diff --git a/changelog/12904.txt b/changelog/12904.txt new file mode 100644 index 000000000..e65636b6c --- /dev/null +++ b/changelog/12904.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: Removes ability to tune token_type for token auth methods +``` \ No newline at end of file diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js index 254d03ee0..9ce654e48 100644 --- a/ui/app/components/auth-config-form/options.js +++ b/ui/app/components/auth-config-form/options.js @@ -22,6 +22,12 @@ export default AuthConfigComponent.extend({ saveModel: task(function*() { let data = this.model.config.serialize(); data.description = this.model.description; + + // token_type should not be tuneable for the token auth method, default is 'default-service' + if (this.model.type === 'token') { + delete data.token_type; + } + try { yield this.model.tune(data); } catch (err) { diff --git a/ui/app/helpers/supported-managed-auth-backends.js b/ui/app/helpers/supported-managed-auth-backends.js index ee668c24b..695a6b2f5 100644 --- a/ui/app/helpers/supported-managed-auth-backends.js +++ b/ui/app/helpers/supported-managed-auth-backends.js @@ -1,6 +1,6 @@ import { helper as buildHelper } from '@ember/component/helper'; -const MANAGED_AUTH_BACKENDS = ['okta', 'radius', 'ldap', 'cert', 'userpass']; +const MANAGED_AUTH_BACKENDS = ['cert', 'userpass', 'ldap', 'okta', 'radius']; export function supportedManagedAuthBackends() { return MANAGED_AUTH_BACKENDS; diff --git a/ui/app/models/auth-method.js b/ui/app/models/auth-method.js index dc1257610..2214a7595 100644 --- a/ui/app/models/auth-method.js +++ b/ui/app/models/auth-method.js @@ -49,14 +49,25 @@ let ModelExport = Model.extend(Validations, { return this.local ? 'local' : 'replicated'; }), - tuneAttrs: computed(function() { - return expandAttributeMeta(this, [ - 'description', - 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', - ]); + tuneAttrs: computed('path', function() { + let { methodType } = this; + let tuneAttrs; + // token_type should not be tuneable for the token auth method + if (methodType === 'token') { + tuneAttrs = [ + 'description', + 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', + ]; + } else { + tuneAttrs = [ + 'description', + 'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}', + ]; + } + return expandAttributeMeta(this, tuneAttrs); }), - //sys/mounts/auth/[auth-path]/tune. + // sys/mounts/auth/[auth-path]/tune. tune: memberAction({ path: 'tune', type: 'post', diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs index c46d595cf..3b8b227c9 100644 --- a/ui/app/templates/components/auth-config-form/options.hbs +++ b/ui/app/templates/components/auth-config-form/options.hbs @@ -3,7 +3,7 @@ {{#each model.tuneAttrs as |attr|}} - {{form-field data-test-field attr=attr model=model}} + {{/each}}
@@ -16,4 +16,4 @@ Update Options
- \ No newline at end of file + diff --git a/ui/app/templates/vault/cluster/access/method/section.hbs b/ui/app/templates/vault/cluster/access/method/section.hbs index 9d1e563f0..29e26b771 100644 --- a/ui/app/templates/vault/cluster/access/method/section.hbs +++ b/ui/app/templates/vault/cluster/access/method/section.hbs @@ -17,7 +17,16 @@ + +{{#if (not (contains model.type (supported-managed-auth-backends)))}} +
+ The Vault UI only supports configuration for this authentication method. + For management, the API or CLI should be used. +
+{{/if}} + {{section-tabs model "authShow" paths}} + {{#if (eq section "configuration")}} diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs index f14f2576b..313600eed 100644 --- a/ui/app/templates/vault/cluster/access/methods.hbs +++ b/ui/app/templates/vault/cluster/access/methods.hbs @@ -15,43 +15,45 @@ {{#each (sort-by "path" model) as |method|}} - {{#if (contains method.methodType (supported-managed-auth-backends))}} - -
-
-
- - - - - -
- {{method.methodType}} -
- - - - {{method.path}} - -
- - {{method.accessor}} - -
+ method.id}} class="list-item-row" + data-test-auth-backend-link={{method.id}} + > +
+
+
+ + + + + +
+ {{method.methodType}} +
+ + + + {{method.path}} + +
+ + {{method.accessor}} +
-
-
- - +
+
+
+ + - - -
-
-
- - {{else}} -
-
-
-
- - - - - -
- {{method.methodType}} -
- - - - {{method.path}} - -
- - {{method.accessor}} - -
-
-
-
- - - - - -
+ +
- {{/if}} + {{/each}} diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs index d26541cbb..46662da26 100644 --- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs +++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs @@ -2,4 +2,4 @@ {{auth-config-form/options model.model}} {{else}} {{auth-config-form/config model.model}} -{{/if}} \ No newline at end of file +{{/if}} diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js index 626ee7488..003520ce3 100644 --- a/ui/tests/acceptance/auth-list-test.js +++ b/ui/tests/acceptance/auth-list-test.js @@ -1,11 +1,13 @@ -import { click, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers'; +import { click, findAll, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers'; import { module, test } from 'qunit'; import { setupApplicationTest } from 'ember-qunit'; import authPage from 'vault/tests/pages/auth'; import logout from 'vault/tests/pages/logout'; import enablePage from 'vault/tests/pages/settings/auth/enable'; +import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends'; +import { supportedManagedAuthBackends } from 'vault/helpers/supported-managed-auth-backends'; -module('Acceptance | userpass secret backend', function(hooks) { +module('Acceptance | auth backend list', function(hooks) { setupApplicationTest(hooks); hooks.beforeEach(function() { @@ -16,7 +18,7 @@ module('Acceptance | userpass secret backend', function(hooks) { return logout.visit(); }); - test('userpass backend', async function(assert) { + test('userpass secret backend', async function(assert) { let n = Math.random(); const path1 = `userpass-${++n}`; const path2 = `userpass-${++n}`; @@ -73,4 +75,39 @@ module('Acceptance | userpass secret backend', function(hooks) { .dom('[data-test-list-item-content]') .hasText(user1, 'first user created shows in current auth list'); }); + + test('auth methods are linkable and link to correct view', async function(assert) { + await visit('/vault/access'); + await settled(); + let supportManaged = supportedManagedAuthBackends(); + let backends = supportedAuthBackends(); + + for (let backend of backends) { + let { type } = backend; + + if (type !== 'token') { + await enablePage.enable(type, type); + } + await settled(); + await visit('/vault/access'); + + // all auth methods should be linkable + await click(`[data-test-auth-backend-link="${type}"]`); + + if (!supportManaged.includes(type)) { + assert.equal(findAll('[data-test-auth-section-tab]').length, 1); + assert + .dom('[data-test-auth-section-tab]') + .hasText('Configuration', `only shows configuration tab for ${type} auth method`); + assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`); + } else { + // managed auth methods should have more than 1 tab + assert.notEqual( + findAll('[data-test-auth-section-tab]').length, + 1, + `has management tabs for ${type} auth method` + ); + } + } + }); });