[cockpit] Admin-only link back to the admin console from a member instance #300
Labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
lhumina_code/home_lhumina#300
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
An admin who is signed into a member instance has no obvious way back to the admin console. Hiding the admin instance from a normal member is correct by design (a member must never see or reach the control plane), but an admin needs a path home. A senior dev with admin access hit this from their own member instance.
Add an admin-only Admin console link in the member cockpit navbar. Gate it on the signed-in user being an admin (the member instance is already seeded with the admin access accounts), not on the machine role, so a normal member never sees it and the by-design hiding is preserved. The deployer injects its own public console URL as a non secret config value at provision, and the cockpit renders the link (opening in a new tab) only for admin users.
Decisions to confirm at build time: gate on user-is-admin and not the machine role; the admin console URL is injected config (a public hostname, not a secret), which lightly couples a member instance to the admin instance for this admin-only convenience; cockpit navbar only for a first version, and revisit surfacing it inside hero_os later.
Cross repo: hero_cockpit (the conditional navbar link and the admin-user check) and the deployer (inject the admin console URL at provision). Relates to lhumina_code/home#282 (machine and fleet roles).
An admin signed into a member instance now sees a link back to the admin console, and a regular member never does. Live across the fleet. Closing as done.