From ab1fd3255b550909c5bd329165a3aa140a9804ff Mon Sep 17 00:00:00 2001
From: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Date: Fri, 29 Oct 2021 13:00:34 -0700
Subject: [PATCH] UI/Remove token_type field from token auth method (#12904)

* chane form field to angle bracket syntax

* computes tuneAttrs depending on auth method type

* make all attrs linkable

* delete token_type for token auth methods before save

* adds changelog

* adds copy to unsupported auth methods

* adds doc link to copy

* adds test for linkable auth method list
---
 changelog/12904.txt                           |   3 +
 ui/app/components/auth-config-form/options.js |   6 +
 .../supported-managed-auth-backends.js        |   2 +-
 ui/app/models/auth-method.js                  |  23 ++-
 .../components/auth-config-form/options.hbs   |   4 +-
 .../vault/cluster/access/method/section.hbs   |   9 +
 .../vault/cluster/access/methods.hbs          | 159 ++++++------------
 .../settings/auth/configure/section.hbs       |   2 +-
 ui/tests/acceptance/auth-list-test.js         |  43 ++++-
 9 files changed, 126 insertions(+), 125 deletions(-)
 create mode 100644 changelog/12904.txt

diff --git a/changelog/12904.txt b/changelog/12904.txt
new file mode 100644
index 000000000..e65636b6c
--- /dev/null
+++ b/changelog/12904.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+ui: Removes ability to tune token_type for token auth methods 
+```
\ No newline at end of file
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index 254d03ee0..9ce654e48 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -22,6 +22,12 @@ export default AuthConfigComponent.extend({
   saveModel: task(function*() {
     let data = this.model.config.serialize();
     data.description = this.model.description;
+
+    // token_type should not be tuneable for the token auth method, default is 'default-service'
+    if (this.model.type === 'token') {
+      delete data.token_type;
+    }
+
     try {
       yield this.model.tune(data);
     } catch (err) {
diff --git a/ui/app/helpers/supported-managed-auth-backends.js b/ui/app/helpers/supported-managed-auth-backends.js
index ee668c24b..695a6b2f5 100644
--- a/ui/app/helpers/supported-managed-auth-backends.js
+++ b/ui/app/helpers/supported-managed-auth-backends.js
@@ -1,6 +1,6 @@
 import { helper as buildHelper } from '@ember/component/helper';
 
-const MANAGED_AUTH_BACKENDS = ['okta', 'radius', 'ldap', 'cert', 'userpass'];
+const MANAGED_AUTH_BACKENDS = ['cert', 'userpass', 'ldap', 'okta', 'radius'];
 
 export function supportedManagedAuthBackends() {
   return MANAGED_AUTH_BACKENDS;
diff --git a/ui/app/models/auth-method.js b/ui/app/models/auth-method.js
index dc1257610..2214a7595 100644
--- a/ui/app/models/auth-method.js
+++ b/ui/app/models/auth-method.js
@@ -49,14 +49,25 @@ let ModelExport = Model.extend(Validations, {
     return this.local ? 'local' : 'replicated';
   }),
 
-  tuneAttrs: computed(function() {
-    return expandAttributeMeta(this, [
-      'description',
-      'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
-    ]);
+  tuneAttrs: computed('path', function() {
+    let { methodType } = this;
+    let tuneAttrs;
+    // token_type should not be tuneable for the token auth method
+    if (methodType === 'token') {
+      tuneAttrs = [
+        'description',
+        'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
+      ];
+    } else {
+      tuneAttrs = [
+        'description',
+        'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
+      ];
+    }
+    return expandAttributeMeta(this, tuneAttrs);
   }),
 
-  //sys/mounts/auth/[auth-path]/tune.
+  // sys/mounts/auth/[auth-path]/tune.
   tune: memberAction({
     path: 'tune',
     type: 'post',
diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs
index c46d595cf..3b8b227c9 100644
--- a/ui/app/templates/components/auth-config-form/options.hbs
+++ b/ui/app/templates/components/auth-config-form/options.hbs
@@ -3,7 +3,7 @@
     <MessageError @model={{model}} @errorMessage={{model.errorMessage}}/>
     <NamespaceReminder @mode="save" @noun="Auth Method" />
     {{#each model.tuneAttrs as |attr|}}
-      {{form-field data-test-field attr=attr model=model}}
+      <FormField data-test-field @attr={{attr}} @model={{model}} />
     {{/each}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
@@ -16,4 +16,4 @@
       Update Options
     </button>
   </div>
-</form>
\ No newline at end of file
+</form>
diff --git a/ui/app/templates/vault/cluster/access/method/section.hbs b/ui/app/templates/vault/cluster/access/method/section.hbs
index 9d1e563f0..29e26b771 100644
--- a/ui/app/templates/vault/cluster/access/method/section.hbs
+++ b/ui/app/templates/vault/cluster/access/method/section.hbs
@@ -17,7 +17,16 @@
     </h1>
   </p.levelLeft>
 </PageHeader>
+
+{{#if (not (contains model.type (supported-managed-auth-backends)))}}
+  <div class="has-text-grey has-top-bottom-margin" data-test-doc-link>
+    The Vault UI only supports configuration for this authentication method. 
+    For management, the <DocLink @path="/api/auth">API or CLI</DocLink> should be used.
+  </div>
+{{/if}}
+
 {{section-tabs model "authShow" paths}}
+
 {{#if (eq section "configuration")}}
   <Toolbar>
     <ToolbarActions>
diff --git a/ui/app/templates/vault/cluster/access/methods.hbs b/ui/app/templates/vault/cluster/access/methods.hbs
index f14f2576b..313600eed 100644
--- a/ui/app/templates/vault/cluster/access/methods.hbs
+++ b/ui/app/templates/vault/cluster/access/methods.hbs
@@ -15,43 +15,45 @@
 </Toolbar>
 
