From def4699b5e3b251629bef9d476d95809917527d3 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 22 Oct 2021 09:47:21 -0500 Subject: [PATCH 01/13] chane form field to angle bracket syntax --- ui/app/templates/components/auth-config-form/options.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs index c46d595cfafa..ad8e7c1ce7fe 100644 --- a/ui/app/templates/components/auth-config-form/options.hbs +++ b/ui/app/templates/components/auth-config-form/options.hbs @@ -3,7 +3,7 @@ {{#each model.tuneAttrs as |attr|}} - {{form-field data-test-field attr=attr model=model}} + {{/each}}
From 88980a9b34c628d4cf585294e9029ef7e38f59f4 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 22 Oct 2021 10:02:42 -0500 Subject: [PATCH 02/13] computes tuneAttrs depending on auth method type --- ui/app/models/auth-method.js | 20 ++++++++++++++----- .../components/auth-config-form/options.hbs | 1 + 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/ui/app/models/auth-method.js b/ui/app/models/auth-method.js index dc12576103c7..be131b4d564f 100644 --- a/ui/app/models/auth-method.js +++ b/ui/app/models/auth-method.js @@ -49,11 +49,21 @@ let ModelExport = Model.extend(Validations, { return this.local ? 'local' : 'replicated'; }), - tuneAttrs: computed(function() { - return expandAttributeMeta(this, [ - 'description', - 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', - ]); + tuneAttrs: computed('path', function() { + let { path } = this; + let tuneAttrs; + if (path === 'token/') { + tuneAttrs = [ + 'description', + 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', + ]; + } else { + tuneAttrs = [ + 'description', + 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', + ]; + } + return expandAttributeMeta(this, tuneAttrs); }), //sys/mounts/auth/[auth-path]/tune. diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs index ad8e7c1ce7fe..965c5ecba8f5 100644 --- a/ui/app/templates/components/auth-config-form/options.hbs +++ b/ui/app/templates/components/auth-config-form/options.hbs @@ -2,6 +2,7 @@
+ {{log model}} {{#each model.tuneAttrs as |attr|}} {{/each}} From 47b6136b850133c11377af25d3c668e577fc26ee Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Sat, 23 Oct 2021 16:57:41 -0500 Subject: [PATCH 03/13] make all attrs linkable --- ui/app/models/auth-method.js | 5 +- .../components/auth-config-form/options.hbs | 1 - .../vault/cluster/access/methods.hbs | 192 ++++++------------ 3 files changed, 66 insertions(+), 132 deletions(-) diff --git a/ui/app/models/auth-method.js b/ui/app/models/auth-method.js index be131b4d564f..f86a481e1dd5 100644 --- a/ui/app/models/auth-method.js +++ b/ui/app/models/auth-method.js @@ -50,9 +50,10 @@ let ModelExport = Model.extend(Validations, { }), tuneAttrs: computed('path', function() { - let { path } = this; + let { methodType } = this; let tuneAttrs; - if (path === 'token/') { + // token_type should not be tuneable for the token auth method + if (methodType === 'token') { tuneAttrs = [ 'description', 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs index 965c5ecba8f5..ad8e7c1ce7fe 100644 --- a/ui/app/templates/components/auth-config-form/options.hbs +++ b/ui/app/templates/components/auth-config-form/options.hbs @@ -2,7 +2,6 @@
- {{log model}} {{#each model.tuneAttrs as |attr|}} {{/each}} diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs index f14f2576b203..0f07563e7e0d 100644 --- a/ui/app/templates/vault/cluster/access/methods.hbs +++ b/ui/app/templates/vault/cluster/access/methods.hbs @@ -15,142 +15,76 @@ {{#each (sort-by "path" model) as |method|}} - {{#if (contains method.methodType (supported-managed-auth-backends))}} - -
-
-
- - - - - -
- {{method.methodType}} -
- - - - {{method.path}} - -
- + +
+
+
+ + + + + +
+ {{method.methodType}} +
+ + + + {{method.path}} + +
+ {{method.accessor}} - -
+
-
-
- - -
+
+
+ + + - - -
-
-
- - {{else}} -
-
-
-
- - - - - -
- {{method.methodType}} -
- - - - {{method.path}} - -
- - {{method.accessor}} - -
-
-
-
- - - - - -
+ {{#if (and (not-eq method.methodType 'token') method.canDisable)}} +
  • + + +
    • + {{/if}} + + + +
    - {{/if}} + {{/each}} From e41eaec027751417139793b1743aaf67c7b1be10 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 27 Oct 2021 12:00:17 -0700 Subject: [PATCH 04/13] delete token_type for token auth methods before save --- ui/app/components/auth-config-form/options.js | 6 ++++++ ui/app/models/auth-method.js | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js index 254d03ee0a47..9ce654e481d5 100644 --- a/ui/app/components/auth-config-form/options.js +++ b/ui/app/components/auth-config-form/options.js @@ -22,6 +22,12 @@ export default AuthConfigComponent.extend({ saveModel: task(function*() { let data = this.model.config.serialize(); data.description = this.model.description; + + // token_type should not be tuneable for the token auth method, default is 'default-service' + if (this.model.type === 'token') { + delete data.token_type; + } + try { yield this.model.tune(data); } catch (err) { diff --git a/ui/app/models/auth-method.js b/ui/app/models/auth-method.js index f86a481e1dd5..2214a75958fc 100644 --- a/ui/app/models/auth-method.js +++ b/ui/app/models/auth-method.js @@ -67,7 +67,7 @@ let ModelExport = Model.extend(Validations, { return expandAttributeMeta(this, tuneAttrs); }), - //sys/mounts/auth/[auth-path]/tune. + // sys/mounts/auth/[auth-path]/tune. tune: memberAction({ path: 'tune', type: 'post', From 9de670a8b19b73bcd38f254ce3fe4af5bf928586 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 27 Oct 2021 12:06:22 -0700 Subject: [PATCH 05/13] revert to some auth methods not linked blocks --- .../vault/cluster/access/methods.hbs | 200 ++++++++++++------ 1 file changed, 135 insertions(+), 65 deletions(-) diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs index 0f07563e7e0d..b31880e7e82b 100644 --- a/ui/app/templates/vault/cluster/access/methods.hbs +++ b/ui/app/templates/vault/cluster/access/methods.hbs @@ -15,76 +15,146 @@ {{#each (sort-by "path" model) as |method|}} - -
    -
    -
    - - - - - -
    - {{method.methodType}} -
    -     -     - - {{method.path}} - -
    - + {{#if (contains method.methodType (supported-managed-auth-backends))}} + +
    +
    +
    + + + + + +
    + {{method.methodType}} +
    +     +     + + {{method.path}} + +
    + {{method.accessor}} - +     +
    +
    +
    +
    + + + + + +
    -
    -
    - - - + + +
    - + {{/if}} {{/each}} From bfee0407a213951dc2bbaf526353e47cad46c75b Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 27 Oct 2021 12:09:30 -0700 Subject: [PATCH 06/13] adds changelog --- changelog/12904.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/12904.txt diff --git a/changelog/12904.txt b/changelog/12904.txt new file mode 100644 index 000000000000..e65636b6ce7f --- /dev/null +++ b/changelog/12904.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Removes ability to tune token_type for token auth methods +``` \ No newline at end of file From 02e03fcf4eebe5607ca0576df2c6aff3d83e94f7 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 27 Oct 2021 15:02:45 -0700 Subject: [PATCH 07/13] adds copy to unsupported auth methods --- .../vault/cluster/access/method/section.hbs | 8 + .../vault/cluster/access/methods.hbs | 197 ++++++------------ 2 files changed, 72 insertions(+), 133 deletions(-) diff --git a/ui/app/templates/vault/cluster/access/method/section.hbs b/ui/app/templates/vault/cluster/access/method/section.hbs index 9d1e563f0609..29cf0140a675 100644 --- a/ui/app/templates/vault/cluster/access/method/section.hbs +++ b/ui/app/templates/vault/cluster/access/method/section.hbs @@ -17,7 +17,15 @@ + +{{#if (not (contains model.type (supported-managed-auth-backends)))}} +
    + The Vault UI only supports configuration for this authentication method. For management, the API or CLI should be used. +
    +{{/if}} + {{section-tabs model "authShow" paths}} + {{#if (eq section "configuration")}} diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs index b31880e7e82b..313600eede7d 100644 --- a/ui/app/templates/vault/cluster/access/methods.hbs +++ b/ui/app/templates/vault/cluster/access/methods.hbs @@ -15,146 +15,77 @@ {{#each (sort-by "path" model) as |method|}} - {{#if (contains method.methodType (supported-managed-auth-backends))}} - -
    -
    -
    - - - - - -
    - {{method.methodType}} -
    -     -     - - {{method.path}} - -
    - - {{method.accessor}} - -
    -
    -
    -
    - - - - - -
    + +
    +
    +
    + + + + + +
    + {{method.methodType}} +
    +     +     + + {{method.path}} + +
    + + {{method.accessor}} +
    - - {{else}} -
    -
    -
    -
    - - - - - -
    - {{method.methodType}} -
    -     -     - - {{method.path}} - -
    - - {{method.accessor}} - -
    -
    -
    -
    - - - + +
    - {{/if}} + {{/each}} From 33a5fedbdccbf04d3ec3c3dacbc355b10173a84b Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Thu, 28 Oct 2021 14:49:13 -0700 Subject: [PATCH 08/13] adds space at end of hbs --- ui/app/templates/components/auth-config-form/options.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs index ad8e7c1ce7fe..3b8b227c97cb 100644 --- a/ui/app/templates/components/auth-config-form/options.hbs +++ b/ui/app/templates/components/auth-config-form/options.hbs @@ -16,4 +16,4 @@ Update Options
    - \ No newline at end of file + From cf16b33b9b6be8c56c4c53e272f261948734d585 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Thu, 28 Oct 2021 14:49:41 -0700 Subject: [PATCH 09/13] adds another space to bottom of hbs --- .../templates/vault/cluster/settings/auth/configure/section.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs index d26541cbbb5d..46662da26838 100644 --- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs +++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs @@ -2,4 +2,4 @@ {{auth-config-form/options model.model}} {{else}} {{auth-config-form/config model.model}} -{{/if}} \ No newline at end of file +{{/if}} From 4b8262f327e57d536fef4479def3bc59d8aa0a61 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 29 Oct 2021 11:51:01 -0700 Subject: [PATCH 10/13] adds doc link to copy --- ui/app/templates/vault/cluster/access/method/section.hbs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/app/templates/vault/cluster/access/method/section.hbs b/ui/app/templates/vault/cluster/access/method/section.hbs index 29cf0140a675..bf0485fe0ca6 100644 --- a/ui/app/templates/vault/cluster/access/method/section.hbs +++ b/ui/app/templates/vault/cluster/access/method/section.hbs @@ -20,7 +20,8 @@ {{#if (not (contains model.type (supported-managed-auth-backends)))}}
    - The Vault UI only supports configuration for this authentication method. For management, the API or CLI should be used. + The Vault UI only supports configuration for this authentication method. + For management, the API or CLI should be used.
    {{/if}} From 3227df62aee481d635883e289a691282b7e6b587 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 29 Oct 2021 11:59:45 -0700 Subject: [PATCH 11/13] adds test for linkable auth method list --- .../vault/cluster/access/method/section.hbs | 2 +- ui/tests/acceptance/auth-list-test.js | 34 +++++++++++++++++-- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/ui/app/templates/vault/cluster/access/method/section.hbs b/ui/app/templates/vault/cluster/access/method/section.hbs index bf0485fe0ca6..29e26b771ced 100644 --- a/ui/app/templates/vault/cluster/access/method/section.hbs +++ b/ui/app/templates/vault/cluster/access/method/section.hbs @@ -19,7 +19,7 @@ {{#if (not (contains model.type (supported-managed-auth-backends)))}} -
    +
    The Vault UI only supports configuration for this authentication method. For management, the API or CLI should be used.
    diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js index 626ee7488749..be90c66a1702 100644 --- a/ui/tests/acceptance/auth-list-test.js +++ b/ui/tests/acceptance/auth-list-test.js @@ -1,11 +1,13 @@ -import { click, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers'; +import { click, findAll, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers'; import { module, test } from 'qunit'; import { setupApplicationTest } from 'ember-qunit'; import authPage from 'vault/tests/pages/auth'; import logout from 'vault/tests/pages/logout'; import enablePage from 'vault/tests/pages/settings/auth/enable'; +import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends'; +import { supportedManagedAuthBackends } from 'vault/helpers/supported-managed-auth-backends'; -module('Acceptance | userpass secret backend', function(hooks) { +module('Acceptance | auth backend list', function(hooks) { setupApplicationTest(hooks); hooks.beforeEach(function() { @@ -16,7 +18,7 @@ module('Acceptance | userpass secret backend', function(hooks) { return logout.visit(); }); - test('userpass backend', async function(assert) { + test('userpass secret backend', async function(assert) { let n = Math.random(); const path1 = `userpass-${++n}`; const path2 = `userpass-${++n}`; @@ -73,4 +75,30 @@ module('Acceptance | userpass secret backend', function(hooks) { .dom('[data-test-list-item-content]') .hasText(user1, 'first user created shows in current auth list'); }); + + test('auth methods are linkable and link to correct view', async function(assert) { + await visit('/vault/access'); + await settled(); + let supportManaged = supportedManagedAuthBackends(); + let backends = supportedAuthBackends(); + + for (let backend of backends) { + let { type } = backend; + if (type === 'token') { + continue; + } + await enablePage.enable(type, type); + await settled(); + await visit('/vault/access'); + await click(`[data-test-auth-backend-link="${type}"]`); + + if (!supportManaged.includes(type)) { + assert.equal(findAll('[data-test-auth-section-tab]').length, 1, 'does not have management tabs'); + assert.dom('[data-test-auth-section-tab]').hasText('Configuration', 'only shows configuration tab'); + assert.dom('[data-test-doc-link] .doc-link').exists('includes doc link'); + } else { + assert.notEqual(findAll('[data-test-auth-section-tab]').length, 1, 'does not have management tabs'); + } + } + }); }); From 3fcfe3fd64b47bf215c6f4273c00bb1c302dcf06 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 29 Oct 2021 12:07:03 -0700 Subject: [PATCH 12/13] clarifies test assertion --- .../supported-managed-auth-backends.js | 2 +- ui/tests/acceptance/auth-list-test.js | 21 +++++++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/ui/app/helpers/supported-managed-auth-backends.js b/ui/app/helpers/supported-managed-auth-backends.js index ee668c24b882..695a6b2f57f0 100644 --- a/ui/app/helpers/supported-managed-auth-backends.js +++ b/ui/app/helpers/supported-managed-auth-backends.js @@ -1,6 +1,6 @@ import { helper as buildHelper } from '@ember/component/helper'; -const MANAGED_AUTH_BACKENDS = ['okta', 'radius', 'ldap', 'cert', 'userpass']; +const MANAGED_AUTH_BACKENDS = ['cert', 'userpass', 'ldap', 'okta', 'radius']; export function supportedManagedAuthBackends() { return MANAGED_AUTH_BACKENDS; diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js index be90c66a1702..1ee1e5f64bae 100644 --- a/ui/tests/acceptance/auth-list-test.js +++ b/ui/tests/acceptance/auth-list-test.js @@ -90,14 +90,27 @@ module('Acceptance | auth backend list', function(hooks) { await enablePage.enable(type, type); await settled(); await visit('/vault/access'); + + // all auth methods should be linkable await click(`[data-test-auth-backend-link="${type}"]`); if (!supportManaged.includes(type)) { - assert.equal(findAll('[data-test-auth-section-tab]').length, 1, 'does not have management tabs'); - assert.dom('[data-test-auth-section-tab]').hasText('Configuration', 'only shows configuration tab'); - assert.dom('[data-test-doc-link] .doc-link').exists('includes doc link'); + assert.equal( + findAll('[data-test-auth-section-tab]').length, + 1, + `does not have multiple tabs for ${type} auth method` + ); + assert + .dom('[data-test-auth-section-tab]') + .hasText('Configuration', `only shows configuration tab for ${type} auth method`); + assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`); } else { - assert.notEqual(findAll('[data-test-auth-section-tab]').length, 1, 'does not have management tabs'); + // managed auth methods should have more than 1 tab + assert.notEqual( + findAll('[data-test-auth-section-tab]').length, + 1, + `has management tabs for ${type} auth method` + ); } } }); From 8a25e2ffe7d04695e3ca13b2d03d4da81086fd5f Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 29 Oct 2021 12:16:43 -0700 Subject: [PATCH 13/13] fixes test so token isn't skipped --- ui/tests/acceptance/auth-list-test.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js index 1ee1e5f64bae..003520ce3f86 100644 --- a/ui/tests/acceptance/auth-list-test.js +++ b/ui/tests/acceptance/auth-list-test.js @@ -84,10 +84,10 @@ module('Acceptance | auth backend list', function(hooks) { for (let backend of backends) { let { type } = backend; - if (type === 'token') { - continue; + + if (type !== 'token') { + await enablePage.enable(type, type); } - await enablePage.enable(type, type); await settled(); await visit('/vault/access'); @@ -95,11 +95,7 @@ module('Acceptance | auth backend list', function(hooks) { await click(`[data-test-auth-backend-link="${type}"]`); if (!supportManaged.includes(type)) { - assert.equal( - findAll('[data-test-auth-section-tab]').length, - 1, - `does not have multiple tabs for ${type} auth method` - ); + assert.equal(findAll('[data-test-auth-section-tab]').length, 1); assert .dom('[data-test-auth-section-tab]') .hasText('Configuration', `only shows configuration tab for ${type} auth method`);