UI: Show correct nav items when in chroot namespace#24492
Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
| assert.deepEqual(this.service.get('globPaths'), PERMISSIONS_RESPONSE.data.glob_paths); | ||
| }); | ||
|
|
||
| test('returns true if a policy includes access to an exact path', function (assert) { |
There was a problem hiding this comment.
Reorganized these tests, so these are just moved to a module now
| assert.strictEqual(this.service.pathNameWithNamespace('sys/auth'), 'marketing/sys/auth'); | ||
| }); | ||
|
|
||
| test('appends the chroot and namespace when both present', function (assert) { |
There was a problem hiding this comment.
This test and the following ones are new
| if (this.canViewAll) { | ||
| return true; | ||
| } | ||
| const path = this.pathNameWithNamespace(pathName); |
There was a problem hiding this comment.
Moved this so we get a little better efficiency, skipping the method if canViewAll
|
Build Results: |
| } | ||
|
|
||
| get isRootNamespace() { | ||
| // should only return true if we're in the true root namespace |
There was a problem hiding this comment.
I'm still getting up to speed with the chroot situation - does true "root" mean root root?
Does this.currentCluster.hasChrootNamespace mean the user has a configured root namespace and so they will not have root as the base/parent namespace? So therefore configuring chroot and having root as a namespace are mutually exclusive?
Just looking for clarification so I understand 😅
There was a problem hiding this comment.
hasChrootNamespace means the Vault operator has set chroot_namespace to some value on the config of the given listener, and so the user does not have access to "true root" (which yes, is root namespace). So, even if the UI is in its top-most namespace, if chroot_namespace is configured it is not the true root.
Does that answer your question?
There was a problem hiding this comment.
Yes! I think so - I wanted to clarify that setting the chroot_namespace means that you are configuring the top namespace and so therefore root will NOT be a possible/accessible.
Thank you!
| assert.strictEqual(this.service.pathNameWithNamespace('/sys/auth'), 'admin/marketing/sys/auth'); | ||
| assert.strictEqual( | ||
| this.service.pathNameWithNamespace('/sys/policies/'), | ||
| 'admin/marketing/sys/policies/' |
There was a problem hiding this comment.
is this expected to have the path end in a /?
There was a problem hiding this comment.
In practice I haven't seen it, but I wanted to make sure it was preserved in case it's important in some undocumented case
hellobontempo
left a comment
hellobontempo
left a comment
There was a problem hiding this comment.
Mostly clarifying questions! 🚢
3 participants
This PR handles the necessary updates to enable a user logged in on a chrooted namespace listener to see their correct nav items. This depends on backend work in 1.16 (backported to 1.15.5) which adds
chroot_namespacekey to theresultant-aclendpoint.