Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Update UI to Support Explicit AWS Credential Types #5139

Closed

Conversation

joelthompson
Copy link
Contributor

@joelthompson joelthompson commented Aug 20, 2018

UI support for #4360 -- because it contains some backwards incompatibilities in reading role data, the UI no longer works to manage roles. It can be used for creating roles and generating credentials, but not viewing role details, and editing the role looks ugly as well.

Definitely need some help if I'm going to finish the swing on this, UI work isn't my forte (I'm much more comfortable digging around the nitty gritty details of crypto code...).

I'm sure there's a lot I'm going wrong, but the current list of bugs I'm aware of are:

  • When editing an existing role, the existing credential_type doesn't get recognized. That's because credential_type is a bit weird. It gets set as a singular value, but read out as a list, as credential_types for backwards compatibility reasons (see the discussion starting at RFC on Refactor of AWS Secret Backend #4229 (comment) for more details on the why). I'm not sure how to make a Handlebars helper in an Ember app to implement some sort of ArrayContains method).
  • role_arns items don't get saved when I try to update them.
  • policy_arns is entered as a comma-separated value, but it should be a real list. Waiting to figure out the previous item before tackling this one.
  • When setting an empty policy document, the UI prompts about
    discarding changes. This doesn't seem like the right behavior.
  • Eliminate distinction between generate IAM creds and STS creds, though might not be able to fully for legacy roles.]
  • Add/Update UI tests

Support the new explicit credential types in roles

To do:
* [ ] Update entry of role_arns and policy_arns to be a real list, rather
      than expecting users to enter them in comma-separated
* [ ] Some sort of handling of no policy_document since iam_user
      and assumed_role don't need it. Right now it looks like it always
      tries to add an empty json doc (`{}`)
* [ ] Eliminate distinction between generate IAM creds and STS creds
* [ ] Fix weird bug where the role offers to "Generate Certificate" in
      the popup
The UI code doesn't seem to want to gracefully handle the case of an
empty JSON string, and instead wants to handle `{}`. Because that is
never a valid AWS policy document, when it is passed in, treat it as
unsetting the policy_document variable.
@meirish meirish mentioned this pull request Aug 27, 2018
@meirish
Copy link
Contributor

meirish commented Aug 27, 2018

@joelthompson I tried pushing to this branch, but was unable to (is that something GH allows? I'm not certain...) - either way, for now I pushed up #5193 - thanks for starting on this! We'll be testing that manually later today - the story around testing the various 3rd party engines is a bit sad now, but it's something we plan to make better and run like we do with the rest of the tests currently.

@joelthompson
Copy link
Contributor Author

Huh, I do have the "Allow edits from maintainers" checked... oh well, thanks for finishing the swing on this!

@joelthompson joelthompson deleted the refactor_aws_secret_ui branch August 28, 2018 01:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants