From 20e93336dff78bb6f24f505f2a4261a363120161 Mon Sep 17 00:00:00 2001
From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
Date: Tue, 28 Jun 2022 14:42:00 -0500
Subject: [PATCH] UI: Fix metadata tab not showing given policy (#15824)
 (#15874)

* Update path that metadata tab checks capabilities against

* Add changelog

* Update test to handle this case

* Fix tests url

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---
 changelog/15824.txt                           |  3 ++
 ui/app/components/secret-edit.js              |  5 ++--
 .../secrets/backend/kv/secret-test.js         | 29 +++++++++++++------
 3 files changed, 26 insertions(+), 11 deletions(-)
 create mode 100644 changelog/15824.txt

diff --git a/changelog/15824.txt b/changelog/15824.txt
new file mode 100644
index 0000000000000..9d9708f0a97b1
--- /dev/null
+++ b/changelog/15824.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix issue where metadata tab is hidden even though policy grants access
+```
diff --git a/ui/app/components/secret-edit.js b/ui/app/components/secret-edit.js
index 5e968a71586ca..2ca5d91c1f247 100644
--- a/ui/app/components/secret-edit.js
+++ b/ui/app/components/secret-edit.js
@@ -98,8 +98,9 @@ export default Component.extend(FocusOnInsertMixin, WithNavToNearestAncestor, {
       if (!context.model || !context.isV2) {
         return;
       }
-      let backend = context.model.backend;
-      let path = `${backend}/metadata/`;
+      const backend = context.model.backend;
+      const id = context.model.id;
+      const path = `${backend}/metadata/${id}`;
       return {
         id: path,
       };
diff --git a/ui/tests/acceptance/secrets/backend/kv/secret-test.js b/ui/tests/acceptance/secrets/backend/kv/secret-test.js
index 7fd85927f7e91..c849304f9e271 100644
--- a/ui/tests/acceptance/secrets/backend/kv/secret-test.js
+++ b/ui/tests/acceptance/secrets/backend/kv/secret-test.js
@@ -29,6 +29,18 @@ let writeSecret = async function (backend, path, key, val) {
   return editPage.createSecret(path, key, val);
 };
 
+let deleteEngine = async function (enginePath, assert) {
+  await logout.visit();
+  await authPage.login();
+  await consoleComponent.runCommands([`delete sys/mounts/${enginePath}`]);
+  const response = consoleComponent.lastLogOutput;
+  assert.equal(
+    response,
+    `Success! Data deleted (if it existed) at: sys/mounts/${enginePath}`,
+    'Engine successfully deleted'
+  );
+};
+
 module('Acceptance | secrets/secret/create', function (hooks) {
   setupApplicationTest(hooks);
 
@@ -527,18 +539,17 @@ module('Acceptance | secrets/secret/create', function (hooks) {
   });
 
   test('version 2 with no access to data but access to metadata shows metadata tab', async function (assert) {
+    assert.expect(5);
     let enginePath = 'kv-metadata-access-only';
-    let secretPath = 'kv-metadata-access-only-secret-name';
+    let secretPath = 'nested/kv-metadata-access-only-secret-name';
     const V2_POLICY = `
-      path "${enginePath}/metadata/*" {
-        capabilities = ["read", "update", "list"]
+      path "${enginePath}/metadata/nested/*" {
+        capabilities = ["read", "update"]
       }
     `;
     await consoleComponent.runCommands([
       `write sys/mounts/${enginePath} type=kv options=version=2`,
       `write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
-      // delete any kv previously written here so that tests can be re-run
-      `delete ${enginePath}/metadata/${secretPath}`,
       'write -field=client_token auth/token/create policies=kv-v2-degrade',
     ]);
 
@@ -547,15 +558,15 @@ module('Acceptance | secrets/secret/create', function (hooks) {
     await logout.visit();
     await authPage.login(userToken);
     await settled();
-    await click(`[data-test-auth-backend-link=${enginePath}]`);
-
-    await click(`[data-test-secret-link=${secretPath}]`);
-
+    await visit(`/vault/secrets/${enginePath}/show/${secretPath}`);
     assert.dom('[data-test-empty-state-title]').hasText('You do not have permission to read this secret.');
+    assert.dom('[data-test-secret-metadata-tab]').exists('Metadata tab exists');
     await editPage.metadataTab();
     await settled();
     assert.dom('[data-test-empty-state-title]').hasText('No custom metadata');
     assert.dom('[data-test-add-custom-metadata]').exists('it shows link to edit metadata');
+
+    await deleteEngine(enginePath, assert);
   });
 
   test('version 2: with metadata no read or list but with delete access and full access to the data endpoint', async function (assert) {