-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
change: [M3-7729] - Improve UX of Personal Access Token and Access Key drawers #10338
change: [M3-7729] - Improve UX of Personal Access Token and Access Key drawers #10338
Conversation
3a94ec1
to
5bb8095
Compare
3438391
to
cee94ab
Compare
| { label: FormState['label'] } | ||
| { label: FormState['label']; regions: FormState['regions'] } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Linter.
!hasLabelOrRegionsChanged(formik.values, objectStorageKey)) || | ||
(mode === 'creating' && | ||
limitedAccessChecked && | ||
!hasAccessBeenSelectedForAllBuckets(formik.values.bucket_access)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Disables the Create button if some buckets have limited access and their scope selections have not been made.
packages/manager/src/features/Profile/APITokens/CreateAPITokenDrawer.tsx
Outdated
Show resolved
Hide resolved
@@ -97,7 +99,7 @@ export const CreateAPITokenDrawer = (props: Props) => { | |||
const initialValues = { | |||
expiry: expiryTups[0][1], | |||
label: '', | |||
scopes: scopeStringToPermTuples(''), | |||
scopes: scopeStringToPermTuples('', true), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For isCreateFlow
param, to determine permission default values.
Coverage Report: β
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
- Confirming on visual changes on OBJ Access key drawer.
- Able to create / update limited access key.
- Create a Personal Access Token
@mjac0bs Hold on my approval, I think we should find a way to control default behavior of radio buttons with out diverging form API. I think there is an opportunity for little bit cleanup. I will take a deeper look later today. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From the PR description: "The submit button is disabled until every scope has a selection made" -- is this the case for the PAT drawer currently? I'm observing this:
Co-authored-by: Dajahi Wiley <114682940+dwiley-akamai@users.noreply.github.com>
I really liked how we set all scopes to "None" by default in the old flow. I feel like this new UX creates slightly more work and confusion for the user. For example if they fill out the form as shown in the screenshot, what will the expected behavior be? I don't think it's obvious to the user what permission will be set of the unselected scopes. I think defaulting to "No Access" makes a lot of sense. This new flow also requires more clicks / interaction from the user. I assume UX's argument is that they want the choices to be intentional. This is kind of fair, but I think it will create more work for the average user. This is speculation, but there's probably two types of users who create PATs.
Additionally, If a user wants to create a PAT with zero scopes, I think we should let them π€· I'm curious as to what prompted the change to have no defaults and if users had complaints / issues with the way it currently works. Just my thoughts, they can be completely ignored if I'm the only one who feels this way. |
@bnussman-akamai - There's some history to this one. We used to default to "Read Write", rather than "No Access"/"None". The new default was a fairly recent change requested for security best practices that got rolled into some Parent/Child updates. Once we implemented that change, we received some reports that (internal, though I imagine there were also external) users were mistakenly creating useless keys because they didn't realize that the default had changed to "No Access"/"None". In the internal ticket, I linked a thread with some discussion on this, but we've got UX and backend folks on board with this solution: defaulting to no selections and disabling the button until the required selections have been made.
You're right that this was confusing, and it was unintended. Thanks to you and Dajahi for pointing it out; I fixed this in 5e8b3e8. If we feel reason for the disabled button is not obvious to the user, we could add a help tooltip to the disabled button, but I'm not sure it's necessary.
DX did say there's potentially a legit use-case for this, so it will remain possible like it is today, it will just require the user to Select "No Access" for all scopes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the history and context!
Changes look good β
@@ -52,6 +56,11 @@ export interface AccessKeyDrawerProps { | |||
open: boolean; | |||
} | |||
|
|||
// Access key scopes displayed in the drawer can have no permission or "No Access" selected, which are not valid API permissions. | |||
export interface DisplayedAccessKeyScope extends Omit<Scope, 'permissions'> { | |||
permissions: AccessType | null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cpathipa I looked into also removing 'none'
from the AccessType, but it required more clean up in the original AccessKeyDrawer files, which I wanted to avoid touching since they will be soon deprecated. I did create the new interface here for the null
value displayed scopes in the OMC drawer and can create a follow up ticket (edit: M3-8003) for correcting the AccessType to only the API's values once we switch to fully OMC components.
Description π
Based on discussion in cafe, we want to make a couple of improvements to the Personal Access Token and OBJ Access Key drawers to prevent users from unintentionally limiting their access (e.g. creating a PAT with all scopes set to None), while forcing the user to make a conscious decision about the access selections that they make.
Note:
AccessKeyDrawer.tsx
is going to be deprecated as a component once OBJ Multi-Cluster is live, so updates are limited to the OMC bucket access keys components.Changes π
In both the Create PAT Drawer and Create OBJ Access Key Drawer:
Note: If anyone has suggestions on how to fix the padding for the Read/Write column, I'd appreciate it! Other than making the PAT drawer wide, I haven't been able to find a way to add spacing to that column that actually works with the table
display
CSS properties.Preview π·
Screen.Recording.2024-04-09.at.12.02.05.PM.mov
Screen.Recording.2024-04-09.at.10.58.58.AM.mov
How to test π§ͺ
Reproduction steps
(How to reproduce the issue, if applicable)
Verification steps
(How to verify changes)
yarn up
.*
(all scopes).bucket_access: []
empty arraybucket_access: null
bucket_access : [{....}]
As an Author I have considered π€
Check all that apply