ui: Always show main navigation Key/Value link #10916
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently there is no way for us to use our HTTP authorization API endpoint to tell us whether a user has access to any KVs (including the case where a user may not have access to the root KV store, but do have access to a sub item) This is a little weird still as in the above case the user would click on this link and still get a 403 for the root, and then have to manually type in the URL for the KV they do have access to. Despite this we think this change makes sense as at least something about KV is visible in the main navigation. Once we have the ability to know if any KVs are accessible, we can add this guard back in. We'd initially just removed the logic around the button, but then noticed there may be further related KV issues due to the nexted nature of KVs so we finally decided on simply ignoring the responses from the HTTP API, essentially reverting the KV area back to being a thin client. This means when things are revisted in the backend we can undo this easily change in one place.
johncowen
force-pushed
the
ui/bugfix/enable-kv-main-nav
branch
from
8a346b8
to
246e45a
Compare
|
Test needs to be update to see kvs on navigation. |
|
|
johncowen
force-pushed
the
ui/bugfix/enable-kv-main-nav
branch
from
4455ac8
to
7b0c3aa
Compare
|
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/453533. |
|
🍒✅ Cherry pick of commit cf638ee onto |
hc-github-team-consul-core
pushed a commit
that referenced
this pull request
Sep 22, 2021
* ui: Ignore response from API for KV permissions Currently there is no way for us to use our HTTP authorization API endpoint to tell us whether a user has access to any KVs (including the case where a user may not have access to the root KV store, but do have access to a sub item) This is a little weird still as in the above case the user would click on this link and still get a 403 for the root, and then have to manually type in the URL for the KV they do have access to. Despite this we think this change makes sense as at least something about KV is visible in the main navigation. Once we have the ability to know if any KVs are accessible, we can add this guard back in. We'd initially just removed the logic around the button, but then noticed there may be further related KV issues due to the nested nature of KVs so we finally decided on simply ignoring the responses from the HTTP API, essentially reverting the KV area back to being a thin client. This means when things are revisited in the backend we can undo this easily change in one place. * Move acceptance tests to use ACLs perms instead of KV ones
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)
This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.
Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.
Once we have the ability to know if any KVs are accessible, we can add
this guard back in.
We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisted in the backend we can undo this
change easily in one place.