From bbda60f867dd878c56331c65eb1b6908246e7832 Mon Sep 17 00:00:00 2001 From: hashishaw Date: Mon, 6 Jun 2022 13:18:53 -0500 Subject: [PATCH 1/4] Update path that metadata tab checks capabilities against --- ui/app/components/secret-edit.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ui/app/components/secret-edit.js b/ui/app/components/secret-edit.js index 9b413d74691e..65b3f29d9cc2 100644 --- a/ui/app/components/secret-edit.js +++ b/ui/app/components/secret-edit.js @@ -78,8 +78,9 @@ export default class SecretEdit extends Component { if (!context.args.model || !context.isV2) { return; } - let backend = context.args.model.backend; - let path = `${backend}/metadata/`; + const backend = context.args.model.backend; + const id = context.args.model.id; + const path = `${backend}/metadata/${id}`; return { id: path, }; From e292180df80bc2794941c1b6f09259af5774843d Mon Sep 17 00:00:00 2001 From: hashishaw Date: Mon, 6 Jun 2022 13:30:17 -0500 Subject: [PATCH 2/4] Add changelog --- changelog/15824.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/15824.txt diff --git a/changelog/15824.txt b/changelog/15824.txt new file mode 100644 index 000000000000..9d9708f0a97b --- /dev/null +++ b/changelog/15824.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Fix issue where metadata tab is hidden even though policy grants access +``` From 36b35b76b9ed0405b8e176a50ed416b5b51e3a75 Mon Sep 17 00:00:00 2001 From: hashishaw Date: Mon, 6 Jun 2022 16:17:39 -0500 Subject: [PATCH 3/4] Update test to handle this case --- .../secrets/backend/kv/secret-test.js | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/ui/tests/acceptance/secrets/backend/kv/secret-test.js b/ui/tests/acceptance/secrets/backend/kv/secret-test.js index 8f80b752691e..0b34ddfdbcbc 100644 --- a/ui/tests/acceptance/secrets/backend/kv/secret-test.js +++ b/ui/tests/acceptance/secrets/backend/kv/secret-test.js @@ -29,6 +29,18 @@ let writeSecret = async function (backend, path, key, val) { return editPage.createSecret(path, key, val); }; +let deleteEngine = async function (enginePath, assert) { + await logout.visit(); + await authPage.login(); + await consoleComponent.runCommands([`delete sys/mounts/${enginePath}`]); + const response = consoleComponent.lastLogOutput; + assert.equal( + response, + `Success! Data deleted (if it existed) at: sys/mounts/${enginePath}`, + 'Engine successfully deleted' + ); +}; + module('Acceptance | secrets/secret/create', function (hooks) { setupApplicationTest(hooks); @@ -528,18 +540,17 @@ module('Acceptance | secrets/secret/create', function (hooks) { }); test('version 2 with no access to data but access to metadata shows metadata tab', async function (assert) { + assert.expect(5); let enginePath = 'kv-metadata-access-only'; - let secretPath = 'kv-metadata-access-only-secret-name'; + let secretPath = 'nested/kv-metadata-access-only-secret-name'; const V2_POLICY = ` - path "${enginePath}/metadata/*" { - capabilities = ["read", "update", "list"] + path "${enginePath}/metadata/nested/*" { + capabilities = ["read", "update"] } `; await consoleComponent.runCommands([ `write sys/mounts/${enginePath} type=kv options=version=2`, `write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`, - // delete any kv previously written here so that tests can be re-run - `delete ${enginePath}/metadata/${secretPath}`, 'write -field=client_token auth/token/create policies=kv-v2-degrade', ]); @@ -548,15 +559,15 @@ module('Acceptance | secrets/secret/create', function (hooks) { await logout.visit(); await authPage.login(userToken); await settled(); - await click(`[data-test-auth-backend-link=${enginePath}]`); - - await click(`[data-test-secret-link="${secretPath}"]`); - + await showPage.visit({ backend: enginePath, id: secretPath }); assert.dom('[data-test-empty-state-title]').hasText('You do not have permission to read this secret.'); + assert.dom('[data-test-secret-metadata-tab]').exists('Metadata tab exists'); await editPage.metadataTab(); await settled(); assert.dom('[data-test-empty-state-title]').hasText('No custom metadata'); assert.dom('[data-test-add-custom-metadata]').exists('it shows link to edit metadata'); + + await deleteEngine(enginePath, assert); }); test('version 2: with metadata no read or list but with delete access and full access to the data endpoint', async function (assert) { From 025a48b7198aec627d32a852004252e4b1241c22 Mon Sep 17 00:00:00 2001 From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Date: Tue, 7 Jun 2022 10:29:32 -0500 Subject: [PATCH 4/4] Fix tests url Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> --- ui/tests/acceptance/secrets/backend/kv/secret-test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/tests/acceptance/secrets/backend/kv/secret-test.js b/ui/tests/acceptance/secrets/backend/kv/secret-test.js index 0b34ddfdbcbc..65055ff49b2e 100644 --- a/ui/tests/acceptance/secrets/backend/kv/secret-test.js +++ b/ui/tests/acceptance/secrets/backend/kv/secret-test.js @@ -559,7 +559,7 @@ module('Acceptance | secrets/secret/create', function (hooks) { await logout.visit(); await authPage.login(userToken); await settled(); - await showPage.visit({ backend: enginePath, id: secretPath }); + await visit(`/vault/secrets/${enginePath}/show/${secretPath}`); assert.dom('[data-test-empty-state-title]').hasText('You do not have permission to read this secret.'); assert.dom('[data-test-secret-metadata-tab]').exists('Metadata tab exists'); await editPage.metadataTab();