From d0dd1831df14b6de045f08c5da44b40126b7a8f8 Mon Sep 17 00:00:00 2001 From: Artjoms Porss Date: Mon, 23 Sep 2024 18:31:18 +0100 Subject: [PATCH] disable advanced settings for delegated roles during role creation or editing (#2733) Signed-off-by: aporss --- .../role/__snapshots__/RoleRow.test.js.snap | 2 +- .../role/__snapshots__/RoleTable.test.js.snap | 4 +- ui/src/__tests__/spec/tests/role.spec.js | 140 ++++++++++++++++++ ui/src/__tests__/spec/wdio.conf.js | 9 ++ ui/src/components/role/AddRole.js | 3 + .../role/AddRoleAdvancedSettings.js | 19 ++- ui/src/components/role/RoleRow.js | 1 + ui/src/components/settings/SettingRow.js | 1 + ui/src/components/settings/SettingTable.js | 18 ++- .../domain/[domain]/role/[role]/settings.js | 2 + 10 files changed, 194 insertions(+), 5 deletions(-) create mode 100644 ui/src/__tests__/spec/tests/role.spec.js diff --git a/ui/src/__tests__/components/role/__snapshots__/RoleRow.test.js.snap b/ui/src/__tests__/components/role/__snapshots__/RoleRow.test.js.snap index 6f53681b80f..e34597d3e71 100644 --- a/ui/src/__tests__/components/role/__snapshots__/RoleRow.test.js.snap +++ b/ui/src/__tests__/components/role/__snapshots__/RoleRow.test.js.snap @@ -185,7 +185,7 @@ exports[`RoleRow should render 1`] = ` class="emotion-12" data-testid="icon" height="1.25em" - id="" + id="ztssia_cert_rotate-setting-role-button" viewBox="0 0 1024 1024" width="1.25em" > diff --git a/ui/src/__tests__/components/role/__snapshots__/RoleTable.test.js.snap b/ui/src/__tests__/components/role/__snapshots__/RoleTable.test.js.snap index ae00fd9e4c5..25447122d8f 100644 --- a/ui/src/__tests__/components/role/__snapshots__/RoleTable.test.js.snap +++ b/ui/src/__tests__/components/role/__snapshots__/RoleTable.test.js.snap @@ -265,7 +265,7 @@ exports[`RoleTable should render 1`] = ` class="emotion-36" data-testid="icon" height="1.25em" - id="" + id="a-setting-role-button" viewBox="0 0 1024 1024" width="1.25em" > @@ -458,7 +458,7 @@ exports[`RoleTable should render 1`] = ` class="emotion-36" data-testid="icon" height="1.25em" - id="" + id="b-setting-role-button" viewBox="0 0 1024 1024" width="1.25em" > diff --git a/ui/src/__tests__/spec/tests/role.spec.js b/ui/src/__tests__/spec/tests/role.spec.js new file mode 100644 index 00000000000..27e959139a9 --- /dev/null +++ b/ui/src/__tests__/spec/tests/role.spec.js @@ -0,0 +1,140 @@ +/* + * Copyright The Athenz Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +describe('role screen tests', () => { + it('when creating or editing a delegated role, all additional settings except description must be disabled', async () => { + // open browser + await browser.newUser(); + await browser.url(`/`); + // select domain + let domain = 'athenz.dev.functional-test'; + let testDomain = await $(`a*=${domain}`); + await browser.waitUntil(async () => await testDomain.isClickable()); + await testDomain.click(); + + // open Add Role screen + let addRoleButton = await $('button*=Add Role'); + await browser.waitUntil(async () => await addRoleButton.isClickable()); + await addRoleButton.click(); + // select Delegated + let delegatedButton = await $('div*=Delegated'); + await delegatedButton.click(); + // verify all settings except Description are disabled + let advancedSettingsIcon = await $('#advanced-settings-icon'); + await advancedSettingsIcon.click(); + let switchSettingAuditEnabled = await $('#switch-settingauditEnabled'); + await expect(switchSettingAuditEnabled).toBeDisabled(); + let switchSettingReviewEnabled = await $('#switch-settingreviewEnabled'); + await expect(switchSettingReviewEnabled).toBeDisabled(); + let switchSettingDeleteProtection = await $('#switch-settingdeleteProtection'); + await expect(switchSettingDeleteProtection).toBeDisabled(); + let switchSettingSelfServe = await $('#switch-settingselfServe'); + await expect(switchSettingSelfServe).toBeDisabled(); + let switchSettingSelfRenew = await $('#switch-settingselfRenew'); + await expect(switchSettingSelfRenew).toBeDisabled(); + let inputSelfRenewMins = await $('#setting-selfRenewMins'); + await expect(inputSelfRenewMins).toBeDisabled(); + let inputMemberExpiryDays = await $('#setting-memberExpiryDays'); + await expect(inputMemberExpiryDays).toBeDisabled(); + let inputGroupExpiryDays = await $('#setting-groupExpiryDays'); + await expect(inputGroupExpiryDays).toBeDisabled(); + let inputGroupReviewDays = await $('#setting-groupReviewDays'); + await expect(inputGroupReviewDays).toBeDisabled(); + let inputServiceExpiryDays = await $('#setting-serviceExpiryDays'); + await expect(inputServiceExpiryDays).toBeDisabled(); + let inputServiceReviewDays = await $('#setting-serviceReviewDays'); + await expect(inputServiceReviewDays).toBeDisabled(); + let