UI: Add password field to static role creation page#30275
Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
| {{else}} | ||
| <InfoTableRow | ||
| @alwaysRender={{true}} | ||
| @alwaysRender={{(not (eq attr.name "password"))}} |
There was a problem hiding this comment.
This is for conditionally hiding the password field on the details view, without removing it from the attrs
Not sure if there's a better way to do this?
There was a problem hiding this comment.
We shouldn't really need to do this. If it's not returned from the API then it shouldn't show. I suspect we're solving the issue of state problems here, is that correct (e.g. this field is removed on refresh of the details view)? If that's the case, let's do a follow up PR to address this issue.
There was a problem hiding this comment.
It still shows because its part of the attrs array of a role,
but because the API doesn't return a value, it'll just be blank so it looks like this (even on refresh):
i can remove this if we're okay with showing the password like that^
| <ReadonlyFormField @attr={{attr}} @value={{get @model attr.name}} /> | ||
| {{/if}} | ||
| {{! disable password field on edit once password has been rotated }} | ||
| {{else if (and (eq attr.name "password") (not (eq (get @model "last_vault_rotation") undefined)))}} |
There was a problem hiding this comment.
if last_vault_rotation is present, then the password can't be edited, ie. read-only field
when the role hasnt been rotated yet, 'last_vault_rotation' isn't returned in response and will render as normal
|
Build Results: |
| @@ -135,6 +137,12 @@ export default class RoleModel extends Model { | |||
| }) | |||
| skip_import_rotation; | |||
|
|
|||
There was a problem hiding this comment.
I would imagine that this field is actually not editType password. Instead, it should be sensitive—see example here. The difference is that password fields (only used once that I can see) is old and not really something we should support in form-fields. Imagine a password field as something you login with. Sensitive fields by contrast are masked as you input them but allow you to toggle the view which is helpful when trying to set something.
| <ReadonlyFormField @attr={{attr}} @value={{get @model attr.name}} /> | ||
| {{/if}} | ||
| {{else if (and (eq @mode "edit") (eq attr.name "password"))}} | ||
| {{! password field is disabled on edit once password has been rotated }} |
There was a problem hiding this comment.
Could you move this comment to the line right above @disabled so it's a tad clearer what it's referring to. Upon first read if reads as if this comment is relevant to the use of EnableInput.
|
|
||
| * @param {object} [attr] - used to generate label for `ReadonlyFormField`, `name` key is required. Can be an attribute from a model exported with expandAttributeMeta. | ||
| * @param {string} [label] - required if no attr passed. Used to ensure a11y conformance for the readonly input. | ||
| * @param {boolean} [disabled] - to be used in specific scenarios where a user can visually see but not interact with the input field. ie. disabling a field on edit |
There was a problem hiding this comment.
To indicate it's false by default in the docs you can do something like
| * @param {boolean} [disabled] - to be used in specific scenarios where a user can visually see but not interact with the input field. ie. disabling a field on edit | |
| * @param {boolean} [disabled=false] - to be used in specific scenarios where a user can visually see but not interact with the input field. ie. disabling a field on edit |
| await render(hbs`<DatabaseRoleEdit @model={{this.modelStatic}} @mode="create"/>`); | ||
| await fillIn('[data-test-ttl-value="Rotation period"]', '2'); | ||
| await click('[data-test-toggle-input="toggle-skip_import_rotation"]'); | ||
| await fillIn('[data-test-input="password"]', 'testPassword'); // fill in password field |
There was a problem hiding this comment.
can you use the general selectors here? I know it's not used elsewhere, but moving forward, we are slowly (very slowly) trying to implement this pattern.
|
|
||
| await render(hbs`<DatabaseRoleEdit @model={{this.modelStatic}} @mode="show"/>`); | ||
| assert.dom('[data-test-value-div="Rotate immediately"]').containsText('No'); | ||
| assert.dom('[data-test-value="Password"]').doesNotExist(); // verify password field doesn't show on details view |
There was a problem hiding this comment.
Same comment here, if these selectors already exists in general-selectors, replace them with that pattern.
Monkeychip
left a comment
Monkeychip
left a comment
There was a problem hiding this comment.
Left a couple of comments. Nice work!
Monkeychip
left a comment
Monkeychip
left a comment
There was a problem hiding this comment.
Nice work! Thank you.
* adding password to static roles * adding check for password rotation to disable password edit * update field type and tests * adding changelog * replacing readonly with enableinput, added disable arg, test updates * update to unless * PR comments
2 participants
Description
What does this PR do?
--- user is able to edit a set password as long as it hasn't been rotated yet
--- user is unable to edit a password / password field is disabled once the role has been rotated
Screen.Recording.2025-04-17.at.6.51.42.PM.mov
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.