[VAULT-35183] UI: enable search for updated namespace picker #30292

beagins · 2025-04-18T01:51:38Z

Description

ℹ️ This branch is merging into a feature side branch (not `main`)

ℹ️ The current implementation looks ugly, styling will be addressed in a separate PR

Enable search for updated namespace picker
Conditionally show root in list of namespaces
Enterprise tests passing ✅

239 tests completed in 168817 milliseconds, with 0 failed, 10 skipped, and 0 todo.
1449 assertions of 1449 passed, 0 failed.

Demo

Screen.Recording.2025-04-17.at.7.18.51.PM.mov

TODO only if you're a HashiCorp employee

Backport Labels: If this fix needs to be backported, use the appropriate backport/ label that matches the desired release branch. Note that in the CE repo, the latest release branch will look like backport/x.x.x, but older release branches will be backport/ent/x.x.x+ent.
- LTS: If this fixes a critical security vulnerability or severity 1 bug, it will also need to be backported to the current LTS versions of Vault. To ensure this, use all available enterprise labels.
ENT Breakage: If this PR either 1) removes a public function OR 2) changes the signature
of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
Jira: If this change has an associated Jira, it's referenced either
in the PR description, commit message, or branch name.
RFC: If this change has an associated RFC, please link it in the description.
ENT PR: If this change has an associated ENT PR, please link it in the
description. Also, make sure the changelog is in this PR, not in your ENT PR.

github-actions · 2025-04-18T02:11:11Z

CI Results:
All Go tests succeeded! ✅

github-actions · 2025-04-18T02:27:06Z

Build Results:
All builds succeeded! ✅

ui/app/components/namespace-picker.js

ui/tests/acceptance/enterprise-namespaces-test.js

ui/app/components/namespace-picker.js

hellobontempo · 2025-04-18T16:31:22Z

ui/app/components/namespace-picker.js

      ...(namespace?.accessibleNamespaces || []).map((ns) => {
        const parts = ns.split('/');
        return { id: parts[parts.length - 1], path: ns, label: ns };
      }),
    ];
+
+    // Conditionally add the root namespace


I'm curious how this works in reality, is ''/root still returned from the LIST endpoint on HVD managed clusters?

I didn't dig in too deep, I just stole this from the previous implementation, but I'll dig in a little to see what's going on & report back

The auth service returns the following as authData

{ "userRootNamespace":"", "displayName":"token", "backend":{ "mountPath":"token", "type":"token", "typeDisplay":"Token", "description":"Token authentication.", "tokenPath":"id", "displayNamePath":"display_name", "formAttributes":["token"] }, "token":"root", "policies":["root"], "renewable":false, "entity_id":"", "tokenExpirationEpoch":null }

I'm guessing - and would like to figure out how to confirm this - that userRootNamespace would be "admin" for a HVD user

I tried creating a user, bob, w/o access to root namespace to see the value of userRootNamespace when bob logs in, but it looks like bob still has access to root, which is consistent with when I log in as bob on http://localhost:8200/ so it's likely that I'm configuring the policy incorrectly

Yeah this can definitely wait until smoke testing at the end, I meant to call that out in my comment. Just sent you a slack about stubbing HVD 😄

github-actions bot added the hashicorp-contributed-pr If the PR is HashiCorp (i.e. not-community) contributed label Apr 18, 2025

beagins marked this pull request as ready for review April 18, 2025 02:23

beagins requested a review from a team as a code owner April 18, 2025 02:23

drivera258 approved these changes Apr 18, 2025

View reviewed changes