From 82c2281cef82e340f094e7b4b880dd01e8405907 Mon Sep 17 00:00:00 2001
From: Valeriia Ruban <valeriia.ruban@hashicorp.com>
Date: Fri, 1 Sep 2023 11:05:32 -0700
Subject: [PATCH] feat: Change global-read-only policy to non editable (#18602)

---
 ui/packages/consul-ui/app/abilities/policy.js |  3 +-
 .../components/consul/policy/list/index.hbs   | 14 ++++++---
 .../consul-ui/app/helpers/policy/typeof.js    |  3 ++
 .../app/templates/dc/acls/policies/edit.hbs   | 29 +++++++++++++------
 .../consul-ui/mock-api/v1/acl/policies        | 17 +++++++++++
 .../consul-ui/mock-api/v1/acl/policy/_        |  2 +-
 .../dc/acls/policies/view-read-only.feature   | 20 +++++++++++++
 .../dc/acls/policies/view-read-only-steps.js  | 15 ++++++++++
 .../integration/helpers/policy/typeof-test.js | 10 ++++---
 9 files changed, 94 insertions(+), 19 deletions(-)
 create mode 100644 ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature
 create mode 100644 ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js

diff --git a/ui/packages/consul-ui/app/abilities/policy.js b/ui/packages/consul-ui/app/abilities/policy.js
index 4c7ee5a32d..b8d274f7b6 100644
--- a/ui/packages/consul-ui/app/abilities/policy.js
+++ b/ui/packages/consul-ui/app/abilities/policy.js
@@ -20,7 +20,8 @@ export default class PolicyAbility extends BaseAbility {
   get canWrite() {
     return (
       this.env.var('CONSUL_ACLS_ENABLED') &&
-      (typeof this.item === 'undefined' || typeOf([this.item]) !== 'policy-management') &&
+      (typeof this.item === 'undefined' ||
+        !['policy-management', 'read-only'].includes(typeOf([this.item]))) &&
       super.canWrite
     );
   }
diff --git a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
index 2674f08849..3b98501aa2 100644
--- a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
@@ -8,13 +8,19 @@
   @items={{@items}}
 as |item|>
     <BlockSlot @name="header">
-{{#if (eq (policy/typeof item) 'policy-management')}}
+{{#if (or (eq (policy/typeof item) 'policy-management') (eq (policy/typeof item) 'read-only'))}}
         <dl class="policy-management">
           <dt>Type</dt>
           <dd>
-            <Tooltip>
-              Global Management Policy
-            </Tooltip>
+            {{#if (eq (policy/typeof item) 'policy-management')}}
+              <Tooltip>
+                Global Management Policy
+              </Tooltip>
+            {{else}}
+              <Tooltip>
+                Global Read-only Policy
+              </Tooltip>
+            {{/if}}
           </dd>
         </dl>
 {{/if}}
diff --git a/ui/packages/consul-ui/app/helpers/policy/typeof.js b/ui/packages/consul-ui/app/helpers/policy/typeof.js
index b2d1c3d5cb..b2de3db52f 100644
--- a/ui/packages/consul-ui/app/helpers/policy/typeof.js
+++ b/ui/packages/consul-ui/app/helpers/policy/typeof.js
@@ -6,6 +6,7 @@
 import { helper } from '@ember/component/helper';
 import { get } from '@ember/object';
 const MANAGEMENT_ID = '00000000-0000-0000-0000-000000000001';
+const READ_ONLY_ID = '00000000-0000-0000-0000-000000000002';
 export function typeOf(params, hash) {
   const item = params[0];
   const template = get(item, 'template');
@@ -18,6 +19,8 @@ export function typeOf(params, hash) {
       return 'policy-node-identity';
     case get(item, 'ID') === MANAGEMENT_ID:
       return 'policy-management';
+    case get(item, 'ID') === READ_ONLY_ID:
+      return 'read-only';
     default:
       return 'policy';
   }
diff --git a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
index 230723e746..d3a076fd09 100644
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
@@ -75,15 +75,26 @@ as |dc partition nspace id item create|}}
             </dl>
         </div>
   {{/if}}
-  {{#if (eq (policy/typeof item) 'policy-management')}}
-    <Hds::Alert @type="inline" @icon="star-fill" class="mb-3 mt-2" as |A|>
-      <A.Title>Management</A.Title>
-      <A.Description>This global-management token is built into Consul's policy system. You can apply this special policy to tokens for full access. This policy is not editable or removeable, but can be ignored by not applying it to any tokens.</A.Description>
-      <A.Link::Standalone @text='Learn more'
-                          @href="{{env 'CONSUL_DOCS_URL'}}/guides/acl.html#builtin-policies"
-                          @icon='docs-link'
-                          @iconPosition='trailing' />
-    </Hds::Alert>
+  {{#if (or (eq (policy/typeof item) 'policy-management') (eq (policy/typeof item) 'read-only'))}}
+    {{#if (eq (policy/typeof item) 'policy-management')}}
+      <Hds::Alert @type="inline" @icon="star-fill" class="mb-3 mt-2" as |A|>
+        <A.Title>Management</A.Title>
+        <A.Description>This global-management token is built into Consul's policy system. You can apply this special policy to tokens for full access. This policy is not editable or removeable, but can be ignored by not applying it to any tokens.</A.Description>
+        <A.Link::Standalone @text='Learn more'
+                            @href="{{env 'CONSUL_DOCS_URL'}}/guides/acl.html#builtin-policies"
+                            @icon='docs-link'
+                            @iconPosition='trailing' />
+      </Hds::Alert>
+    {{else}}
+      <Hds::Alert @type="inline" @icon="star-fill" class="mb-3 mt-2" as |A|>
+        <A.Title>Built-in policy</A.Title>
+        <A.Description>This global-read-only policy is built into Consul's policy system. You can apply this special policy to tokens for read-only access to all Consul components. This policy is not editable or removable, but can be ignored by not applying it to any tokens.</A.Description>
+        <A.Link::Standalone @text='Learn more'
+                            @href="{{env 'CONSUL_DOCS_URL'}}/guides/acl.html#builtin-policies"
+                            @icon='docs-link'
+                            @iconPosition='trailing' />
+      </Hds::Alert>
+    {{/if}}
     <div class="definition-table">
       <dl>
         <dt>Name</dt>
diff --git a/ui/packages/consul-ui/mock-api/v1/acl/policies b/ui/packages/consul-ui/mock-api/v1/acl/policies
index db1264b1f6..2c1a1487cc 100644
--- a/ui/packages/consul-ui/mock-api/v1/acl/policies
+++ b/ui/packages/consul-ui/mock-api/v1/acl/policies
@@ -29,6 +29,23 @@ ${typeof location.search.partition !== 'undefined' ? `
             }
           `
         }
+        if(i === 2) {
+          return `
+            {
+              "ID": "00000000-0000-0000-0000-000000000002",
+              "Name": "global-read-only",
+${typeof location.search.ns !== 'undefined' ? `
+              "Namespace": "${location.search.ns}",
+` : ``}
+${typeof location.search.partition !== 'undefined' ? `
+            "Partition": "${location.search.partition}",
+` : ``}
+              "Description": "Built-In Read-only Policy",
+              "CreateIndex": 10,
+              "ModifyIndex": 10
+            }
+          `
+        }
         return `
           {
             "ID": "${fake.random.uuid()}",
diff --git a/ui/packages/consul-ui/mock-api/v1/acl/policy/_ b/ui/packages/consul-ui/mock-api/v1/acl/policy/_
index a442f70f1f..810c6d1646 100644
--- a/ui/packages/consul-ui/mock-api/v1/acl/policy/_
+++ b/ui/packages/consul-ui/mock-api/v1/acl/policy/_
@@ -11,6 +11,6 @@ ${ location.pathname.get(3) !== '00000000-0000-0000-0000-000000000001' ? `
   policy = "write"
 }`)},
 ` : "" }
-  "Name": "${location.pathname.get(3) === '00000000-0000-0000-0000-000000000001' ? 'global-management' : fake.hacker.noun() + '-policy'}"
+  "Name": "${location.pathname.get(3) === '00000000-0000-0000-0000-000000000001' ? 'global-management' : location.pathname.get(3) === '00000000-0000-0000-0000-000000000002' ? 'global-read-only': fake.hacker.noun() + '-policy'}"
 }
 
