Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UI: Enable KV create secret with Control Group #22471

Merged
merged 6 commits into from Aug 21, 2023
Merged

UI: Enable KV create secret with Control Group #22471

merged 6 commits into from Aug 21, 2023

Conversation

hashishaw
Copy link
Collaborator

@hashishaw hashishaw commented Aug 21, 2023
edited

This PR fixes the experience in the UI when attempting to create a new secret while a policy utilizing control groups. The example policy below which requires authorization for read, create, and update:

path "kv-test/data/+/root" {
  capabilities = [ "read","create","update" ]
  
  control_group = {
    factor "authorizer" {
      identity {
        group_names = [ "managers" ]
        approvals = 1
      }
    }
  }  
}

Before
Before, the submit button was disabled if there was an API error:
Screenshot 2023-08-21 at 12 20 50 PM

Once resubmit was enabled, there was a loop where each subsequent request to create the secret would generate a new control group accessor (which shows on the error banner):
Screenshot 2023-08-21 at 12 10 01 PM

After
I added notes to the codebase, but essentially we need to mark the token for unwrap when we handle the control group error in the control group, so that the next request attempts to unwrap instead of call the same POST endpoint.
Since I tested with a control group on read as well, I added a flash message to successful create or update in case the show page redirects to the control group page:
Screenshot 2023-08-21 at 12 12 58 PM
authorizing this request takes you back to the create page, but fixing that is out of scope of this fix.

A note about updating
This flow also technically enables secret updating via the UI with a control group, but if you navigate to the update page via the UI (rather than a direct link) the redirections will prevent you from ever reaching the update form because the UI re-fetches the secret data on the update page. This flow should be fully fixed with #22426 and the navigation refresh

@hashishaw hashishaw added ui bug Used to indicate a potential bug backport/1.12.x backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` labels Aug 21, 2023
@hashishaw hashishaw added this to the 1.12.10 milestone Aug 21, 2023
@github-actions github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Aug 21, 2023
@github-actions
Copy link

Build Results:
All builds succeeded! ✅

kiannaquach
kiannaquach approved these changes Aug 21, 2023
View reviewed changes
Copy link
Contributor

@kiannaquach kiannaquach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@github-actions
Copy link

github-actions bot commented Aug 21, 2023
edited

CI Results:
All Go tests succeeded! ✅

hellobontempo
hellobontempo reviewed Aug 21, 2023
View reviewed changes
ui/app/services/control-group.js
const data = { accessor, token, creation_path, creation_time, ttl };
// data.uiParams = { url: this.router.currentURL };
this.storeControlGroupToken(data);
// In the read flow the accessor is marked once the user clicks "Visit" from the control group page
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you for these comments!

@hashishaw hashishaw enabled auto-merge (squash) August 21, 2023 18:56
@hashishaw hashishaw merged commit 2a4dbc1 into main Aug 21, 2023
99 checks passed
@hashishaw hashishaw deleted the ui/VAULT-7223/allow-control-group-on-post branch August 21, 2023 21:17
This was referenced Aug 21, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hellobontempo hellobontempo hellobontempo left review comments

@kiannaquach kiannaquach kiannaquach approved these changes

Assignees
No one assigned
Labels
backport/1.13.x Backport changes to `release/1.13.x` backport/1.14.x Backport changes to `release/1.14.x` bug Used to indicate a potential bug hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed ui
Projects
None yet
Milestone
1.12.10
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hashishaw @kiannaquach @hellobontempo