UI [#2924](https://github.com/ethyca/fides/pull/2924)
 * Changed the toast message for new users to include access control info [#2939](https://github.com/ethyca/fides/pull/2939)
+* Add Data Stewards to datamap export [#2962](https://github.com/ethyca/fides/pull/2962)
+
 
 ### Fixed
 

clients/admin-ui/README.md

@@ -38,6 +38,8 @@ running the app, for example:
 
 Or you can configure the environment using `env.local` as described by the [Next.js docs](https://nextjs.org/docs/basic-features/environment-variables#loading-environment-variables).
 
+In addition, you can mark a flag as `userCannotModify: true` in `flags.json`. This will prevent the user from seeing that flag as an override-able option in the Beta Features section. However, the values given to the various environments will still be in effect. Therefore, you can still control the flag with the same level of granularity via the `flags.json` file, but not via the UI.
+
 ## Preparing for production
 
 To view a production version of this site, including the backend:

clients/admin-ui/cypress/README.md

@@ -12,7 +12,7 @@ npm run start
 npm run cy:open
 ```
 
-However, because we do some [inter-zone navigation](https://github.com/ethyca/fides/blob/main/clients/admin-ui/src/features/common/zones/config.ts/#L12-L24) which Cypress will not handle due to security risks, sometimes it is important to run the webapp with `NODE_ENV=test`. We have a command `cy:start` which captures that, and also makes the server a little faster via a production build. This will potentially cause issues if testing manually with `fidesplus`, however the Cypress tests will run properly.
+To run against a production build of the app (faster, but no hot reloading):
 
 ```
 # Start the webapp in test mode

clients/admin-ui/cypress/e2e/auth.cy.ts

@@ -1,4 +1,4 @@
-import { SYSTEM_ROUTE } from "~/constants";
+import { SYSTEM_ROUTE } from "~/features/common/nav/v2/routes";
 
 describe("User Authentication", () => {
   describe("when the user not logged in", () => {

clients/admin-ui/cypress/e2e/config-wizard-plus.cy.ts

@@ -1,6 +1,6 @@
 import { stubPlus } from "cypress/support/stubs";
 
-import { ADD_SYSTEMS_ROUTE } from "~/constants";
+import { ADD_SYSTEMS_ROUTE } from "~/features/common/nav/v2/routes";
 import { ClusterHealth } from "~/types/api";
 
 /**

clients/admin-ui/cypress/e2e/config-wizard.cy.ts

@@ -1,6 +1,6 @@
 import { stubSystemCrud, stubTaxonomyEntities } from "cypress/support/stubs";
 
-import { ADD_SYSTEMS_ROUTE } from "~/constants";
+import { ADD_SYSTEMS_ROUTE } from "~/features/common/nav/v2/routes";
 
 describe("Config Wizard", () => {
   beforeEach(() => {

clients/admin-ui/cypress/e2e/datamap.cy.ts

@@ -0,0 +1,50 @@
+import { stubDatamap } from "cypress/support/stubs";
+
+describe("Datamap table and spatial view", () => {
+  beforeEach(() => {
+    cy.login();
+    stubDatamap();
+  });
+
+  it("Can render only render one view at a time", () => {
+    cy.visit("/datamap");
+    cy.wait("@getDatamap");
+
+    // Only the spatial view should be visible first
+    cy.getByTestId("cytoscape-graph");
+    cy.getByTestId("datamap-table").should("not.exist");
+
+    // Now table view
+    cy.getByTestId("table-btn").click();
+    cy.getByTestId("datamap-table");
+    cy.getByTestId("cytoscape-graph").should("not.exist");
+
+    // Now only the spatial view
+    cy.getByTestId("map-btn").click();
+    cy.getByTestId("cytoscape-graph");
+    cy.getByTestId("datamap-table").should("not.exist");
+
+    // Now table view
+    cy.getByTestId("table-btn").click();
+    cy.getByTestId("datamap-table");
+    cy.getByTestId("cytoscape-graph").should("not.exist");
+
+    // Clicking on the table view again should keep the table view open
+    cy.getByTestId("table-btn").click();
+    cy.getByTestId("datamap-table");
+    cy.getByTestId("cytoscape-graph").should("not.exist");
+  });
+
+  it("Renders a modal to prompt the user to get started when there is no datamap yet", () => {
+    // Button only shows up when data map is empty (no systems)
+    cy.intercept("GET", "/api/v1/datamap/*", {
+      fixture: "datamap/empty_datamap.json",
+    }).as("getEmptyDatamap");
+    cy.visit("/datamap");
+    cy.wait("@getEmptyDatamap");
+
+    cy.getByTestId("get-started-modal");
+    cy.getByTestId("add-systems-btn").click();
+    cy.url().should("contain", "/add-systems");
+  });
+});

clients/admin-ui/cypress/e2e/routes.cy.ts

@@ -1,6 +1,6 @@
 import { stubPlus } from "cypress/support/stubs";
 
-import { ADD_SYSTEMS_ROUTE } from "~/constants";
+import { ADD_SYSTEMS_ROUTE } from "~/features/common/nav/v2/routes";
 import { RoleRegistryEnum } from "~/types/api";
 
 describe("Routes", () => {

clients/admin-ui/cypress/e2e/systems-plus.cy.ts

@@ -4,7 +4,7 @@ import {
   stubTaxonomyEntities,
 } from "cypress/support/stubs";
 
-import { SYSTEM_ROUTE } from "~/constants";
+import { SYSTEM_ROUTE } from "~/features/common/nav/v2/routes";
 
 describe("System management with Plus features", () => {
   beforeEach(() => {

clients/admin-ui/cypress/e2e/systems.cy.ts

@@ -4,7 +4,7 @@ import {
   ADD_SYSTEMS_MANUAL_ROUTE,
   ADD_SYSTEMS_ROUTE,
   SYSTEM_ROUTE,
-} from "~/constants";
+} from "~/features/common/nav/v2/routes";
 
 describe("System management page", () => {
   beforeEach(() => {

clients/admin-ui/cypress/e2e/user-management.cy.ts

@@ -289,6 +289,53 @@ describe("User management", () => {
         expect(body.roles).to.eql(["viewer"]);
       });
     });
+
+    describe("permissions", () => {
+      it("contributors cannot assign permissions to an owner", () => {
+        // assign USER_1_ID to the intercept (otherwise we will get our own, logged in user)
+        cy.fixture("user-management/user.json").then((userData) => {
+          cy.intercept(`/api/v1/user/${USER_1_ID}`, {
+            body: { ...userData, id: USER_1_ID },
+          }).as("getOwner");
+        });
+
+        // the logged in user is a contributor
+        cy.assumeRole(RoleRegistryEnum.CONTRIBUTOR);
+        cy.intercept(`/api/v1/user/${USER_1_ID}/permission`, {
+          fixture: "user-management/permissions.json",
+        }).as("getPermissions");
+        cy.visit(`/user-management/profile/${USER_1_ID}`);
+        cy.getByTestId("tab-Permissions").click();
+
+        // they should get a message about having insufficient access
+        cy.getByTestId("insufficient-access");
+      });
+
+      it("contributors cannot make a user an owner", () => {
+        // assign USER_1_ID to the intercept (otherwise we will get our own, logged in user)
+        cy.fixture("user-management/user.json").then((userData) => {
+          cy.intercept(`/api/v1/user/${USER_1_ID}`, {
+            body: { ...userData, id: USER_1_ID },
+          }).as("getOwner");
+        });
+
+        // the logged in user is a contributor
+        cy.assumeRole(RoleRegistryEnum.CONTRIBUTOR);
+        // the user we are editing has the role of a viewer
+        cy.fixture("user-management/permissions.json").then((permissions) => {
+          cy.intercept(`/api/v1/user/${USER_1_ID}/permission`, {
+            body: { ...permissions, roles: ["viewer"] },
+          });
+        });
+        cy.visit(`/user-management/profile/${USER_1_ID}`);
+        cy.getByTestId("tab-Permissions").click();
+
+        // they should see role options available to click but owner should be disabled
+        cy.getByTestId("role-options");
+        cy.getByTestId("role-option-Owner").should("be.disabled");
+      });
+    });
+
     describe("system managers", () => {
       const systems = [
         "fidesctl_system",