From 5b00b4b10a89d6d2b2b2e506610bd72819836d86 Mon Sep 17 00:00:00 2001
From: Matthew Irish <meirish@users.noreply.github.com>
Date: Tue, 24 Jul 2018 17:35:31 -0500
Subject: [PATCH] UI - add JWT auth, remove alias metadata (#4986)

* remove the ability to edit metadata on entity aliases
* add JWT auth method in the UI
---
 ui/app/components/identity/popup-metadata.js  | 29 --------------
 ui/app/helpers/mountable-auth-methods.js      | 15 ++++---
 ui/app/helpers/tabs-for-auth-section.js       |  6 +++
 ui/app/models/auth-config/jwt.js              | 40 +++++++++++++++++++
 ui/app/models/auth-config/radius.js           |  2 +-
 ui/app/models/identity/entity-alias.js        |  2 +-
 .../settings/auth/configure/section.js        |  1 +
 .../components/identity/edit-form.hbs         |  2 -
 .../components/identity/item-metadata.hbs     |  3 --
 .../components/identity/popup-metadata.hbs    | 21 ----------
 10 files changed, 59 insertions(+), 62 deletions(-)
 delete mode 100644 ui/app/components/identity/popup-metadata.js
 create mode 100644 ui/app/models/auth-config/jwt.js
 delete mode 100644 ui/app/templates/components/identity/popup-metadata.hbs

diff --git a/ui/app/components/identity/popup-metadata.js b/ui/app/components/identity/popup-metadata.js
deleted file mode 100644
index c6d99fc43..000000000
--- a/ui/app/components/identity/popup-metadata.js
+++ /dev/null
@@ -1,29 +0,0 @@
-import Base from './_popup-base';
-import Ember from 'ember';
-const { computed } = Ember;
-
-export default Base.extend({
-  model: computed.alias('params.firstObject'),
-  key: computed('params', function() {
-    return this.get('params').objectAt(1);
-  }),
-
-  messageArgs(model, key) {
-    return [model, key];
-  },
-
-  successMessage(model, key) {
-    return `Successfully removed '${key}' from metadata`;
-  },
-  errorMessage(e, model, key) {
-    let error = e.errors ? e.errors.join(' ') : e.message;
-    return `There was a problem removing '${key}' from the metadata - ${error}`;
-  },
-
-  transaction(model, key) {
-    let metadata = model.get('metadata');
-    delete metadata[key];
-    model.set('metadata', { ...metadata });
-    return model.save();
-  },
-});
diff --git a/ui/app/helpers/mountable-auth-methods.js b/ui/app/helpers/mountable-auth-methods.js
index a20ae3c25..06573e9df 100644
--- a/ui/app/helpers/mountable-auth-methods.js
+++ b/ui/app/helpers/mountable-auth-methods.js
@@ -21,16 +21,21 @@ const MOUNTABLE_AUTH_METHODS = [
     value: 'gcp',
     type: 'gcp',
   },
-  {
-    displayName: 'Kubernetes',
-    value: 'kubernetes',
-    type: 'kubernetes',
-  },
   {
     displayName: 'GitHub',
     value: 'github',
     type: 'github',
   },
+  {
+    displayName: 'JWT/OIDC',
+    value: 'jwt',
+    type: 'jwt',
+  },
+  {
+    displayName: 'Kubernetes',
+    value: 'kubernetes',
+    type: 'kubernetes',
+  },
   {
     displayName: 'LDAP',
     value: 'ldap',
diff --git a/ui/app/helpers/tabs-for-auth-section.js b/ui/app/helpers/tabs-for-auth-section.js
index 70492f442..9e146d721 100644
--- a/ui/app/helpers/tabs-for-auth-section.js
+++ b/ui/app/helpers/tabs-for-auth-section.js
@@ -33,6 +33,12 @@ const TABS_FOR_SETTINGS = {
       routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
     },
   ],
+  jwt: [
+    {
+      label: 'Configuration',
+      routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
+    },
+  ],
   kubernetes: [
     {
       label: 'Configuration',
diff --git a/ui/app/models/auth-config/jwt.js b/ui/app/models/auth-config/jwt.js
new file mode 100644
index 000000000..a99d9ea0b
--- /dev/null
+++ b/ui/app/models/auth-config/jwt.js
@@ -0,0 +1,40 @@
+import Ember from 'ember';
+import DS from 'ember-data';
+import AuthConfig from '../auth-config';
+import fieldToAttrs from 'vault/utils/field-to-attrs';
+
+const { attr } = DS;
+const { computed } = Ember;
+
+export default AuthConfig.extend({
+  oidcDiscoveryUrl: attr('string', {
+    label: 'OIDC discovery URL',
+    helpText:
+      'The OIDC discovery URL, without any .well-known component (base path). Cannot be used with jwt_validation_pubkeys',
+  }),
+
+  oidcDiscoveryCaPem: attr('string', {
+    label: 'OIDC discovery CA PEM',
+    editType: 'file',
+    helpText:
+      'The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used',
+  }),
+  jwtValidationPubkeys: attr({
+    label: 'JWT validation public keys',
+    editType: 'stringArray',
+  }),
+  boundIssuer: attr('string', {
+    helpText: 'The value against which to match the iss claim in a JWT',
+  }),
+  fieldGroups: computed(function() {
+    const groups = [
+      {
+        default: ['oidcDiscoveryUrl'],
+      },
+      {
+        'JWT Options': ['oidcDiscoveryCaPem', 'jwtValidationPubkeys', 'boundIssuer'],
+      },
+    ];
+    return fieldToAttrs(this, groups);
+  }),
+});
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index 5dc9addc6..c595427cb 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -34,7 +34,7 @@ export default AuthConfig.extend({
         default: ['host', 'secret'],
       },
       {
-        Options: ['port', 'nasPort', 'dialTimeout', 'unregisteredUserPolicies'],
+        'RADIUS Options': ['port', 'nasPort', 'dialTimeout', 'unregisteredUserPolicies'],
       },
     ];
     return fieldToAttrs(this, groups);
diff --git a/ui/app/models/identity/entity-alias.js b/ui/app/models/identity/entity-alias.js
index b38b823f2..10ac88d8b 100644
--- a/ui/app/models/identity/entity-alias.js
+++ b/ui/app/models/identity/entity-alias.js
@@ -7,7 +7,7 @@ const { computed } = Ember;
 