inputTokenExpiryMins = await $('#setting-tokenExpiryMins'); + await expect(inputTokenExpiryMins).toBeDisabled(); + let inputCertExpiryMins = await $('#setting-certExpiryMins'); + await expect(inputCertExpiryMins).toBeDisabled(); + let dropdownUserAuthorityFilter = await $('[name="setting-userAuthorityFilter"]'); + await expect(dropdownUserAuthorityFilter).toBeDisabled(); + let dropdownUserAuthorityExpiration = await $('[name="setting-userAuthorityExpiration"]'); + await expect(dropdownUserAuthorityExpiration).toBeDisabled(); + let inputSettingDescription = await $('#setting-description'); + await expect(inputSettingDescription).toBeEnabled(); + let inputMaxMembers = await $('#setting-maxMembers'); + await expect(inputMaxMembers).toBeDisabled(); + + // add role info + let inputRoleName = await $('#role-name-input'); + let roleName = 'delegated-role'; + await inputRoleName.addValue(roleName); + let inputDelegateTo = await $('#delegated-to-input'); + await inputDelegateTo.addValue('athenz.dev'); + let buttonSubmit = await $('button*=Submit'); + // submit role + await buttonSubmit.click(); + + // find row with 'delegated-role' in name and click settings svg + let buttonSettingsOfDelegatedRole = await $('.//*[local-name()="svg" and @id="delegated-role-setting-role-button"]'); + await buttonSettingsOfDelegatedRole.click(); + + // verify all settings except Description are disabled + switchSettingReviewEnabled = await $('#switch-settingreviewEnabled'); + await expect(switchSettingReviewEnabled).toBeDisabled(); + switchSettingDeleteProtection = await $('#switch-settingdeleteProtection'); + await expect(switchSettingDeleteProtection).toBeDisabled(); + switchSettingSelfServe = await $('#switch-settingselfServe'); + await expect(switchSettingSelfServe).toBeDisabled(); + switchSettingSelfRenew = await $('#switch-settingselfRenew'); + await expect(switchSettingSelfRenew).toBeDisabled(); + inputSelfRenewMins = await $('#setting-selfRenewMins'); + await expect(inputSelfRenewMins).toBeDisabled(); + inputMemberExpiryDays = await $('#setting-memberExpiryDays'); + await expect(inputMemberExpiryDays).toBeDisabled(); + inputGroupExpiryDays = await $('#setting-groupExpiryDays'); + await expect(inputGroupExpiryDays).toBeDisabled(); + inputGroupReviewDays = await $('#setting-groupReviewDays'); + await expect(inputGroupReviewDays).toBeDisabled(); + inputServiceExpiryDays = await $('#setting-serviceExpiryDays'); + await expect(inputServiceExpiryDays).toBeDisabled(); + inputServiceReviewDays = await $('#setting-serviceReviewDays'); + await expect(inputServiceReviewDays).toBeDisabled(); + inputTokenExpiryMins = await $('#setting-tokenExpiryMins'); + await expect(inputTokenExpiryMins).toBeDisabled(); + inputCertExpiryMins = await $('#setting-certExpiryMins'); + await expect(inputCertExpiryMins).toBeDisabled(); + dropdownUserAuthorityFilter = await $('[name="setting-userAuthorityFilter"]'); + await expect(dropdownUserAuthorityFilter).toBeDisabled(); + dropdownUserAuthorityExpiration = await $('[name="setting-userAuthorityExpiration"]'); + await expect(dropdownUserAuthorityExpiration).toBeDisabled(); + inputSettingDescription = await $('#setting-description'); + await expect(inputSettingDescription).toBeEnabled(); + inputMaxMembers = await $('#setting-maxMembers'); + await expect(inputMaxMembers).toBeDisabled(); + }); + + // after - runs after the last test in order of declaration + after(async() => { + // open browser + await browser.newUser(); + await browser.url(`/`); + // select domain + let domain = 'athenz.dev.functional-test'; + let testDomain = await $(`a*=${domain}`); + await browser.waitUntil(async () => await testDomain.isClickable()); + await testDomain.click(); + + // delete the delegate role used in the test + // find row with 'delegated-role' in name and click delete on svg + let buttonDeleteDelegatedRole = await $('.//*[local-name()="svg" and @id="delegated-role-delete-role-button"]'); + await buttonDeleteDelegatedRole.click(); + let modalDeleteButton = await $('button*=Delete'); + await modalDeleteButton.click(); + }); +}) diff --git a/ui/src/__tests__/spec/wdio.conf.js b/ui/src/__tests__/spec/wdio.conf.js index a6ff8b60b9a..5c9617cfc9c 100644 --- a/ui/src/__tests__/spec/wdio.conf.js +++ b/ui/src/__tests__/spec/wdio.conf.js @@ -79,6 +79,15 @@ if (!sauceLabsUser) { localOrRemote.capabilities = [ { browserName: 'chrome', + 'goog:chromeOptions': { + args: [ + '--disable-infobars', // Disables "Chrome is being controlled by automated software" infobar + '--disable-default-apps', // Disables default apps (including search engine prompts) + '--no-first-run', // Bypass first-time setup including "Choose your