[release-4.20 ]OCPBUGS-84041: Fix template placeholder {{name}} not resolved and runtime error on Group details page

[Leo6Leo]

Summary

Cherry-pick of #15780 to release-4.20 (manually adapted due to code structure differences between main and release-4.20).

• Fix impersonate action in group.tsx to pass group name as a named i18n parameter ({ name: group?.metadata?.name }) instead of the whole metadata object, preventing raw {{name}} placeholder display
• Add optional chaining to guard against undefined metadata in impersonate action
• Add input validation in AddUsersModal — guard against undefined group and filter empty user entries before submitting
• Add new i18n string for the updated modal text

Bug

https://redhat.atlassian.net/browse/OCPBUGS-84041

Test plan

• Navigate to Group details page, click the Action list → verify "Impersonate Group " shows correctly
• Click "Add Users" → verify the modal shows "Add new users to group "
• Add users and click Save → verify no runtime error occurs

Summary by CodeRabbit

• Bug Fixes

  • Improved error handling when group data may be unavailable, preventing crashes during group operations.
  • Enhanced input validation in user addition modal to filter invalid entries.

• Improvements

  • Updated modal description text for better clarity.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: fa414569-3fd0-4371-a908-b40645079870

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The changes add defensive null-safety checks across group management components using optional chaining (?.) to prevent accessing undefined properties. The add-users modal is refactored to remove lodash dependency, improve input validation, and add an early return for missing metadata. A corresponding i18n translation key is added for the modal description.

Changes

Cohort / File(s)	Summary
Defensive null-safety updates frontend/public/components/group.tsx, frontend/public/components/modals/add-users-modal.tsx	Added optional chaining (?.) when accessing group?.metadata?.name to prevent property access errors. In group.tsx, the impersonation action template and callback now use optional chaining. In add-users-modal.tsx, the modal description uses optional chaining and includes early returns for missing group metadata or invalid users.
Input validation refactoring frontend/public/components/modals/add-users-modal.tsx	Removed lodash-es dependency; user inputs are now trimmed and filtered inline to exclude empty values. The submit handler uses validUsers array instead of raw input values for the JSON patch payload.
Hook organization frontend/public/components/modals/add-users-modal.tsx	Moved useTranslation hook definition to execute before the submit function for improved hook ordering.
Translation addition frontend/public/locales/en/public.json	Added new i18n translation entry for Add new users to group {{name}} (without trailing period).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the bug (OCPBUGS-84041) and summarizes the main fixes: resolving template placeholder and runtime error on Group details page.
Description check	✅ Passed	The PR description covers the key sections: summary of changes, bug reference with link, and detailed test plan with multiple validation steps.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	The custom check for Ginkgo test names is not applicable to this PR, which only modifies frontend TypeScript components and JSON translation files with no Go test files.
Test Structure And Quality	✅ Passed	Ginkgo test structure check is not applicable; PR modifies TypeScript/React frontend files only, not Go test files.
Microshift Test Compatibility	✅ Passed	PR modifies only frontend components and translation files, not Ginkgo e2e tests
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This check targets Ginkgo e2e tests, but the PR only modifies TypeScript/React components and JSON translation files.
Topology-Aware Scheduling Compatibility	✅ Passed	The custom check for topology-aware scheduling compatibility is not applicable to this pull request. The PR exclusively modifies frontend UI components (React/TypeScript) and translation files to fix template placeholder display and add input validation in the OpenShift console. These changes do not introduce any Kubernetes scheduling constraints, deployment manifests, operator code, or pod orchestration logic that would be affected by different OpenShift topologies.
Ote Binary Stdout Contract	✅ Passed	PR modifies only frontend TypeScript/JavaScript and translation files. No changes to Go test code or process-level code that could impact stdout in Go binaries.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR contains only TypeScript component fixes and JSON translation updates with no e2e or Ginkgo tests added.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@Leo6Leo: This pull request references Jira Issue OCPBUGS-84041, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-66052 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-66052 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0, 4.21.z
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (xiyuzhao@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

Cherry-pick of #15780 to release-4.20 (manually adapted due to code structure differences between main and release-4.20).

