-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable generated items for more auth methods #7513
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The Go changes are fine except for a couple minor items and one odd err
change that need review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @noelledaley !
I did an initial code only pass here and there seems to be a lot going on! Most of the things I've noted are just style things for the moment at least. I'm thinking of firing vault up and taking a closer look at this a bit later on, will shout you offline.
John
@@ -3,7 +3,7 @@ import { tabsForAuthSection } from 'vault/helpers/tabs-for-auth-section'; | |||
export default Route.extend({ | |||
beforeModel() { | |||
let { methodType, paths } = this.modelFor('vault.cluster.access.method'); | |||
paths = paths ? paths.navPaths.reduce((acc, cur) => acc.concat(cur.path), []) : null; | |||
paths = paths ? paths.paths.filter(path => path.navigation === true) : null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No biggie, but the style:
paths.paths.filter(path => path.navigation)
was used everywhere else. I think here I personally like the more explicit style (this made me double think when I saw the less explicit style up above), but I think the more important point is to maybe change this so the style is all the same, whichever one you prefer.
… no longer have action on list endpoint
…lt, change debugger to console.err in path-help, remove dynamic ui auth methods from tab count test
… into ui-generated-items
I've updated this PR to address all of the bugs I initially found. I removed the list of bugs and improvements and included them below for posterity. Should be good to go! Bugfixes
Improvements
|
When deleting an item from the show page, the flash message is incorrect - it says "undefined" instead of the item id. |
We might want design to give this a once over, I'm not sure about the delete button in the header and the create button in the toolbar having a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@noelledaley Mentioned a couple of small things, but the could easily be addressed later, so I'll let you make the call when to merge. 👍
… into ui-generated-items
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! This is going to be such a nice start for these auth methods
* master: (41 commits) changelog++ cli: fix json output for namespace list command (#7705) Update CHANGELOG.md Vault Agent Template (#7652) hostutil: disable host info collection on openbsd (#7699) Shamir seals now come in two varieties: legacy and new-style. (#7694) Update Title for AWS Marketplace (#7683) Bump go builder version Fix kv mod import and vendoring Fixing a typo with the sample payload (#7688) Update CHANGELOG.md Enable generated items for more auth methods (#7513) Update OIDC provider doc Update OIDC provider doc (#7693) Create .bundle and set group when running container (#7684) updates vendored api/client.go (#7692) Update circle config logical: remove unneeded error check in handleLogicalInternal (#7691) Update Go version Docs: add examples for when a seal rewrap is useful (#7689) ...
@@ -137,6 +165,10 @@ certificate.`, | |||
|
|||
HelpSynopsis: pathCertHelpSyn, | |||
HelpDescription: pathCertHelpDesc, | |||
DisplayAttrs: &framework.DisplayAttributes{ | |||
Action: "Create", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
}, | ||
|
||
"allowed_uri_sans": &framework.FieldSchema{ | ||
Type: framework.TypeCommaStringSlice, | ||
Description: `A comma-separated list of URIs. | ||
At least one must exist in the SANs. Supports globbing.`, | ||
DisplayAttrs: &framework.DisplayAttributes{ | ||
Name: "Allowed URI SANs", | ||
Group: "Constraints", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -23,6 +23,10 @@ func pathListCerts(b *backend) *framework.Path { | |||
|
|||
HelpSynopsis: pathCertHelpSyn, | |||
HelpDescription: pathCertHelpDesc, | |||
DisplayAttrs: &framework.DisplayAttributes{ | |||
Navigation: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
|
||
// EditType is the type of form field needed for a property | ||
// e.g. "textarea" or "file" | ||
EditType string `json:"editType,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these are all of the available keys for the DisplayAttributes
map, which tells the UI how to display the "thing" (i.e. certificate) or specific form field. see the full list here:
https://github.com/hashicorp/vault/blob/master/sdk/framework/path.go#L169-L196
} | ||
helpUrl = `/v1/${apiPath}${path.slice(1)}?help=true`; | ||
|
||
helpUrl = `/v1/${apiPath}${path.slice(1)}?help=true` || newModel.proto().getHelpUrl(backend); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is how we construct the URL for making the request to OpenAPI. if the ?help-true
suffix ever changes for some reason you'll need to update it here.
Enable OpenApi for more Auth Methods
This PR enables OpenApi to fully manage the Userpass, Cert, Okta, and Radius auth methods within the UI.
In addition to enabling, disabling and configuring the auth method, this PR includes CRUD actions for:
QA Scenarios
openApiToAttrs
(users' passwords, for example)openApiToAttrs