search engine" + '--disable-popup-blocking', // Disables popup blocking + '--disable-search-engine-choice-screen' // Disables choose your search engine popup + ] + }, browserVersion: 'latest', acceptInsecureCerts: true, }, diff --git a/ui/src/components/role/AddRole.js b/ui/src/components/role/AddRole.js index ac242384b23..44764a58cc1 100644 --- a/ui/src/components/role/AddRole.js +++ b/ui/src/components/role/AddRole.js @@ -545,6 +545,7 @@ class AddRole extends React.Component { Delegated to diff --git a/ui/src/components/role/AddRoleAdvancedSettings.js b/ui/src/components/role/AddRoleAdvancedSettings.js index c5536f84c0a..988da6c0654 100644 --- a/ui/src/components/role/AddRoleAdvancedSettings.js +++ b/ui/src/components/role/AddRoleAdvancedSettings.js @@ -90,6 +90,7 @@ export default class AddRoleAdvancedSettings extends React.Component { label='Audit' type='switch' disabled={ + this.props.delegated || !this.props.isDomainAuditEnabled || this.props.members.length > 0 } @@ -111,6 +112,7 @@ export default class AddRoleAdvancedSettings extends React.Component { userProfileLink={this.props.userProfileLink} inModal={true} tooltip={ADD_ROLE_REVIEW_ENABLED_TOOLTIP} + disabled={this.props.delegated} />, , , , , , , , , , , , , , , , ]; } diff --git a/ui/src/components/role/RoleRow.js b/ui/src/components/role/RoleRow.js index 3683cf689d4..cb9cda043b8 100644 --- a/ui/src/components/role/RoleRow.js +++ b/ui/src/components/role/RoleRow.js @@ -415,6 +415,7 @@ class RoleRow extends React.Component { trigger={ ); diff --git a/ui/src/components/settings/SettingTable.js b/ui/src/components/settings/SettingTable.js index 1ac61590dee..95b2cdcd495 100644 --- a/ui/src/components/settings/SettingTable.js +++ b/ui/src/components/settings/SettingTable.js @@ -388,6 +388,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.reviewEnabled} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -401,6 +402,7 @@ class SettingTable extends React.Component { ); let selfServiceDesc = @@ -450,6 +453,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.selfServe} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -469,6 +473,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.selfRenew} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -483,7 +488,7 @@ class SettingTable extends React.Component { unit='Mins' desc={SELF_RENEW_MINS_DESC} value={this.state.copyCollectionDetails.selfRenewMins} - disabled={!this.state.copyCollectionDetails.selfRenew} + disabled={this.props.roleIsDelegated || !this.state.copyCollectionDetails.selfRenew} onValueChange={this.onValueChange} _csrf={this.props._csrf} /> @@ -505,6 +510,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.memberExpiryDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -521,6 +527,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.memberReviewDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -541,6 +548,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.groupExpiryDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -557,6 +565,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.groupReviewDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -576,6 +585,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.serviceExpiryDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -592,6 +602,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.serviceReviewDays} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -612,6 +623,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.tokenExpiryMins} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -628,6 +640,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.certExpiryMins} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -663,6 +676,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.userAuthorityFilter} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -682,6 +696,7 @@ class SettingTable extends React.Component { } onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); @@ -717,6 +732,7 @@ class SettingTable extends React.Component { value={this.state.copyCollectionDetails.maxMembers} onValueChange={this.onValueChange} _csrf={this.props._csrf} + disabled={this.props.roleIsDelegated || false} /> ); diff --git a/ui/src/pages/domain/[domain]/role/[role]/settings.js b/ui/src/pages/domain/[domain]/role/[role]/settings.js index 59fc2dad8af..b52197715d1 100644 --- a/ui/src/pages/domain/[domain]/role/[role]/settings.js +++ b/ui/src/pages/domain/[domain]/role/[role]/settings.js @@ -174,6 +174,8 @@ class SettingPage extends React.Component { collectionDetails={roleDetails} _csrf={_csrf} category={'role'} + // to disable all settings except description for delegated role + roleIsDelegated={!!this.props.roleDetails.trust} />