Backport of feat: Change global-read-only policy to non editable into release/1.16.x (#18749)

* backport of commit 9c44587f1aad116d852bc41f51ec52724bbee4fc --------- Co-authored-by: valeriia-ruban <valeriia.ruban@hashicorp.com>
2023-09-11 16:13:19 -05:00 · 2023-09-11 16:13:19 -05:00 · 32dcc15aa8
parent 037cf8f44b
commit 32dcc15aa8
9 changed files with 94 additions and 19 deletions
--- a/ui/packages/consul-ui/app/abilities/policy.js
+++ b/ui/packages/consul-ui/app/abilities/policy.js
@ -20,7 +20,8 @@ export default class PolicyAbility extends BaseAbility {
  get canWrite() {
    return (
      this.env.var('CONSUL_ACLS_ENABLED') &&
-      (typeof this.item === 'undefined' || typeOf([this.item]) !== 'policy-management') &&
+      (typeof this.item === 'undefined' ||
+        !['policy-management', 'read-only'].includes(typeOf([this.item]))) &&
      super.canWrite
    );
  }
--- a/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
+++ b/ui/packages/consul-ui/app/components/consul/policy/list/index.hbs
@ -8,13 +8,19 @@
  @items={{@items}}
 as |item|>
    <BlockSlot @name="header">
-{{#if (eq (policy/typeof item) 'policy-management')}}
+{{#if (or (eq (policy/typeof item) 'policy-management') (eq (policy/typeof item) 'read-only'))}}
        <dl class="policy-management">
          <dt>Type</dt>
          <dd>
+            {{#if (eq (policy/typeof item) 'policy-management')}}
              <Tooltip>
                Global Management Policy
              </Tooltip>
+            {{else}}
+              <Tooltip>
+                Global Read-only Policy
+              </Tooltip>
+            {{/if}}
          </dd>
        </dl>
 {{/if}}
--- a/ui/packages/consul-ui/app/helpers/policy/typeof.js
+++ b/ui/packages/consul-ui/app/helpers/policy/typeof.js
@ -6,6 +6,7 @@
 import { helper } from '@ember/component/helper';
 import { get } from '@ember/object';
 const MANAGEMENT_ID = '00000000-0000-0000-0000-000000000001';
+const READ_ONLY_ID = '00000000-0000-0000-0000-000000000002';
 export function typeOf(params, hash) {
  const item = params[0];
  const template = get(item, 'template');
@ -18,6 +19,8 @@ export function typeOf(params, hash) {
      return 'policy-node-identity';
    case get(item, 'ID') === MANAGEMENT_ID:
      return 'policy-management';
+    case get(item, 'ID') === READ_ONLY_ID:
+      return 'read-only';
    default:
      return 'policy';
  }
--- a/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
+++ b/ui/packages/consul-ui/app/templates/dc/acls/policies/edit.hbs
@ -75,6 +75,7 @@ as |dc partition nspace id item create|}}
            </dl>
        </div>
  {{/if}}
+  {{#if (or (eq (policy/typeof item) 'policy-management') (eq (policy/typeof item) 'read-only'))}}
    {{#if (eq (policy/typeof item) 'policy-management')}}
      <Hds::Alert @type="inline" @icon="star-fill" class="mb-3 mt-2" as |A|>
        <A.Title>Management</A.Title>
@ -84,6 +85,16 @@ as |dc partition nspace id item create|}}
                            @icon='docs-link'
                            @iconPosition='trailing' />
      </Hds::Alert>
+    {{else}}
+      <Hds::Alert @type="inline" @icon="star-fill" class="mb-3 mt-2" as |A|>
+        <A.Title>Built-in policy</A.Title>
+        <A.Description>This global-read-only policy is built into Consul's policy system. You can apply this special policy to tokens for read-only access to all Consul components. This policy is not editable or removable, but can be ignored by not applying it to any tokens.</A.Description>
+        <A.Link::Standalone @text='Learn more'
+                            @href="{{env 'CONSUL_DOCS_URL'}}/guides/acl.html#builtin-policies"
+                            @icon='docs-link'
+                            @iconPosition='trailing' />
+      </Hds::Alert>
+    {{/if}}
    <div class="definition-table">
      <dl>
        <dt>Name</dt>
--- a/ui/packages/consul-ui/mock-api/v1/acl/policies
+++ b/ui/packages/consul-ui/mock-api/v1/acl/policies
@ -29,6 +29,23 @@ ${typeof location.search.partition !== 'undefined' ? `
            }
          `
        }
+        if(i === 2) {
+          return `
+            {
+              "ID": "00000000-0000-0000-0000-000000000002",
+              "Name": "global-read-only",
+${typeof location.search.ns !== 'undefined' ? `
+              "Namespace": "${location.search.ns}",
+` : ``}
+${typeof location.search.partition !== 'undefined' ? `
+            "Partition": "${location.search.partition}",
+` : ``}
+              "Description": "Built-In Read-only Policy",
+              "CreateIndex": 10,
+              "ModifyIndex": 10
+            }
+          `
+        }
        return `
          {
            "ID": "${fake.random.uuid()}",
--- a/ui/packages/consul-ui/mock-api/v1/acl/policy/_
+++ b/ui/packages/consul-ui/mock-api/v1/acl/policy/_
@ -11,6 +11,6 @@ ${ location.pathname.get(3) !== '00000000-0000-0000-0000-000000000001' ? `
  policy = "write"
 }`)},
 ` : "" }
-  "Name": "${location.pathname.get(3) === '00000000-0000-0000-0000-000000000001' ? 'global-management' : fake.hacker.noun() + '-policy'}"
+  "Name": "${location.pathname.get(3) === '00000000-0000-0000-0000-000000000001' ? 'global-management' : location.pathname.get(3) === '00000000-0000-0000-0000-000000000002' ? 'global-read-only': fake.hacker.noun() + '-policy'}"
 }

