Warn & Disallow Creating Role with Existing Name

[jeramysoucy]

Resolves #34712

Overview

This PR adds checks to the edit role page, when in create mode, to warn the user and disallow role creation when the user enters a role name that already exists. This is achieved in two ways...

When the name field loses focus:
A new state property and helper function are utilized to flag when the entered name already exists. If the page is in create mode, the state property is checked and set in the onBlur handler for the name field. When the form row containing the field is rendered the isValid and error are set based on the new state property, providing in-line feedback in the form.

When the create button is clicked:
An API get call already occurs during the save operation and is leveraged in this change. A new optional 'createOnly' parameter is passed into the client API saveRole method. The value for createOnly is determined by the page being in create mode (!isEditingExistingRole). The onSave method will throw a conflict (409) error if the create only parameter is true and the role name already exists. The thrown error is displayed in a toast notification.

Non-breaking API Change

The API saveRole method and PUT /api/security/role/ request are both modified with an an optional boolean parameter 'createOnly'. 'createOnly' has a default value of false to avoid a breaking change with any existing references to the method. If 'createOnly' is true, a response/result of 409 will indicate the role cannot be created because it already exists.

Testing

1. Create a role and provide some known name (e.g. 'test_role')
2. In the Create Role UI, enter the same name and press tab or click outside of the name field
3. Verify that an inline message appears warning that the name already exists
4. Change one character in the name field such that it does not match any existing role names (note: the field is case-sensitive)
5. Verify the inline message is no longer preset
6. Enter the name of the role created in step 1, scroll to the Create button and click it
7. Verify a toast notification appears warning that the name already exists
8. Change one character in the name field such that it does not match any existing role names. Click the Create button.
9. Verify the new role is created
10. Select an existing role to modify it
11. Verify the field can be modified normally without receiving any feedback that the name already exists

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[jportner]

Nice work, a few nits and suggestions in the comments below 👍

[jeramysoucy]

@elasticmachine merge upstream

[jportner]

A couple more nits, LGTM, nice job!!

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 658aa85
• Storybooks Preview
• Webpack Bundle Analyzer

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
security	472.0KB	472.5KB	+445.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
security	50.2KB	50.2KB	+37.0B

History

• 💛 Build #47478 was flaky bd2c06e
• 💚 Build #46063 succeeded fad09fd
• 💚 Build #45786 succeeded 46f9a7b
• 💔 Build #45623 failed 3cee9b0bdd386e8023751f735819171814f38fe6
• 💚 Build #44820 succeeded f13c306203091b1ad946b5fccf516c2f3a225bd3

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[jportner]

This PR was mis-labeled 🙈 it actually merged into main after the 8.3 branch had been cut. It should be backported to 8.3.

[kibanamachine]

💔 All backports failed

Status	Branch	Result
❌	8.4	The branch "8.4" is invalid or doesn't exist

Manual backport

To create the backport manually run:

node scripts/backport --pr 132218

Questions ?

Please refer to the Backport tool documentation