feat(frontend): tweak shadow link create Connection step#2437
Merged
Conversation
The TLS section used to surface an Upload/File-path mode picker and three cert fields the moment TLS was enabled, even though most users just want a plain encrypted link. The auth section also gave no clue that the SASL user has to live on the source cluster and carry specific ACLs. The new layout collapses CA and mTLS into separate disclosures so the cert mode picker only appears when one is open, and adds an inline info callout above the auth credentials pointing at the required ACLs. The cert upload modal is gone: dropping a file now commits straight to form state through the registry Dropzone, with a trash button in the corner for removal. Toggle copy shifts from SCRAM to SASL since the underlying mechanisms are SCRAM-SHA-256 and SCRAM-SHA-512. A small secret-reference helper was extracted so the SASL password and mTLS client key stop duplicating the secret template parsing.
c-julin
approved these changes
May 12, 2026
Contributor
c-julin
left a comment
c-julin
left a comment
There was a problem hiding this comment.
This looks good to me, this may be scope creep so we can do a seperate PR but SASL PLAIN for confluent shadowlink, I had a ticket to add it to cloud but dont know if the change was made for self hosted.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The TLS section used to surface an Upload/File-path mode picker and three cert fields the moment TLS was enabled, even though most users just want a plain encrypted link. The auth section also gave no clue that the SASL user has to live on the source cluster and carry specific ACLs.
The new layout collapses CA and mTLS into separate disclosures so the cert mode picker only appears when one is open, and adds an inline info callout above the auth credentials pointing at the required ACLs.
The cert upload modal is gone:
dropping a file now commits straight to form state through the registry Dropzone, with a trash button in the corner for removal. Toggle copy shifts from SCRAM to SASL since the underlying mechanisms are SCRAM-SHA-256 and SCRAM-SHA-512.
A small secret-reference helper was extracted so the SASL password and mTLS client key stop duplicating the secret template parsing.
Examples
TLS:
Before:
After
SASL
Before
After
