Backport of Auth method token_type possibleValues fix into release/1.13.x #19322
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hc-github-team-secure-vault-core
force-pushed
the
backport/ui/VAULT-7004/bug-fix-auth-token-type-2/gladly-happy-redbird
branch
from
ef73473 to
83570dc
Compare
Monkeychip
approved these changes
Feb 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #19290 to be assessed for backporting due to the inclusion of the label backport/1.13.x.
The below text is copied from the body of the original PR.
When configuring an Auth mount the UI was displaying the following three types:
default,batchandservice. However, the API lists the following four possible types:default-service,default-batch,batchandservice. This caused the following problems:If the user didn't touch the Token Type dropdown we would send an empty string, which the api defaults to "default-service." However, if the user toggled this dropdown and then reselected
default, and saved that value, the API returned with a not valid type error because it doesn't accept type default.The UI displayed the wrong values. I suspect
defaultin the UI was supposed to generalizedefault-batchanddefault-service, however, they mean different things and confused the user.I have fixed these errors by setting
noDefault=trueon the dropdown and changing thepossibleValuesto match the API. Ideally the API's default value would bedefault-servicebecause this is the value all current auth methods return when you sendtoken_type=''. I went back and forth on whether I should make the default value "default-service" in the UI. However, I settled on following what the API behavior is just in case for some reason in the future another Auth method does not returndefault-serviceas the token_type when passing an empty string.With the fix:
When they go to tune their mount it will show
default-servicebecause even if they didn't send a token_type the API returnsdefault-serviceI also went ahead and fixed an active class error on the section tabs in this area by removing a surrounding
lielement.Before:
After:
Notes:
TokenTypeas a mount config option (it only shows that it's available for tuning). I'll make a ticket for this.allowed_response_headersandplugin_versionthat the API lists but we don't have in the UI (we showallowed_response_headerson secret engine mounts but not on auth methods even though it's in the mount-config model?). I'll follow up with this as well, but thought I'd add a note in case anyone has some background here.Overview of commits