Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UI: Enable KV create secret with Control Group #22471

Merged
merged 6 commits into from
Aug 21, 2023

Conversation

hashishaw
Copy link
Contributor

@hashishaw hashishaw commented Aug 21, 2023

This PR fixes the experience in the UI when attempting to create a new secret while a policy utilizing control groups. The example policy below which requires authorization for read, create, and update:

path "kv-test/data/+/root" {
  capabilities = [ "read","create","update" ]
  
  control_group = {
    factor "authorizer" {
      identity {
        group_names = [ "managers" ]
        approvals = 1
      }
    }
  }  
}

Before
Before, the submit button was disabled if there was an API error:
Screenshot 2023-08-21 at 12 20 50 PM

Once resubmit was enabled, there was a loop where each subsequent request to create the secret would generate a new control group accessor (which shows on the error banner):
Screenshot 2023-08-21 at 12 10 01 PM

After
I added notes to the codebase, but essentially we need to mark the token for unwrap when we handle the control group error in the control group, so that the next request attempts to unwrap instead of call the same POST endpoint.
Since I tested with a control group on read as well, I added a flash message to successful create or update in case the show page redirects to the control group page:
Screenshot 2023-08-21 at 12 12 58 PM
authorizing this request takes you back to the create page, but fixing that is out of scope of this fix.

A note about updating
This flow also technically enables secret updating via the UI with a control group, but if you navigate to the update page via the UI (rather than a direct link) the redirections will prevent you from ever reaching the update form because the UI re-fetches the secret data on the update page. This flow should be fully fixed with #22426 and the navigation refresh

@hashishaw hashishaw added ui bug Used to indicate a potential bug backport/1.12.x labels Aug 21, 2023
@hashishaw hashishaw added this to the 1.12.10 milestone Aug 21, 2023
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Aug 21, 2023
@github-actions
Copy link

Build Results:
All builds succeeded! ✅

Copy link
Contributor

@kiannaquach kiannaquach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@github-actions
Copy link

github-actions bot commented Aug 21, 2023

CI Results:
All Go tests succeeded! ✅

const data = { accessor, token, creation_path, creation_time, ttl };
// data.uiParams = { url: this.router.currentURL };
this.storeControlGroupToken(data);
// In the read flow the accessor is marked once the user clicks "Visit" from the control group page
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for these comments!

@hashishaw hashishaw enabled auto-merge (squash) August 21, 2023 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Used to indicate a potential bug hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed ui
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants