feat: updated frontend to make reviewer jwt optional

2026-01-09 15:38:03 -05:00 · 2025-03-22 01:07:28 +05:30
parent 81b026865c
commit 341b63c61c
3 changed files with 27 additions and 21 deletions
--- a/frontend/src/hooks/api/identities/types.ts
+++ b/frontend/src/hooks/api/identities/types.ts
@@ -350,7 +350,7 @@ export type AddIdentityKubernetesAuthDTO = {
  organizationId: string;
  identityId: string;
  kubernetesHost: string;
-  tokenReviewerJwt: string;
+  tokenReviewerJwt?: string;
  allowedNamespaces: string;
  allowedNames: string;
  allowedAudience: string;
@@ -367,7 +367,7 @@ export type UpdateIdentityKubernetesAuthDTO = {
  organizationId: string;
  identityId: string;
  kubernetesHost?: string;
-  tokenReviewerJwt?: string;
+  tokenReviewerJwt?: string | null;
  allowedNamespaces?: string;
  allowedNames?: string;
  allowedAudience?: string;
--- a/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx
+++ b/frontend/src/pages/organization/AccessManagementPage/components/OrgIdentityTab/components/IdentitySection/IdentityKubernetesAuthForm.tsx
@@ -31,7 +31,7 @@ import { IdentityFormTab } from "./types";
 const schema = z
  .object({
    kubernetesHost: z.string().min(1),
-    tokenReviewerJwt: z.string().min(1),
+    tokenReviewerJwt: z.string().optional(),
    allowedNames: z.string(),
    allowedNamespaces: z.string(),
    allowedAudience: z.string(),
@@ -166,7 +166,7 @@ export const IdentityKubernetesAuthForm = ({
        await updateMutateAsync({
          organizationId: orgId,
          kubernetesHost,
-          tokenReviewerJwt,
+          tokenReviewerJwt: tokenReviewerJwt || null,
          allowedNames,
          allowedNamespaces,
          allowedAudience,
@@ -182,7 +182,7 @@ export const IdentityKubernetesAuthForm = ({
          organizationId: orgId,
          identityId,
          kubernetesHost: kubernetesHost || "",
-          tokenReviewerJwt,
+          tokenReviewerJwt: tokenReviewerJwt || undefined,
          allowedNames: allowedNames || "",
          allowedNamespaces: allowedNamespaces || "",
          allowedAudience: allowedAudience || "",
@@ -255,11 +255,11 @@ export const IdentityKubernetesAuthForm = ({
            name="tokenReviewerJwt"
            render={({ field, fieldState: { error } }) => (
              <FormControl
+                tooltipClassName="max-w-md"
                label="Token Reviewer JWT"
                isError={Boolean(error)}
                errorText={error?.message}
-                tooltipText="A long-lived service account JWT token for Infisical to access the TokenReview API to validate other service account JWT tokens submitted by applications/pods."
-                isRequired
+                tooltipText="Optional JWT token for accessing Kubernetes TokenReview API. If provided, this long-lived token will be used to validate service account tokens during authentication. If omitted, the client's own JWT will be used instead, which requires the client to have the system:auth-delegator ClusterRole binding."
              >
                <Input {...field} placeholder="" type="password" />
              </FormControl>
--- a/frontend/src/pages/organization/IdentityDetailsByIDPage/components/ViewIdentityAuthModal/ViewIdentityKubernetesAuthContent.tsx
+++ b/frontend/src/pages/organization/IdentityDetailsByIDPage/components/ViewIdentityAuthModal/ViewIdentityKubernetesAuthContent.tsx
@@ -70,20 +70,26 @@ export const ViewIdentityKubernetesAuthContent = ({
        {data.kubernetesHost}
      </IdentityAuthFieldDisplay>
      <IdentityAuthFieldDisplay className="col-span-2" label="Token Reviewer JWT">
-        <Tooltip
-          side="right"
-          className="max-w-xl p-2"
-          content={
-            <p className="break-words rounded bg-mineshaft-600 p-2">{data.tokenReviewerJwt}</p>
-          }
-        >
-          <div className="w-min">
-            <Badge className="flex h-5 w-min items-center gap-1.5 whitespace-nowrap bg-mineshaft-400/50 text-bunker-300">
-              <FontAwesomeIcon icon={faEye} />
-              <span>Reveal</span>
-            </Badge>
-          </div>
-        </Tooltip>
+        {data.tokenReviewerJwt ? (
+          <Tooltip
+            side="right"
+            className="max-w-xl p-2"
+            content={
+              <p className="break-words rounded bg-mineshaft-600 p-2">
+                {data.tokenReviewerJwt || "Not provided"}
+              </p>
+            }
+          >
+            <div className="w-min">
+              <Badge className="flex h-5 w-min items-center gap-1.5 whitespace-nowrap bg-mineshaft-400/50 text-bunker-300">
+                <FontAwesomeIcon icon={faEye} />
+                <span>Reveal</span>
+              </Badge>
+            </div>
+          </Tooltip>
+        ) : (
+          <p className="text-base italic leading-4 text-bunker-400">Not set</p>
+        )}
      </IdentityAuthFieldDisplay>
      <IdentityAuthFieldDisplay className="col-span-2" label="Allowed Service Account Names">
        {data.allowedNames