Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UI: [VAULT-19783] Set up root token warning modal #23277

Merged
merged 18 commits into from
Oct 12, 2023

Conversation

kiannaquach
Copy link
Contributor

@kiannaquach kiannaquach commented Sep 25, 2023

Description
New designs/ux for the root token warning.

  1. Keep the flash message but make it sticky for non-dev users
  2. Show a warning message in the namespace picker.
Screenshot 2023-10-06 at 3 02 16 PM Screenshot 2023-10-06 at 3 00 33 PM

@kiannaquach kiannaquach added the ui label Sep 25, 2023
@kiannaquach kiannaquach added this to the 1.15.1 milestone Sep 25, 2023
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Sep 25, 2023
@github-actions
Copy link

github-actions bot commented Sep 25, 2023

CI Results:
All Go tests succeeded! ✅

ui/app/services/namespace.js Outdated Show resolved Hide resolved
ui/app/controllers/vault/cluster/auth.js Outdated Show resolved Hide resolved
@github-actions
Copy link

Build Results:
All builds succeeded! ✅

@kiannaquach kiannaquach modified the milestones: 1.15.1, 1.16.0-rc1 Sep 28, 2023
Copy link
Contributor

@Monkeychip Monkeychip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question, but nothing blocking. Thank you for this!

@@ -32,6 +32,15 @@
</div>
</div>
<div class="namespace-list {{if this.isAnimating 'animated-list'}}">
{{#if this.auth.isRootToken}}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opted to follow what's being done in the user menu dropdown see here. hen we use AlertInline, with type warning the icon looks really small and styling gets a little wonky and with type compact the namespace picker dropdown gets pulled to the top (see attached images).

changelog/23277.txt Outdated Show resolved Hide resolved
Copy link
Contributor

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! Just needs an updated changelog, and one question about the sticky flash message. I imagine this is going to just cause more people frustration and not lead to more people reading the message, unfortunately. It may be unnecessary to make it sticky since we have more information in the namespace picker now

this.flashMessages.warning(
'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.'
'You have logged in with a root token. As a security precaution, this root token will not be stored by your browser and you will need to re-authenticate after the window is closed or refreshed.',
ENV.environment !== 'development' ? { sticky: true } : {}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is making the flash message sticky necessary?

Copy link
Contributor

@hellobontempo hellobontempo Oct 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the alternative we decided in UI sync last week instead of implementing a modal (since that seemed the most disruptive)

But - I'd agree that the overall issue is I think when users are logged out unexpectedly which happens 1. changing namespaces and 2. when we refresh internally

The dropdown alert solves number 1. For number 2 - we could revert the sticky flash message, or make it appear a little bit longer, in favor of tracking down and adding a warning to the "sneaky" times we log people out. What do you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought the initial intent of the modal was to warn people after they have clicked a namespace link, before we transition them, to warn that they were about to be logged out due to using a root token. That seems to be where the most complaints have been, which corresponds to your 1 above.

For refreshing internally, it probably would be good to have at least an internal map of when that happens. I haven't heard as many complaints about that but if the longer-lived flash message was discussed to handle that case, that makes sense to me

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed alternatives to the modal during ui sync last week because there was confusion on the original ask.

That's helpful context that most of the complaints were related to changing namespaces. I agree - the namespace picker feels sufficient.

We didn't discuss a longer-lived flash message, but perhaps that can be revisited (along with internal mapping of refreshing) if more user complaints come in after this change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing thanks Claire + Chelsea for the feedback! I just updated the changelog + removed the sticky from the flash message. If either one of you has time, could you take a look? :)

Copy link
Contributor

@hashishaw hashishaw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thank you for your diligence!

@kiannaquach kiannaquach enabled auto-merge (squash) October 12, 2023 01:18
@kiannaquach kiannaquach merged commit f155442 into main Oct 12, 2023
68 checks passed
@kiannaquach kiannaquach deleted the ui/VAULT-19783/root-token-warning-modal branch October 12, 2023 01:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed ui
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants