UI: Fix kubernetes auth method role management (#25999)

Co-authored-by: Chelsea Shaw <[email protected]>
Co-authored-by: Chelsea Shaw <[email protected]>

changelog/25999.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Fix kubernetes auth method roles tab  
+```

ui/app/helpers/mountable-auth-methods.js

@@ -5,6 +5,12 @@
 
 import { helper as buildHelper } from '@ember/component/helper';
 
+/**
+ * These are all the auth methods that can be mounted.
+ * Some methods may not be available for login via the UI,
+ * which are in the `supported-auth-backends` helper.
+ */
+
 const ENTERPRISE_AUTH_METHODS = [
   {
     displayName: 'SAML',

ui/app/helpers/supported-auth-backends.js

@@ -5,6 +5,12 @@
 
 import { helper as buildHelper } from '@ember/component/helper';
 
+/**
+ * These are all the auth methods with which a user can log into the UI.
+ * This is a subset of the methods found in the `mountable-auth-methods` helper,
+ * which lists all the methods that can be mounted.
+ */
+
 const SUPPORTED_AUTH_BACKENDS = [
   {
     type: 'token',

ui/app/helpers/supported-managed-auth-backends.js

@@ -5,7 +5,9 @@
 
 import { helper as buildHelper } from '@ember/component/helper';
 
-const MANAGED_AUTH_BACKENDS = ['cert', 'userpass', 'ldap', 'okta', 'radius'];
+// The UI supports management of these auth methods (i.e. configuring roles or users)
+// otherwise only configuration of the method is supported.
+const MANAGED_AUTH_BACKENDS = ['cert', 'kubernetes', 'ldap', 'okta', 'radius', 'userpass'];
 
 export function supportedManagedAuthBackends() {
   return MANAGED_AUTH_BACKENDS;

ui/tests/acceptance/auth-list-test.js

@@ -11,9 +11,9 @@ import { v4 as uuidv4 } from 'uuid';
 
 import authPage from 'vault/tests/pages/auth';
 import enablePage from 'vault/tests/pages/settings/auth/enable';
-import { allSupportedAuthBackends, supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
 import { supportedManagedAuthBackends } from 'vault/helpers/supported-managed-auth-backends';
 import { deleteAuthCmd, mountAuthCmd, runCmd } from 'vault/tests/helpers/commands';
+import { methods } from 'vault/helpers/mountable-auth-methods';
 
 const SELECTORS = {
   backendLink: (path) => `[data-test-auth-backend-link="${path}"]`,
@@ -77,15 +77,35 @@ module('Acceptance | auth backend list', function (hooks) {
   });
 
   test('auth methods are linkable and link to correct view', async function (assert) {
-    assert.expect(16);
+    assert.expect(31);
     const uid = uuidv4();
     await visit('/vault/access');
 
     const supportManaged = supportedManagedAuthBackends();
-    const backends = supportedAuthBackends();
-    for (const backend of backends) {
-      const { type } = backend;
-      const path = `auth-list-${type}-${uid}`;
+    // Test all auth methods, not just those you can log in with
+    const backends = methods().map((backend) => backend.type);
+    assert.deepEqual(
+      backends,
+      [
+        'alicloud',
+        'approle',
+        'aws',
+        'azure',
+        'gcp',
+        'github',
+        'jwt',
+        'oidc',
+        'kubernetes',
+        'ldap',
+        'okta',
+        'radius',
+        'cert',
+        'userpass',
+      ],
+      'non-enterprise auth methods are available'
+    );
+    for (const type of backends) {
+      const path = type === 'token' ? 'token' : `auth-list-${type}-${uid}`;
       if (type !== 'token') {
         await enablePage.enable(type, path);
       }
@@ -115,41 +135,25 @@ module('Acceptance | auth backend list', function (hooks) {
   });
 
   test('enterprise: auth methods are linkable and link to correct view', async function (assert) {
-    assert.expect(19);
+    assert.expect(3);
     const uid = uuidv4();
     await visit('/vault/access');
 
-    const supportManaged = supportedManagedAuthBackends();
-    const backends = allSupportedAuthBackends();
-    for (const backend of backends) {
-      const { type } = backend;
-      const path = `auth-list-${type}-${uid}`;
-      if (type !== 'token') {
-        await enablePage.enable(type, path);
-      }
-      await settled();
-      await visit('/vault/access');
+    // Only SAML is enterprise-only for now
+    const type = 'saml';
+    const path = `auth-list-${type}-${uid}`;
+    await enablePage.enable(type, path);
+    await settled();
+    await visit('/vault/access');
 
-      // all auth methods should be linkable
-      await click(`[data-test-auth-backend-link="${type === 'token' ? type : path}"]`);
-      if (!supportManaged.includes(type)) {
-        assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
-        assert
-          .dom('[data-test-auth-section-tab]')
-          .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
-        assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
-      } else {
-        let expectedTabs = 2;
-        if (type == 'ldap' || type === 'okta') {
-          expectedTabs = 3;
-        }
-        assert
-          .dom('[data-test-auth-section-tab]')
-          .exists({ count: expectedTabs }, `has management tabs for ${type} auth method`);
-        // cleanup method
-        await runCmd(deleteAuthCmd(path));
-      }
-    }
+    // all auth methods should be linkable
+    await click(`[data-test-auth-backend-link="${path}"]`);
+    assert.dom('[data-test-auth-section-tab]').exists({ count: 1 });
+    assert
+      .dom('[data-test-auth-section-tab]')
+      .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
+    assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
+    await runCmd(deleteAuthCmd(path));
   });
 
   test('enterprise: token config within namespace', async function (assert) {