UI - add JWT auth, remove alias metadata (#4986)
* remove the ability to edit metadata on entity aliases * add JWT auth method in the UI
This commit is contained in:
Matthew Irish
GitHub
parent
4261618d10
commit
5b00b4b10a
|
|
@ -1,29 +0,0 @@
|
|||
import Base from './_popup-base';
|
||||
import Ember from 'ember';
|
||||
const { computed } = Ember;
|
||||
|
||||
export default Base.extend({
|
||||
model: computed.alias('params.firstObject'),
|
||||
key: computed('params', function() {
|
||||
return this.get('params').objectAt(1);
|
||||
}),
|
||||
|
||||
messageArgs(model, key) {
|
||||
return [model, key];
|
||||
},
|
||||
|
||||
successMessage(model, key) {
|
||||
return `Successfully removed '${key}' from metadata`;
|
||||
},
|
||||
errorMessage(e, model, key) {
|
||||
let error = e.errors ? e.errors.join(' ') : e.message;
|
||||
return `There was a problem removing '${key}' from the metadata - ${error}`;
|
||||
},
|
||||
|
||||
transaction(model, key) {
|
||||
let metadata = model.get('metadata');
|
||||
delete metadata[key];
|
||||
model.set('metadata', { ...metadata });
|
||||
return model.save();
|
||||
},
|
||||
});
|
||||
|
|
@ -21,16 +21,21 @@ const MOUNTABLE_AUTH_METHODS = [
|
|||
value: 'gcp',
|
||||
type: 'gcp',
|
||||
},
|
||||
{
|
||||
displayName: 'Kubernetes',
|
||||
value: 'kubernetes',
|
||||
type: 'kubernetes',
|
||||
},
|
||||
{
|
||||
displayName: 'GitHub',
|
||||
value: 'github',
|
||||
type: 'github',
|
||||
},
|
||||
{
|
||||
displayName: 'JWT/OIDC',
|
||||
value: 'jwt',
|
||||
type: 'jwt',
|
||||
},
|
||||
{
|
||||
displayName: 'Kubernetes',
|
||||
value: 'kubernetes',
|
||||
type: 'kubernetes',
|
||||
},
|
||||
{
|
||||
displayName: 'LDAP',
|
||||
value: 'ldap',
|
||||
|
|
|
|||
|
|
@ -33,6 +33,12 @@ const TABS_FOR_SETTINGS = {
|
|||
routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
|
||||
},
|
||||
],
|
||||
jwt: [
|
||||
{
|
||||
label: 'Configuration',
|
||||
routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
|
||||
},
|
||||
],
|
||||
kubernetes: [
|
||||
{
|
||||
label: 'Configuration',
|
||||
|
|
|
|||
|
|
@ -0,0 +1,40 @@
|
|||
import Ember from 'ember';
|
||||
import DS from 'ember-data';
|
||||
import AuthConfig from '../auth-config';
|
||||
import fieldToAttrs from 'vault/utils/field-to-attrs';
|
||||
|
||||
const { attr } = DS;
|
||||
const { computed } = Ember;
|
||||
|
||||
export default AuthConfig.extend({
|
||||
oidcDiscoveryUrl: attr('string', {
|
||||
label: 'OIDC discovery URL',
|
||||
helpText:
|
||||
'The OIDC discovery URL, without any .well-known component (base path). Cannot be used with jwt_validation_pubkeys',
|
||||
}),
|
||||
|
||||
oidcDiscoveryCaPem: attr('string', {
|
||||
label: 'OIDC discovery CA PEM',
|
||||
editType: 'file',
|
||||
helpText:
|
||||
'The CA certificate or chain of certificates, in PEM format, to use to validate connections to the OIDC Discovery URL. If not set, system certificates are used',
|
||||
}),
|
||||
jwtValidationPubkeys: attr({
|
||||
label: 'JWT validation public keys',
|
||||
editType: 'stringArray',
|
||||
}),
|
||||
boundIssuer: attr('string', {
|
||||
helpText: 'The value against which to match the iss claim in a JWT',
|
||||
}),
|
||||
fieldGroups: computed(function() {
|
||||
const groups = [
|
||||
{
|
||||
default: ['oidcDiscoveryUrl'],
|
||||
},
|
||||
{
|
||||
'JWT Options': ['oidcDiscoveryCaPem', 'jwtValidationPubkeys', 'boundIssuer'],
|
||||
},
|
||||
];
|
||||
return fieldToAttrs(this, groups);
|
||||
}),
|
||||
});
|
||||
|
|
@ -34,7 +34,7 @@ export default AuthConfig.extend({
|
|||
default: ['host', 'secret'],
|
||||
},
|
||||
{
|
||||
Options: ['port', 'nasPort', 'dialTimeout', 'unregisteredUserPolicies'],
|
||||
'RADIUS Options': ['port', 'nasPort', 'dialTimeout', 'unregisteredUserPolicies'],
|
||||
},
|
||||
];
|
||||
return fieldToAttrs(this, groups);
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ const { computed } = Ember;
|
|||
|
||||
export default IdentityModel.extend({
|
||||
parentType: 'entity',
|
||||
formFields: ['name', 'mountAccessor', 'metadata'],
|
||||
formFields: ['name', 'mountAccessor'],
|
||||
entity: belongsTo('identity/entity', { readOnly: true, async: false }),
|
||||
|
||||
name: attr('string'),
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ export default Ember.Route.extend(UnloadModelRoute, {
|
|||
'azure-configuration': 'auth-config/azure',
|
||||
'github-configuration': 'auth-config/github',
|
||||
'gcp-configuration': 'auth-config/gcp',
|
||||
'jwt-configuration': 'auth-config/jwt',
|
||||
'kubernetes-configuration': 'auth-config/kubernetes',
|
||||
'ldap-configuration': 'auth-config/ldap',
|
||||
'okta-configuration': 'auth-config/okta',
|
||||
|
|
|
|||
|
|
@ -32,7 +32,6 @@
|
|||
{{/if}}
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{#if (and (eq mode "edit") model.canDelete)}}
|
||||
{{#confirm-action
|
||||
buttonClasses="button is-ghost"
|
||||
|
|
@ -43,6 +42,5 @@
|
|||
Delete
|
||||
{{/confirm-action}}
|
||||
{{/if}}
|
||||
|
||||
</div>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -10,9 +10,6 @@
|
|||
{{value}}
|
||||
</div>
|
||||
<div class="column has-text-right">
|
||||
{{#if model.canEdit}}
|
||||
{{identity/popup-metadata params=(array model key)}}
|
||||
{{/if}}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
{{#popup-menu name="metadata-edit-menu"}}
|
||||
<nav class="menu">
|
||||
<ul class="menu-list">
|
||||
<li class="action">
|
||||
{{#confirm-action
|
||||
confirmButtonClasses="button is-primary"
|
||||
confirmButtonText="Remove"
|
||||
buttonClasses="link is-destroy"
|
||||
onConfirmAction=(action "performTransaction" model key)
|
||||
confirmMessage=(concat "Are you sure you want to remove " key "?")
|
||||
showConfirm=(get this (concat "shouldDelete-" key))
|
||||
class=(if (get this (concat "shouldDelete-" key)) "message is-block is-warning is-outline")
|
||||
containerClasses="message-body is-block"
|
||||
messageClasses="is-block"
|
||||
}}
|
||||
Remove
|
||||
{{/confirm-action}}
|
||||
</li>
|
||||
</ul>
|
||||
</nav>
|
||||
{{/popup-menu}}
|
||||
Loading…
Reference in New Issue