add basic routes for secrets recovery#31412
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
There was a problem hiding this comment.
Great work! I left some minor suggestions, and here's a draft PR of some small file changes for the routing, thought it'd be easier to explain file structure stuff paired with the relevant file 😄
ui/app/components/recovery.hbs
Outdated
| @@ -0,0 +1,3 @@ | |||
| {{#if this.isNotProduction}} | |||
| {{yield}} | |||
There was a problem hiding this comment.
Since there's logic wrapping the sidenav link and the route itself, I don't think we also need a check in the component.
Is there a need for a component like this? The titles are mostly the same between views, except for the load form. I have a small re-filing suggestion but I'll open a PR to demonstrate since I think it might be easier to explain that way
There was a problem hiding this comment.
I don't think so. I've gone ahead and removed it
| data-test-sidebar-nav-link="Secrets Sync" | ||
| /> | ||
| {{/if}} | ||
| {{#if this.showSecretsRecovery}} |
There was a problem hiding this comment.
Could we rename this to isNotProduction since I think this name could easily be confused for production code since we may eventually have logic here that hides this route for various cluster states (like DR secondary)
| } | ||
|
|
||
| // TODO remove conditional once further feature work for single item recovery for release 1.21 is completed | ||
| get showSecretsRecovery() { |
There was a problem hiding this comment.
Thank you for adding the comment above! Same comment about naming here 😄
ui/app/router.js
Outdated
| if (config.environment !== 'production') { | ||
| this.route('recovery', function () { | ||
| this.route('snapshots', function () { | ||
| this.route('load'); | ||
| this.route('snapshot', function () { | ||
| this.route('manage'); | ||
| }); | ||
| }); | ||
| }); | ||
| } |
There was a problem hiding this comment.
I think it might be a little more intuitive if this was moved to below sync on line 19) so it sort of follows the sidebar nav order and makes it easier to find.
It's also hard to tell is the diff, but it looks like this is nested correctly so cluster is the immediate parent.
|
|
||
| import Route from '@ember/routing/route'; | ||
|
|
||
| export default class VaultClusterRecoveryRoute extends Route {} |
There was a problem hiding this comment.
Definitely a nit, but we typically drop VaultCluster from the route class name for brevity
|
|
||
| import Route from '@ember/routing/route'; | ||
|
|
||
| export default class VaultClusterRecoverySnapshotsRoute extends Route {} |
There was a problem hiding this comment.
| export default class VaultClusterRecoverySnapshotsRoute extends Route {} | |
| export default class RecoverySnapshotsRoute extends Route {} |
ui/app/router.js
Outdated
| this.route('snapshot', function () { | ||
| this.route('manage'); | ||
| }); |
There was a problem hiding this comment.
In the RFC we had talked about this segment of the URL being a dynamic param called snapshot_id (As an aside, it's a good practice to have the url param - snapshot_id - match the param we'll use from the API.)
In practice, this means that buttons or actions that navigate to manage a snapshot would look something like:
const snapshot_id = 1234
this.router.transitionTo('recovery.snapshots.snapshot', snapshot_id)If this is still the plan we'll need to define the path (docs) for the dynamic segment here. I'm also wondering if manage is even necessary 🤔 Part of me thinks we should just get rid of the child route since right now it's just a single view to either read or recover items. We could have the "read" view just live at snapshot. If doing more things with a snapshot becomes a thing we can always extend it in the future. What do you think?
| this.route('snapshot', function () { | |
| this.route('manage'); | |
| }); | |
| this.route('snapshot', { path: '/:snapshot_id } ) |
There was a problem hiding this comment.
Yep, didn't mean to leave that out! I've added the dynamic param and removed the manage route for the time being. It'll be easy to add back in later if we decide we need it.
| SPDX-License-Identifier: BUSL-1.1 | ||
| }} | ||
|
|
||
| <Recovery::Page::Snapshots::Snapshot::Manage /> No newline at end of file |
There was a problem hiding this comment.
If you agree with my routing comment above, we'll want to remember to rename this file to recovery/snapshots/snapshot.hbs (It could also just be snapshot.hbs but I kind of like when the "base" route is named index
And the page component renamed so it's: <Recovery::Page::Snapshots::Snapshot />
|
Build Results: |
| }); | ||
| }); | ||
|
|
||
| test('it should hide links and headings user does not have access too', async function (assert) { |
| assert | ||
| .dom('[data-test-sidebar-nav-link]') | ||
| .exists({ count: 2 }, 'Nav links are hidden other than secrets and dashboard'); | ||
| .exists({ count: 3 }, 'Nav links are hidden other than secrets, recovery and dashboard'); |
There was a problem hiding this comment.
maybe add a todo since this will change, we'll want to gate these in the has-permission helper? Or we could update the helper api path map with the relevant routes and wrap the sidenav link now - up to you :)
emoncuso
left a comment
emoncuso
left a comment
There was a problem hiding this comment.
Looks good to me! Just double check this works as expected when built for production, but otherwise good to go.
Thanks for adding a test to check visibility
|
|
||
| import Component from '@glimmer/component'; | ||
| import { service } from '@ember/service'; | ||
| import config from 'vault/config/environment'; |
There was a problem hiding this comment.
Oh cool, so this acts as a sort of development feature flag. Good idea!
(This can be in a separate PR) but this could be formalized a bit and drawn into a helper so you don't need the getter every time.
There was a problem hiding this comment.
Yeah this is definitely a new pattern to use the environment state like this. But with the new release cycle, I foresee us developing more iteratively instead of relying on sidebranches so it would make sense to make an app-wide helper!
| this.mount('config-ui'); | ||
| this.mount('sync'); | ||
| // TODO remove conditional once further feature work for single item recovery for release 1.21 is completed | ||
| if (config.environment !== 'production') { |
There was a problem hiding this comment.
The router is a special place in ember land. You might want to double check that nothing weird happens once you build this for prod.
There was a problem hiding this comment.
This is how we've been rendering the docfy docs, so far nothing weird has been reported 🙃
| // TODO remove conditional once further feature work for single item recovery for release 1.21 is completed | ||
| if (config.environment !== 'production') { | ||
| this.route('recovery', function () { | ||
| this.route('snapshots', function () { |
There was a problem hiding this comment.
[Optional] - It's 100% superflous, but I think it's nice to explicitly call out the index route in the router. I know it'd be diverent pattern in this file, but it's nice to see that there's something there at the default /
| this.route('snapshots', function () { | |
| this.route('snapshots', function () { | |
| this.route('index', { path: '/' }); |
There was a problem hiding this comment.
Lol yeah I definitely advised against this since ember docs callout it's not necessary so feels overly verbose. Plus if we explicitly defined an index route for every index that would make our router file huge and it's already a challenge to parse
3 participants
Description
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.
PCI review checklist
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.