Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UI/Remove token_type field from token auth method #12904

Merged
merged 14 commits into from
Oct 29, 2021
Merged

UI/Remove token_type field from token auth method #12904

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
def4699
chane form field to angle bracket syntax
hellobontempo Oct 22, 2021
88980a9
computes tuneAttrs depending on auth method type
hellobontempo Oct 22, 2021
47b6136
make all attrs linkable
hellobontempo Oct 23, 2021
e41eaec
delete token_type for token auth methods before save
hellobontempo Oct 27, 2021
9de670a
revert to some auth methods not linked blocks
hellobontempo Oct 27, 2021
bfee040
adds changelog
hellobontempo Oct 27, 2021
5db5f82
Merge branch 'main' into ui/remove-token-type-field-token-auth
hellobontempo Oct 27, 2021
02e03fc
adds copy to unsupported auth methods
hellobontempo Oct 27, 2021
33a5fed
adds space at end of hbs
hellobontempo Oct 28, 2021
cf16b33
adds another space to bottom of hbs
hellobontempo Oct 28, 2021
4b8262f
adds doc link to copy
hellobontempo Oct 29, 2021
3227df6
adds test for linkable auth method list
hellobontempo Oct 29, 2021
3fcfe3f
clarifies test assertion
hellobontempo Oct 29, 2021
8a25e2f
fixes test so token isn't skipped
hellobontempo Oct 29, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/12904.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
ui: Removes ability to tune token_type for token auth methods
```
6 changes: 6 additions & 0 deletions ui/app/components/auth-config-form/options.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export default AuthConfigComponent.extend({
saveModel: task(function*() {
let data = this.model.config.serialize();
data.description = this.model.description;

// token_type should not be tuneable for the token auth method, default is 'default-service'
if (this.model.type === 'token') {
delete data.token_type;
}

try {
yield this.model.tune(data);
} catch (err) {
Expand Down
2 changes: 1 addition & 1 deletion ui/app/helpers/supported-managed-auth-backends.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { helper as buildHelper } from '@ember/component/helper';

const MANAGED_AUTH_BACKENDS = ['okta', 'radius', 'ldap', 'cert', 'userpass'];
const MANAGED_AUTH_BACKENDS = ['cert', 'userpass', 'ldap', 'okta', 'radius'];

export function supportedManagedAuthBackends() {
return MANAGED_AUTH_BACKENDS;
Expand Down
23 changes: 17 additions & 6 deletions ui/app/models/auth-method.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,25 @@ let ModelExport = Model.extend(Validations, {
return this.local ? 'local' : 'replicated';
}),

tuneAttrs: computed(function() {
return expandAttributeMeta(this, [
'description',
'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
]);
tuneAttrs: computed('path', function() {
let { methodType } = this;
let tuneAttrs;
// token_type should not be tuneable for the token auth method
if (methodType === 'token') {
tuneAttrs = [
'description',
'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
];
} else {
tuneAttrs = [
'description',
'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
];
}
return expandAttributeMeta(this, tuneAttrs);
}),

//sys/mounts/auth/[auth-path]/tune.
// sys/mounts/auth/[auth-path]/tune.
tune: memberAction({
path: 'tune',
type: 'post',
Expand Down
4 changes: 2 additions & 2 deletions ui/app/templates/components/auth-config-form/options.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<MessageError @model={{model}} @errorMessage={{model.errorMessage}}/>
<NamespaceReminder @mode="save" @noun="Auth Method" />
{{#each model.tuneAttrs as |attr|}}
{{form-field data-test-field attr=attr model=model}}
<FormField data-test-field @attr={{attr}} @model={{model}} />
{{/each}}
</div>
<div class="field is-grouped box is-fullwidth is-bottomless">
Expand All @@ -16,4 +16,4 @@
Update Options
</button>
</div>
</form>
</form>
9 changes: 9 additions & 0 deletions ui/app/templates/vault/cluster/access/method/section.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,16 @@
</h1>
</p.levelLeft>
</PageHeader>

{{#if (not (contains model.type (supported-managed-auth-backends)))}}
<div class="has-text-grey has-top-bottom-margin" data-test-doc-link>
The Vault UI only supports configuration for this authentication method.
For management, the <DocLink @path="/api/auth">API or CLI</DocLink> should be used.
</div>
{{/if}}

{{section-tabs model "authShow" paths}}

{{#if (eq section "configuration")}}
<Toolbar>
<ToolbarActions>
Expand Down
159 changes: 47 additions & 112 deletions ui/app/templates/vault/cluster/access/methods.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,43 +15,45 @@
</Toolbar>

{{#each (sort-by "path" model) as |method|}}
{{#if (contains method.methodType (supported-managed-auth-backends))}}
<LinkedBlock @params={{array
<LinkedBlock @params={{array
"vault.cluster.access.method"
method.id}} class="list-item-row" data-test-auth-backend-link={{method.id}}>
<div class="level is-mobile">
<div class="level-left">
<div>
<ToolTip @horizontalPosition="left" as |T|>
<T.trigger>
<Icon @glyph={{if
(or
(find-by "type" method.methodType (mountable-auth-methods))
(eq method.methodType "token")
)
method.methodType
"auth"
}} @size="l" class="has-text-grey-light" />
</T.trigger>
<T.content @class="tool-tip">
<div class="box">
{{method.methodType}}
</div>
</T.content>
</ToolTip>
<span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-black">
{{method.path}}
</span>
<br />
<code class="has-text-grey is-size-8">
{{method.accessor}}
</code>
</div>
method.id}} class="list-item-row"
data-test-auth-backend-link={{method.id}}
>
<div class="level is-mobile">
<div class="level-left">
<div>
<ToolTip @horizontalPosition="left" as |T|>
<T.trigger>
<Icon @size="l" class="has-text-grey-light"
@glyph={{if
(or
(find-by "type" method.methodType (mountable-auth-methods))
(eq method.methodType "token")
)
method.methodType
"auth"}}
/>
</T.trigger>
<T.content @class="tool-tip">
<div class="box">
{{method.methodType}}
</div>
</T.content>
</ToolTip>
<span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-black">
{{method.path}}
</span>
<br />
<code class="has-text-grey is-size-8">
{{method.accessor}}
</code>
</div>
<div class="level-right is-flex is-paddingless is-marginless">
<div class="level-item">
<PopupMenu @name="auth-backend-nav">
<Confirm as |c|>
</div>
<div class="level-right is-flex is-paddingless is-marginless">
<div class="level-item">
<PopupMenu @name="auth-backend-nav">
<Confirm as |c|>
<nav class="menu">
<ul class="menu-list">
<li>
Expand All @@ -69,88 +71,21 @@

{{#if (and (not-eq method.methodType 'token') method.canDisable)}}
<li class="action">
<c.Message
@id={{method.id}}
@title="Disable method?"
@message="This may affect access to Vault data."
@triggerText="Disable"
@onConfirm={{perform disableMethod method}}>
</c.Message>
<c.Message
@id={{method.id}}
@title="Disable method?"
@message="This may affect access to Vault data."
@triggerText="Disable"
@onConfirm={{perform disableMethod method}}>
</c.Message>
</li>
{{/if}}
</ul>
</nav>
</Confirm>
</PopupMenu>
</div>
</div>
</div>
</LinkedBlock>
{{else}}
<div class="list-item-row" data-test-auth-backend-link={{method.id}}>
<div class="level is-mobile">
<div class="level-left">
<div>
<ToolTip @horizontalPosition="left" as |T|>
<T.trigger>
<Icon @glyph={{if
(or
(find-by "type" method.methodType (mountable-auth-methods))
(eq method.methodType "token")
)
method.methodType
"auth"
}} @size="l" class="has-text-grey-light" />
</T.trigger>
<T.content @class="tool-tip">
<div class="box">
{{method.methodType}}
</div>
</T.content>
</ToolTip>
<span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-grey">
{{method.path}}
</span>
<br />
<code class="has-text-grey is-size-8">
{{method.accessor}}
</code>
</div>
</div>
<div class="level-right is-flex is-paddingless is-marginless">
<div class="level-item">
<PopupMenu @name="auth-backend-nav">
<Confirm as |c|>
<nav class="menu">
<ul class="menu-list">
<li>
<LinkTo @route="vault.cluster.access.method.section" @models={{array method.id "configuration"}}>
View configuration
</LinkTo>
</li>
{{#if method.canEdit}}
<li>
<LinkTo @route="vault.cluster.settings.auth.configure" @model={{method.id}}>
Edit configuration
</LinkTo>
</li>
{{/if}}

{{#if (and (not-eq method.methodType 'token') method.canDisable)}}
<li class="action">
<c.Message @id={{method.id}} @title="Disable method?"
@message="This may affect access to Vault data." @triggerText="Disable"
@onConfirm={{perform disableMethod method}}>
</c.Message>
</li>
{{/if}}
</ul>
</nav>
</Confirm>
</PopupMenu>
</div>
</Confirm>
</PopupMenu>
</div>
</div>
</div>
{{/if}}
</LinkedBlock>
{{/each}}
2 changes: 1 addition & 1 deletion ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
{{auth-config-form/options model.model}}
{{else}}
{{auth-config-form/config model.model}}
{{/if}}
{{/if}}
43 changes: 40 additions & 3 deletions ui/tests/acceptance/auth-list-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
import { click, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers';
import { click, findAll, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers';
import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit';
import authPage from 'vault/tests/pages/auth';
import logout from 'vault/tests/pages/logout';
import enablePage from 'vault/tests/pages/settings/auth/enable';
import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
import { supportedManagedAuthBackends } from 'vault/helpers/supported-managed-auth-backends';

module('Acceptance | userpass secret backend', function(hooks) {
module('Acceptance | auth backend list', function(hooks) {
setupApplicationTest(hooks);

hooks.beforeEach(function() {
Expand All @@ -16,7 +18,7 @@ module('Acceptance | userpass secret backend', function(hooks) {
return logout.visit();
});

test('userpass backend', async function(assert) {
test('userpass secret backend', async function(assert) {
let n = Math.random();
const path1 = `userpass-${++n}`;
const path2 = `userpass-${++n}`;
Expand Down Expand Up @@ -73,4 +75,39 @@ module('Acceptance | userpass secret backend', function(hooks) {
.dom('[data-test-list-item-content]')
.hasText(user1, 'first user created shows in current auth list');
});

test('auth methods are linkable and link to correct view', async function(assert) {
await visit('/vault/access');
await settled();
let supportManaged = supportedManagedAuthBackends();
let backends = supportedAuthBackends();

for (let backend of backends) {
let { type } = backend;

if (type !== 'token') {
await enablePage.enable(type, type);
}
await settled();
await visit('/vault/access');

// all auth methods should be linkable
await click(`[data-test-auth-backend-link="${type}"]`);

if (!supportManaged.includes(type)) {
assert.equal(findAll('[data-test-auth-section-tab]').length, 1);
assert
.dom('[data-test-auth-section-tab]')
.hasText('Configuration', `only shows configuration tab for ${type} auth method`);
assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
} else {
// managed auth methods should have more than 1 tab
assert.notEqual(
findAll('[data-test-auth-section-tab]').length,
1,
`has management tabs for ${type} auth method`
);
}
}
});
});