• Fix impersonate action in group.tsx to pass group name as a named i18n parameter ({ name: group?.metadata?.name }) instead of the whole metadata object, preventing raw {{name}} placeholder display
• Add optional chaining to guard against undefined metadata in impersonate action
• Add input validation in AddUsersModal — guard against undefined group and filter empty user entries before submitting
• Add new i18n string for the updated modal text

Bug

https://redhat.atlassian.net/browse/OCPBUGS-84041

Test plan

• Navigate to Group details page, click the Action list → verify "Impersonate Group " shows correctly
• Click "Add Users" → verify the modal shows "Add new users to group "
• Add users and click Save → verify no runtime error occurs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Leo6Leo
Once this PR has been reviewed and has the lgtm label, please assign jhadvig for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• frontend/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Leo6Leo]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openshift-ci-robot]

@Leo6Leo: This pull request references Jira Issue OCPBUGS-84041, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.20.z) matches configured target version for branch (4.20.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-66052 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-66052 targets the "4.21.0" version, which is one of the valid target versions: 4.21.0, 4.21.z
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (xiyuzhao@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary

Cherry-pick of #15780 to release-4.20 (manually adapted due to code structure differences between main and release-4.20).

• Fix impersonate action in group.tsx to pass group name as a named i18n parameter ({ name: group?.metadata?.name }) instead of the whole metadata object, preventing raw {{name}} placeholder display
• Add optional chaining to guard against undefined metadata in impersonate action
• Add input validation in AddUsersModal — guard against undefined group and filter empty user entries before submitting
• Add new i18n string for the updated modal text

Bug

https://redhat.atlassian.net/browse/OCPBUGS-84041

Test plan

• Navigate to Group details page, click the Action list → verify "Impersonate Group " shows correctly
• Click "Add Users" → verify the modal shows "Add new users to group "
• Add users and click Save → verify no runtime error occurs

Summary by CodeRabbit

• Bug Fixes

• Improved error handling when group data may be unavailable, preventing crashes during group operations.

• Enhanced input validation in user addition modal to filter invalid entries.

• Improvements

• Updated modal description text for better clarity.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@frontend/public/components/group.tsx`:
- Around line 60-71: The callback passes group?.metadata?.name (possibly
undefined) into startImpersonate and accessReview.name which can cause runtime
errors; add a guard that checks for a non-empty group.metadata.name before
calling startImpersonate or constructing the accessReview, e.g., disable or
no-op the callback when name is falsy, and ensure accessReview.name and the i18n
label use a safe fallback only when a real name exists; update the anonymous
callback in the menu entry (the function that calls startImpersonate and
navigate) and the accessReview object to only run/contain values when
group?.metadata?.name is defined.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 814d2222-5502-4460-baa6-00bbf07b2ee4

📥 Commits

Reviewing files that changed from the base of the PR and between 726b531 and d075a21.

📒 Files selected for processing (3)

• frontend/public/components/group.tsx
• frontend/public/components/modals/add-users-modal.tsx
• frontend/public/locales/en/public.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Guard impersonation when group name is missing.

At Line 62, startImpersonate can still receive undefined via group?.metadata?.name, which can trigger a runtime failure in the impersonation path. Line 70 propagates the same risk into accessReview.name.

Suggested fix

-const getImpersonateAction = (
-  startImpersonate: StartImpersonate,
-  navigate: NavigateFunction,
-): KebabAction => (kind: K8sKind, group: GroupKind) => ({
-  label: i18next.t('public~Impersonate Group {{name}}', { name: group?.metadata?.name }),
-  callback: () => {
-    startImpersonate('Group', group?.metadata?.name);
-    navigate(window.SERVER_FLAGS.basePath);
-  },
-  accessReview: {
-    group: 'authorization.k8s.io',
-    resource: 'groups',
-    name: group?.metadata?.name,
-    verb: 'impersonate',
-  },
-});
+const getImpersonateAction = (
+  startImpersonate: StartImpersonate,
+  navigate: NavigateFunction,
+): KebabAction => (kind: K8sKind, group: GroupKind) => {
+  const groupName = group?.metadata?.name;
+  return {
+    label: i18next.t('public~Impersonate Group {{name}}', { name: groupName ?? '' }),
+    callback: () => {
+      if (!groupName) {
+        return;
+      }
+      startImpersonate('Group', groupName);
+      navigate(window.SERVER_FLAGS.basePath);
+    },
+    accessReview: {
+      group: 'authorization.k8s.io',
+      resource: 'groups',
+      name: groupName,
+      verb: 'impersonate',
+    },
+  };
+};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@frontend/public/components/group.tsx` around lines 60 - 71, The callback
passes group?.metadata?.name (possibly undefined) into startImpersonate and
accessReview.name which can cause runtime errors; add a guard that checks for a
non-empty group.metadata.name before calling startImpersonate or constructing
the accessReview, e.g., disable or no-op the callback when name is falsy, and
ensure accessReview.name and the i18n label use a safe fallback only when a real
name exists; update the anonymous callback in the menu entry (the function that
calls startImpersonate and navigate) and the accessReview object to only
run/contain values when group?.metadata?.name is defined.

[Leo6Leo]

/retest-required

[openshift-ci]

@Leo6Leo: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.