scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

UI: Fix metadata tab not showing given policy (#15824)

Browse Source 
* Update path that metadata tab checks capabilities against

* Add changelog

* Update test to handle this case

* Fix tests url

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
This commit is contained in:
Chelsea Shaw
2022-06-07 10:56:44 -05:00
committed by GitHub
parent bd4389a8b6
commit 551ba2c0a4
3 changed files with 26 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/15824.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
ui: Fix issue where metadata tab is hidden even though policy grants access
```

5
ui/app/components/secret-edit.js
View File

@@ -78,8 +78,9 @@ export default class SecretEdit extends Component {
if (!context.args.model || !context.isV2) { if (!context.args.model || !context.isV2) {
return; return;
} }
let backend = context.args.model.backend; const backend = context.args.model.backend;
let path = `${backend}/metadata/`; const id = context.args.model.id;
const path = `${backend}/metadata/${id}`;
return { return {
id: path, id: path,
}; };

29
ui/tests/acceptance/secrets/backend/kv/secret-test.js
View File

@@ -29,6 +29,18 @@ let writeSecret = async function (backend, path, key, val) {
return editPage.createSecret(path, key, val); return editPage.createSecret(path, key, val);
}; };
let deleteEngine = async function (enginePath, assert) {
await logout.visit();
await authPage.login();
await consoleComponent.runCommands([`delete sys/mounts/${enginePath}`]);
const response = consoleComponent.lastLogOutput;
assert.equal(
response,
`Success! Data deleted (if it existed) at: sys/mounts/${enginePath}`,
'Engine successfully deleted'
);
};
module('Acceptance | secrets/secret/create', function (hooks) { module('Acceptance | secrets/secret/create', function (hooks) {
setupApplicationTest(hooks); setupApplicationTest(hooks);
@@ -528,18 +540,17 @@ module('Acceptance | secrets/secret/create', function (hooks) {
}); });
test('version 2 with no access to data but access to metadata shows metadata tab', async function (assert) { test('version 2 with no access to data but access to metadata shows metadata tab', async function (assert) {
assert.expect(5);
let enginePath = 'kv-metadata-access-only'; let enginePath = 'kv-metadata-access-only';
let secretPath = 'kv-metadata-access-only-secret-name'; let secretPath = 'nested/kv-metadata-access-only-secret-name';
const V2_POLICY = ` const V2_POLICY = `
path "${enginePath}/metadata/*" { path "${enginePath}/metadata/nested/*" {
capabilities = ["read", "update", "list"] capabilities = ["read", "update"]
} }
`; `;
await consoleComponent.runCommands([ await consoleComponent.runCommands([
`write sys/mounts/${enginePath} type=kv options=version=2`, `write sys/mounts/${enginePath} type=kv options=version=2`,
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`, `write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
// delete any kv previously written here so that tests can be re-run
`delete ${enginePath}/metadata/${secretPath}`,
'write -field=client_token auth/token/create policies=kv-v2-degrade', 'write -field=client_token auth/token/create policies=kv-v2-degrade',
]); ]);
@@ -548,15 +559,15 @@ module('Acceptance | secrets/secret/create', function (hooks) {
await logout.visit(); await logout.visit();
await authPage.login(userToken); await authPage.login(userToken);
await settled(); await settled();
await click(`[data-test-auth-backend-link=${enginePath}]`); await visit(`/vault/secrets/${enginePath}/show/${secretPath}`);
await click(`[data-test-secret-link="${secretPath}"]`);
assert.dom('[data-test-empty-state-title]').hasText('You do not have permission to read this secret.'); assert.dom('[data-test-empty-state-title]').hasText('You do not have permission to read this secret.');
assert.dom('[data-test-secret-metadata-tab]').exists('Metadata tab exists');
await editPage.metadataTab(); await editPage.metadataTab();
await settled(); await settled();
assert.dom('[data-test-empty-state-title]').hasText('No custom metadata'); assert.dom('[data-test-empty-state-title]').hasText('No custom metadata');
assert.dom('[data-test-add-custom-metadata]').exists('it shows link to edit metadata'); assert.dom('[data-test-add-custom-metadata]').exists('it shows link to edit metadata');
await deleteEngine(enginePath, assert);
}); });
test('version 2: with metadata no read or list but with delete access and full access to the data endpoint', async function (assert) { test('version 2: with metadata no read or list but with delete access and full access to the data endpoint', async function (assert) {