Bug fix: allow forward slash in paths for delete menu (#12550)

* fix bug and add test coverage * changelog
hashicorp · Sep 14, 2021 · 0d8d454 · 0d8d454
1 parent ac56e55
commit 0d8d454
Show file tree

Hide file tree

Showing 3 changed files with 64 additions and 7 deletions.
diff --git a/changelog/12550.txt b/changelog/12550.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix bug where capabilities check on secret-delete-menu was encoding the forward slashes.
+```
diff --git a/ui/app/components/secret-delete-menu.js b/ui/app/components/secret-delete-menu.js
@@ -23,7 +23,7 @@ export default class SecretDeleteMenu extends Component {
       if (!context.args || !context.args.modelForData || !context.args.modelForData.id) return;
       let [backend, id] = JSON.parse(context.args.modelForData.id);
       return {
-        id: `${encodeURIComponent(backend)}/delete/${encodeURIComponent(id)}`,
+        id: `${backend}/delete/${id}`,
       };
     },
     'model.id'
@@ -37,7 +37,7 @@ export default class SecretDeleteMenu extends Component {
       if (!context.args || !context.args.modelForData || !context.args.modelForData.id) return;
       let [backend, id] = JSON.parse(context.args.modelForData.id);
       return {
-        id: `${encodeURIComponent(backend)}/undelete/${encodeURIComponent(id)}`,
+        id: `${backend}/undelete/${id}`,
       };
     },
     'model.id'
@@ -51,7 +51,7 @@ export default class SecretDeleteMenu extends Component {
       if (!context.args || !context.args.modelForData || !context.args.modelForData.id) return;
       let [backend, id] = JSON.parse(context.args.modelForData.id);
       return {
-        id: `${encodeURIComponent(backend)}/destroy/${encodeURIComponent(id)}`,
+        id: `${backend}/destroy/${id}`,
       };
     },
     'model.id'
@@ -66,7 +66,7 @@ export default class SecretDeleteMenu extends Component {
       let backend = context.args.model.engine.id;
       let id = context.args.model.id;
       return {
-        id: `${encodeURIComponent(backend)}/metadata/${encodeURIComponent(id)}`,
+        id: `${backend}/metadata/${id}`,
       };
     },
     'model',
@@ -84,9 +84,7 @@ export default class SecretDeleteMenu extends Component {
       }
       let backend = context.args.isV2 ? context.args.model.engine.id : context.args.model.backend;
       let id = context.args.model.id;
-      let path = context.args.isV2
-        ? `${encodeURIComponent(backend)}/data/${encodeURIComponent(id)}`
-        : `${encodeURIComponent(backend)}/${encodeURIComponent(id)}`;
+      let path = context.args.isV2 ? `${backend}/data/${id}` : `${backend}/${id}`;
       return {
         id: path,
       };

diff --git a/ui/tests/acceptance/secrets/backend/kv/secret-test.js b/ui/tests/acceptance/secrets/backend/kv/secret-test.js
@@ -522,6 +522,62 @@ module('Acceptance | secrets/secret/create', function(hooks) {
     assert.dom('[data-test-secret-undelete]').exists('undelete button shows');
   });
 
+  test('version 2 with path forward slash will show delete button', async function(assert) {
+    let backend = 'kv-v2';
+    const V2_POLICY = `
+      path "kv-v2/delete/forward/slash" {
+        capabilities = ["update"]
+      }
+      path "kv-v2/metadata/*" {
+        capabilities = ["list","read","create","update"]
+      }
+      path "kv-v2/data/forward/slash" {
+        capabilities = ["create", "read"]
+      }
+    `;
+    await consoleComponent.runCommands([
+      `write sys/mounts/${backend} type=kv options=version=2`,
+      `write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
+      // delete any kv previously written here so that tests can be re-run
+      'delete kv-v2/metadata/forward/slash',
+      'write -field=client_token auth/token/create policies=kv-v2-degrade',
+    ]);
+
+    let userToken = consoleComponent.lastLogOutput;
+    await logout.visit();
+    await authPage.login(userToken);
+    await writeSecret(backend, 'forward/slash', 'foo', 'bar');
+    assert.dom('[data-test-secret-v2-delete="true"]').exists('drop down delete shows');
+  });
+
+  test('version 2 with engine with forward slash will show delete button', async function(assert) {
+    let backend = 'forward/slash';
+    const V2_POLICY = `
+      path "forward/slash/delete/secret" {
+        capabilities = ["update"]
+      }
+      path "forward/slash/metadata/*" {
+        capabilities = ["list","read","create","update"]
+      }
+      path "forward/slash/data/*" {
+        capabilities = ["create", "read"]
+      }
+    `;
+    await consoleComponent.runCommands([
+      `write sys/mounts/${backend} type=kv options=version=2`,
+      `write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
+      // delete any kv previously written here so that tests can be re-run
+      'delete forward/slash/metadata/secret',
+      'write -field=client_token auth/token/create policies=kv-v2-degrade',
+    ]);
+
+    let userToken = consoleComponent.lastLogOutput;
+    await logout.visit();
+    await authPage.login(userToken);
+    await writeSecret(backend, 'secret', 'foo', 'bar');
+    assert.dom('[data-test-secret-v2-delete="true"]').exists('drop down delete shows');
+  });
+
   test('paths are properly encoded', async function(assert) {
     let backend = 'kv';
     let paths = [