 {{#each (sort-by "path" model) as |method|}}
-  {{#if (contains method.methodType (supported-managed-auth-backends))}}
-    <LinkedBlock @params={{array
+  <LinkedBlock @params={{array
     "vault.cluster.access.method"
-    method.id}} class="list-item-row" data-test-auth-backend-link={{method.id}}>
-      <div class="level is-mobile">
-        <div class="level-left">
-          <div>
-            <ToolTip @horizontalPosition="left" as |T|>
-              <T.trigger>
-                <Icon @glyph={{if
-                  (or
-                    (find-by "type" method.methodType (mountable-auth-methods))
-                    (eq method.methodType "token")
-                  )
-                  method.methodType
-                  "auth"
-                }} @size="l" class="has-text-grey-light" />
-              </T.trigger>
-              <T.content @class="tool-tip">
-                <div class="box">
-                  {{method.methodType}}
-                </div>
-              </T.content>
-            </ToolTip>
-            <span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-black">
-              {{method.path}}
-            </span>
-            <br />
-            <code class="has-text-grey is-size-8">
-            {{method.accessor}}
-            </code>
-          </div>
+    method.id}} class="list-item-row" 
+    data-test-auth-backend-link={{method.id}}
+  >
+    <div class="level is-mobile">
+      <div class="level-left">
+        <div>
+          <ToolTip @horizontalPosition="left" as |T|>
+            <T.trigger>
+              <Icon @size="l" class="has-text-grey-light" 
+                @glyph={{if
+                (or
+                  (find-by "type" method.methodType (mountable-auth-methods))
+                  (eq method.methodType "token")
+                )
+                method.methodType
+                "auth"}} 
+              />
+            </T.trigger>
+            <T.content @class="tool-tip">
+              <div class="box">
+                {{method.methodType}}
+              </div>
+            </T.content>
+          </ToolTip>
+          <span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-black">
+            {{method.path}}
+          </span>
+          <br />
+          <code class="has-text-grey is-size-8">
+          {{method.accessor}}
+          </code>
         </div>
-        <div class="level-right is-flex is-paddingless is-marginless">
-          <div class="level-item">
-            <PopupMenu @name="auth-backend-nav">
-              <Confirm as |c|>
+      </div>
+      <div class="level-right is-flex is-paddingless is-marginless">
+        <div class="level-item">
+          <PopupMenu @name="auth-backend-nav">
+            <Confirm as |c|>
               <nav class="menu">
                 <ul class="menu-list">
                   <li>
@@ -69,88 +71,21 @@
 
                   {{#if (and (not-eq method.methodType 'token') method.canDisable)}}
                     <li class="action">
-                        <c.Message
-                          @id={{method.id}}
-                          @title="Disable method?"
-                          @message="This may affect access to Vault data."
-                          @triggerText="Disable"
-                          @onConfirm={{perform disableMethod method}}>
-                          </c.Message>
+                      <c.Message
+                        @id={{method.id}}
+                        @title="Disable method?"
+                        @message="This may affect access to Vault data."
+                        @triggerText="Disable"
+                        @onConfirm={{perform disableMethod method}}>
+                      </c.Message>
                     </li>
                   {{/if}}
                 </ul>
               </nav>
-              </Confirm>
-            </PopupMenu>
-          </div>
-        </div>
-      </div>
-    </LinkedBlock>
-  {{else}}
-    <div class="list-item-row" data-test-auth-backend-link={{method.id}}>
-      <div class="level is-mobile">
-        <div class="level-left">
-          <div>
-            <ToolTip @horizontalPosition="left" as |T|>
-              <T.trigger>
-                <Icon @glyph={{if
-                      (or
-                        (find-by "type" method.methodType (mountable-auth-methods))
-                        (eq method.methodType "token")
-                      )
-                      method.methodType
-                      "auth"
-                    }} @size="l" class="has-text-grey-light" />
-              </T.trigger>
-              <T.content @class="tool-tip">
-                <div class="box">
-                  {{method.methodType}}
-                </div>
-              </T.content>
-            </ToolTip>
-            <span data-test-path data-test-id={{method.id}} class="has-text-weight-semibold has-text-grey">
-              {{method.path}}
-            </span>
-            <br />
-            <code class="has-text-grey is-size-8">
-            {{method.accessor}}
-            </code>
-          </div>
-        </div>
-        <div class="level-right is-flex is-paddingless is-marginless">
-          <div class="level-item">
-            <PopupMenu @name="auth-backend-nav">
-              <Confirm as |c|>
-                <nav class="menu">
-                  <ul class="menu-list">
-                    <li>
-                      <LinkTo @route="vault.cluster.access.method.section" @models={{array method.id "configuration"}}>
-                        View configuration
-                      </LinkTo>
-                    </li>
-                    {{#if method.canEdit}}
-                      <li>
-                        <LinkTo @route="vault.cluster.settings.auth.configure" @model={{method.id}}>
-                          Edit configuration
-                        </LinkTo>
-                      </li>
-                    {{/if}}
-
-                    {{#if (and (not-eq method.methodType 'token') method.canDisable)}}
-                      <li class="action">
-                        <c.Message @id={{method.id}} @title="Disable method?"
-                          @message="This may affect access to Vault data." @triggerText="Disable"
-                          @onConfirm={{perform disableMethod method}}>
-                        </c.Message>
-                      </li>
-                    {{/if}}
-                  </ul>
-                </nav>
-              </Confirm>
-            </PopupMenu>
-          </div>
+            </Confirm>
+          </PopupMenu>
         </div>
       </div>
     </div>
-    {{/if}}
+  </LinkedBlock>
 {{/each}}
diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
index d26541cbb..46662da26 100644
--- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
@@ -2,4 +2,4 @@
   {{auth-config-form/options model.model}}
 {{else}}
   {{auth-config-form/config model.model}}
-{{/if}}
\ No newline at end of file
+{{/if}}
diff --git a/ui/tests/acceptance/auth-list-test.js b/ui/tests/acceptance/auth-list-test.js
index 626ee7488..003520ce3 100644
--- a/ui/tests/acceptance/auth-list-test.js
+++ b/ui/tests/acceptance/auth-list-test.js
@@ -1,11 +1,13 @@
-import { click, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers';
+import { click, findAll, fillIn, settled, visit, triggerKeyEvent } from '@ember/test-helpers';
 import { module, test } from 'qunit';
 import { setupApplicationTest } from 'ember-qunit';
 import authPage from 'vault/tests/pages/auth';
 import logout from 'vault/tests/pages/logout';
 import enablePage from 'vault/tests/pages/settings/auth/enable';
+import { supportedAuthBackends } from 'vault/helpers/supported-auth-backends';
+import { supportedManagedAuthBackends } from 'vault/helpers/supported-managed-auth-backends';
 
-module('Acceptance | userpass secret backend', function(hooks) {
+module('Acceptance | auth backend list', function(hooks) {
   setupApplicationTest(hooks);
 
   hooks.beforeEach(function() {
@@ -16,7 +18,7 @@ module('Acceptance | userpass secret backend', function(hooks) {
     return logout.visit();
   });
 
-  test('userpass backend', async function(assert) {
+  test('userpass secret backend', async function(assert) {
     let n = Math.random();
     const path1 = `userpass-${++n}`;
     const path2 = `userpass-${++n}`;
@@ -73,4 +75,39 @@ module('Acceptance | userpass secret backend', function(hooks) {
       .dom('[data-test-list-item-content]')
       .hasText(user1, 'first user created shows in current auth list');
   });
+
+  test('auth methods are linkable and link to correct view', async function(assert) {
+    await visit('/vault/access');
+    await settled();
+    let supportManaged = supportedManagedAuthBackends();
+    let backends = supportedAuthBackends();
+
+    for (let backend of backends) {
+      let { type } = backend;
+
+      if (type !== 'token') {
+        await enablePage.enable(type, type);
+      }
+      await settled();
+      await visit('/vault/access');
+
+      // all auth methods should be linkable
+      await click(`[data-test-auth-backend-link="${type}"]`);
+
+      if (!supportManaged.includes(type)) {
+        assert.equal(findAll('[data-test-auth-section-tab]').length, 1);
+        assert
+          .dom('[data-test-auth-section-tab]')
+          .hasText('Configuration', `only shows configuration tab for ${type} auth method`);
+        assert.dom('[data-test-doc-link] .doc-link').exists(`includes doc link for ${type} auth method`);
+      } else {
+        // managed auth methods should have more than 1 tab
+        assert.notEqual(
+          findAll('[data-test-auth-section-tab]').length,
+          1,
+          `has management tabs for ${type} auth method`
+        );
+      }
+    }
+  });
 });