Backport of UI: Enable KV create secret with Control Group into release/1.14.x #22481
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hc-github-team-secure-vault-core
force-pushed
the
backport/ui/VAULT-7223/allow-control-group-on-post/recently-excited-thrush
branch
from
3cd437e to
4859aab
Compare
hc-github-team-secure-vault-core
force-pushed
the
backport/ui/VAULT-7223/allow-control-group-on-post/recently-excited-thrush
branch
from
64c535b to
04ffab1
Compare
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
|
Build Results: |
hashishaw
approved these changes
Aug 21, 2023
hashishaw
deleted the
backport/ui/VAULT-7223/allow-control-group-on-post/recently-excited-thrush
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #22471 to be assessed for backporting due to the inclusion of the label backport/1.14.x.
The below text is copied from the body of the original PR.
This PR fixes the experience in the UI when attempting to create a new secret while a policy utilizing control groups. The example policy below which requires authorization for read, create, and update:
Before
Before, the submit button was disabled if there was an API error:
Once resubmit was enabled, there was a loop where each subsequent request to create the secret would generate a new control group accessor (which shows on the error banner):
After
I added notes to the codebase, but essentially we need to mark the token for unwrap when we handle the control group error in the control group, so that the next request attempts to unwrap instead of call the same POST endpoint.
Since I tested with a control group on read as well, I added a flash message to successful create or update in case the show page redirects to the control group page:
authorizing this request takes you back to the create page, but fixing that is out of scope of this fix.
A note about updating
This flow also technically enables secret updating via the UI with a control group, but if you navigate to the update page via the UI (rather than a direct link) the redirections will prevent you from ever reaching the update form because the UI re-fetches the secret data on the update page. This flow should be fully fixed with #22426 and the navigation refresh
Overview of commits