 export default IdentityModel.extend({
   parentType: 'entity',
-  formFields: ['name', 'mountAccessor', 'metadata'],
+  formFields: ['name', 'mountAccessor'],
   entity: belongsTo('identity/entity', { readOnly: true, async: false }),
 
   name: attr('string'),
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 6c9c7d78b..1bace6d1f 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -13,6 +13,7 @@ export default Ember.Route.extend(UnloadModelRoute, {
       'azure-configuration': 'auth-config/azure',
       'github-configuration': 'auth-config/github',
       'gcp-configuration': 'auth-config/gcp',
+      'jwt-configuration': 'auth-config/jwt',
       'kubernetes-configuration': 'auth-config/kubernetes',
       'ldap-configuration': 'auth-config/ldap',
       'okta-configuration': 'auth-config/okta',
diff --git a/ui/app/templates/components/identity/edit-form.hbs b/ui/app/templates/components/identity/edit-form.hbs
index fb8cedb16..e568956f7 100644
--- a/ui/app/templates/components/identity/edit-form.hbs
+++ b/ui/app/templates/components/identity/edit-form.hbs
@@ -32,7 +32,6 @@
         {{/if}}
       </div>
     </div>
-
       {{#if (and (eq mode "edit") model.canDelete)}}
         {{#confirm-action
           buttonClasses="button is-ghost"
@@ -43,6 +42,5 @@
             Delete
         {{/confirm-action}}
       {{/if}}
-    
   </div>
 </form>
diff --git a/ui/app/templates/components/identity/item-metadata.hbs b/ui/app/templates/components/identity/item-metadata.hbs
index eed742e1d..caabe9614 100644
--- a/ui/app/templates/components/identity/item-metadata.hbs
+++ b/ui/app/templates/components/identity/item-metadata.hbs
@@ -10,9 +10,6 @@
         {{value}}
       </div>
       <div class="column has-text-right">
-        {{#if model.canEdit}}
-          {{identity/popup-metadata params=(array model key)}}
-        {{/if}}
       </div>
     </div>
   </div>
diff --git a/ui/app/templates/components/identity/popup-metadata.hbs b/ui/app/templates/components/identity/popup-metadata.hbs
deleted file mode 100644
index 8f251aae8..000000000
--- a/ui/app/templates/components/identity/popup-metadata.hbs
+++ /dev/null
@@ -1,21 +0,0 @@
-{{#popup-menu name="metadata-edit-menu"}}
-  <nav class="menu">
-    <ul class="menu-list">
-      <li class="action">
-        {{#confirm-action
-          confirmButtonClasses="button is-primary"
-          confirmButtonText="Remove"
-          buttonClasses="link is-destroy"
-          onConfirmAction=(action "performTransaction" model key)
-          confirmMessage=(concat "Are you sure you want to remove " key "?")
-          showConfirm=(get this (concat "shouldDelete-" key))
-          class=(if (get this (concat "shouldDelete-" key)) "message is-block is-warning is-outline")
-          containerClasses="message-body is-block"
-          messageClasses="is-block"
-        }}
-          Remove
-        {{/confirm-action}}
-      </li>
-    </ul>
-  </nav>
-{{/popup-menu}}