vault
vault copied to clipboard
hashicorp
Backport of UI: Fix KV engine deleting latest version instead of specified version depending on policy into release/1.11.x
Backport
This PR is auto-generated from #17124 to be assessed for backporting due to the inclusion of the label backport/1.11.x.
The below text is copied from the body of the original PR.
The following policy grants delete capabilities to some-secret and allows deletion of the latest version of a secret, but does not allow deleting a specific the version of the secret.
path "kv-engine-path/data/some-secret" { capabilities = ["create","read","update","delete","list"] }
path "kv-engine-path/metadata/*" { capabilities = ["create","update","delete","list","read"] }
path "kv-engine-path/undelete/*" { capabilities = ["update"] }
This was unclear in the UI because the delete modal appeared to offer "Delete this version" as an option. When a user selected that option, they would find that the latest version had been deleted, not an older version as expected (Version 1 in this example).
with fix:
Now, with the above policy, the modal accurately explains what is happening:
And when a policy includes access to the /delete endpoint: kv-engine-path/delete/*" { capabilities = ["update"] }
The modal provides "Delete this version" as an option, allowing the user to delete the selected version
Overview of commits
- 8be99f9e91b1f5e6296db3511bc98df686206fa3
