Skip to content

added edit for secret key in configuration#79

Merged
auslin-aot merged 3 commits into
AOT-Technologies:mainfrom
abilpraju-aot:bugfix/m8f-269
May 18, 2026
Merged

added edit for secret key in configuration#79
auslin-aot merged 3 commits into
AOT-Technologies:mainfrom
abilpraju-aot:bugfix/m8f-269

Conversation

@abilpraju-aot
Copy link
Copy Markdown
Collaborator

@abilpraju-aot abilpraju-aot commented May 15, 2026

JIRA Ticket

https://aottech.atlassian.net/browse/M8F-269

Description

Fixed the secret show issue
image
image

Type

  • Feature
  • Bug fix
  • Documentation
  • Other

Changes

  • Backend
  • Frontend
  • Documentation

Testing

Related Issues

Closes #

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026
edited
Loading

PR Agent Review

Blocking issues

No blocking issues found in this diff.

Non-blocking suggestions

  • Potential UX/logic edge case: displaySecretValue state name now represents “show edit form” rather than “show secret value.”
    • Not a bug, but it can be misleading and cause future regressions. Consider renaming to something like showEditSecretForm for clarity.
  • Authorization consistency check: You removed permission checks for secretShowValuePath, which matches the UI removal. Make sure there are no leftover backend/UI routes elsewhere that still expose /secrets/show-value/:key unintentionally (outside this file).
  • Formatting nit: File ends without newline (\ No newline at end of file). Non-functional, but worth fixing for consistency.

Recommended tests

Given this is a security-sensitive behavior change, add/adjust tests to lock in the new behavior:

  1. Secret value retrieval UI removed
    • Assert that “Retrieve secret value” button is never rendered, even when user has prior GET/show-value permission.
  2. Permission-gated edit behavior
    • With PUT permission on secretShowPath, assert “Edit secret value” button is shown and enables form display.
    • Without PUT, assert edit button is absent and form cannot be opened.
  3. No show-value API call from this page
    • Spy/mock HttpService.makeCallToBackend and assert no call is made to /secrets/show-value/... from user interactions on this page.
  4. Regression test for existing actions
    • Ensure delete action remains visible/functional only with DELETE permission.
    • Ensure normal secret metadata fetch/render still works with GET permission.

Generated by model gpt-5.3-codex on PR updates via OpenAI Responses API.

auslin-aot
auslin-aot reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@auslin-aot auslin-aot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please resolve conflicts

@auslin-aot auslin-aot merged commit ba4aacb into AOT-Technologies:main May 18, 2026
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@auslin-aot auslin-aot auslin-aot approved these changes

@vinaayakh-aot vinaayakh-aot Awaiting requested review from vinaayakh-aot

@andrepestana-aot andrepestana-aot Awaiting requested review from andrepestana-aot

@sonal-aot sonal-aot Awaiting requested review from sonal-aot

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abilpraju-aot @auslin-aot