diff --git a/ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature b/ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature
new file mode 100644
index 0000000000..8887815cbb
--- /dev/null
+++ b/ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature
@@ -0,0 +1,20 @@
+@setupApplicationTest
+Feature: dc / acls / policies / view read-only policy: Readonly management policy
+  Background:
+    Given 1 datacenter model with the value "datacenter"
+    And 1 policy model from yaml
+    ---
+      ID: 00000000-0000-0000-0000-000000000002
+    ---
+  Scenario:
+    When I visit the policy page for yaml
+    ---
+      dc: datacenter
+      policy: 00000000-0000-0000-0000-000000000002
+    ---
+    Then the url should be /datacenter/acls/policies/00000000-0000-0000-0000-000000000002
+    Then I see the text "View Policy" in "h1"
+    Then I don't see confirmDelete
+    Then I don't see cancel
+    And I see tokens
+
diff --git a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js
new file mode 100644
index 0000000000..34296881e7
--- /dev/null
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js
@@ -0,0 +1,15 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import steps from '../../../steps';
+
+// step definitions that are shared between features should be moved to the
+// tests/acceptance/steps/steps.js file
+
+export default function (assert) {
+  return steps(assert).then('I should find a file', function () {
+    assert.ok(true, this.step);
+  });
+}
diff --git a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
index e230744cae..ad5c9b08f0 100644
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
@@ -11,12 +11,14 @@ import hbs from 'htmlbars-inline-precompile';
 module('Integration | Helper | policy/typeof', function (hooks) {
   setupRenderingTest(hooks);
 
-  // Replace this with your real tests.
-  test('it renders', async function (assert) {
-    this.set('inputValue', '1234');
+  test('it renders read-only cluster', async function (assert) {
+    this.set('inputValue', {
+      ID: '00000000-0000-0000-0000-000000000002',
+      template: 'some-template',
+    });
 
     await render(hbs`{{policy/typeof inputValue}}`);
 
-    assert.equal(this.element.textContent.trim(), 'role');
+    assert.equal(this.element.textContent.trim(), 'read-only');
   });
 });