ui: Always show main navigation Key/Value link (#10916)

* ui: Ignore response from API for KV permissions

Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)

This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.

Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.

Once we have the ability to know if any KVs are accessible, we can add
this guard back in.

We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisited in the backend we can undo this
easily change in one place.

* Move acceptance tests to use ACLs perms instead of KV ones
This commit is contained in:
John Cowen 2021-09-22 18:23:59 +01:00 committed by GitHub
parent 1e3ba26223
commit cf638ee551
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 34 additions and 3 deletions

4
.changelog/10916.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:bug
ui: Ignore reported permissions for KV area meaning the KV is always enabled
for both read/write access if the HTTP API allows.
```

View File

@ -10,4 +10,15 @@ export default class KVAbility extends BaseAbility {
} }
return resources; return resources;
} }
get canRead() {
return true;
}
get canList() {
return true;
}
get canWrite() {
return true;
}
} }

View File

@ -11,6 +11,21 @@ Feature: dc / acls / tokens / index: ACL Token List
Then the url should be /dc-1/acls/tokens Then the url should be /dc-1/acls/tokens
And the title should be "Tokens - Consul" And the title should be "Tokens - Consul"
Then I see 3 token models Then I see 3 token models
Scenario: Viewing tokens with no write access
Given 1 datacenter model with the value "dc-1"
And 3 token models
And permissions from yaml
---
acl:
write: false
---
When I visit the tokens page for yaml
---
dc: dc-1
---
Then the url should be /dc-1/acls/tokens
And I don't see create
Scenario: Searching the tokens Scenario: Searching the tokens
Given 1 datacenter model with the value "dc-1" Given 1 datacenter model with the value "dc-1"
And 4 token models from yaml And 4 token models from yaml

View File

@ -10,6 +10,7 @@ Feature: dc / kvs / index
Then the url should be /dc-1/kv Then the url should be /dc-1/kv
And the title should be "Key / Value - Consul" And the title should be "Key / Value - Consul"
Then I see 3 kv models Then I see 3 kv models
@ignore
Scenario: Viewing kvs with no write access Scenario: Viewing kvs with no write access
Given 1 datacenter model with the value "dc-1" Given 1 datacenter model with the value "dc-1"
And 3 kv models And 3 kv models

View File

@ -16,18 +16,18 @@ Feature: navigation-links: Main Navigation link visibility
Allow: true Allow: true
- Resource: key - Resource: key
Access: read Access: read
Allow: false Allow: true
- Resource: intention - Resource: intention
Access: read Access: read
Allow: true Allow: true
- Resource: acl - Resource: acl
Access: read Access: read
Allow: true Allow: false
--- ---
When I visit the services page for yaml When I visit the services page for yaml
--- ---
dc: dc-1 dc: dc-1
--- ---
Then I see services on the navigation Then I see services on the navigation
Then I don't see kvs on the navigation Then I don't see roles on the navigation