--- a/ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature
+++ b/ui/packages/consul-ui/tests/acceptance/dc/acls/policies/view-read-only.feature
@ -0,0 +1,20 @@
+@setupApplicationTest
+Feature: dc / acls / policies / view read-only policy: Readonly management policy
+  Background:
+    Given 1 datacenter model with the value "datacenter"
+    And 1 policy model from yaml
+    ---
+      ID: 00000000-0000-0000-0000-000000000002
+    ---
+  Scenario:
+    When I visit the policy page for yaml
+    ---
+      dc: datacenter
+      policy: 00000000-0000-0000-0000-000000000002
+    ---
+    Then the url should be /datacenter/acls/policies/00000000-0000-0000-0000-000000000002
+    Then I see the text "View Policy" in "h1"
+    Then I don't see confirmDelete
+    Then I don't see cancel
+    And I see tokens
+
--- a/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js
+++ b/ui/packages/consul-ui/tests/acceptance/steps/dc/acls/policies/view-read-only-steps.js
@ -0,0 +1,15 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: MPL-2.0
+ */
+
+import steps from '../../../steps';
+
+// step definitions that are shared between features should be moved to the
+// tests/acceptance/steps/steps.js file
+
+export default function (assert) {
+  return steps(assert).then('I should find a file', function () {
+    assert.ok(true, this.step);
+  });
+}
--- a/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
+++ b/ui/packages/consul-ui/tests/integration/helpers/policy/typeof-test.js
@ -11,12 +11,14 @@ import hbs from 'htmlbars-inline-precompile';
 module('Integration | Helper | policy/typeof', function (hooks) {
  setupRenderingTest(hooks);

-  // Replace this with your real tests.
-  test('it renders', async function (assert) {
-    this.set('inputValue', '1234');
+  test('it renders read-only cluster', async function (assert) {
+    this.set('inputValue', {
+      ID: '00000000-0000-0000-0000-000000000002',
+      template: 'some-template',
+    });

    await render(hbs`{{policy/typeof inputValue}}`);

-    assert.equal(this.element.textContent.trim(), 'role');
+    assert.equal(this.element.textContent.trim(), 'read-only');
  });
 });