From 6364acba9907122cc4cc35dcef9804b5e18605be Mon Sep 17 00:00:00 2001 From: hc-github-team-secure-vault-core <82990506+hc-github-team-secure-vault-core@users.noreply.github.com> Date: Thu, 7 Mar 2024 14:38:39 -0500 Subject: [PATCH] backport of UI: correctly call resultant-acl when user root is root (#25785) Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> --- changelog/25766.txt | 3 +++ ui/app/adapters/permissions.js | 2 +- ui/tests/unit/adapters/permissions-test.js | 25 ++++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 changelog/25766.txt diff --git a/changelog/25766.txt b/changelog/25766.txt new file mode 100644 index 000000000000..7166fc3a3559 --- /dev/null +++ b/changelog/25766.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: call resultant-acl without namespace header when user mounted at root namespace +``` diff --git a/ui/app/adapters/permissions.js b/ui/app/adapters/permissions.js index 02d9c49a27ca..c6bb15ef7208 100644 --- a/ui/app/adapters/permissions.js +++ b/ui/app/adapters/permissions.js @@ -7,7 +7,7 @@ import ApplicationAdapter from './application'; export default ApplicationAdapter.extend({ query() { - const namespace = this.namespaceService.userRootNamespace || this.namespaceService.path; + const namespace = this.namespaceService.userRootNamespace ?? this.namespaceService.path; return this.ajax(this.urlForQuery(), 'GET', { namespace }); }, diff --git a/ui/tests/unit/adapters/permissions-test.js b/ui/tests/unit/adapters/permissions-test.js index 2bcb12565685..a5e65b2822e0 100644 --- a/ui/tests/unit/adapters/permissions-test.js +++ b/ui/tests/unit/adapters/permissions-test.js @@ -34,4 +34,29 @@ module('Unit | Adapter | permissions', function (hooks) { }); await adapter.query(); }); + test('it calls resultant-acl with the users root namespace when root', async function (assert) { + assert.expect(1); + const adapter = this.owner.lookup('adapter:permissions'); + const nsService = this.owner.lookup('service:namespace'); + const auth = this.owner.lookup('service:auth'); + nsService.setNamespace('admin'); + auth.setCluster('1'); + auth.set('tokens', ['vault-_root_☃1']); + auth.setTokenData('vault-_root_☃1', { userRootNamespace: '', backend: { mountPath: 'token' } }); + + this.server.get('/sys/internal/ui/resultant-acl', (schema, request) => { + assert.false( + Object.keys(request.requestHeaders).includes('X-Vault-Namespace'), + 'request is called without namespace' + ); + + return { + data: { + exact_paths: {}, + glob_paths: {}, + }, + }; + }); + await adapter.query(); + }); });