Move fetching unauthenticated mounts to the route #30509
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Build Results: |
|
CI Results: |
hellobontempo
commented
May 4, 2025
Comment on lines
-164
to
-166
| this.authTabs = null; | ||
| // fetch mounts for that namespace | ||
| this.fetchMounts.perform(500); |
There was a problem hiding this comment.
no longer necessary since the namespace update re-fires the model hook which re-requests mounts 🎉
hellobontempo
commented
May 4, 2025
| @@ -22,7 +22,7 @@ | |||
| @text="Sign in" | |||
| @isFullWidth={{true}} | |||
| type="submit" | |||
| class="has-top-margin-m has-bottom-margin-m" | |||
| class="has-top-margin-xl has-bottom-margin-xl" | |||
There was a problem hiding this comment.
I kept accidentally clicking "Sign in with other methods" 🙃 so added some spacing
hellobontempo
commented
May 4, 2025
|
|
||
| initializeState() { | ||
| // FORMAT MOUNT DATA | ||
| this.authTabData = this._formatTabs(); |
There was a problem hiding this comment.
formatting happens here instead of in the route because there will be some additional logic if the cluster has login customizations (like a default method set)
hellobontempo
commented
May 4, 2025
Comment on lines
-204
to
-211
| // SET FORM STATE | ||
| if (!this.args.preselectedAuthType) { | ||
| // set selectedAuthMethod auth type to first tab if nothing has been preselected | ||
| this.setAuthTypeFromTab(0); | ||
| } | ||
| // selectedTabIndex returns -1 if selectedAuthMethod is not a tab (i.e. preselected method exists) | ||
| // so display the dropdown of other methods (and not tabs) | ||
| this.showOtherMethods = this.selectedTabIndex < 0 ? true : false; |
There was a problem hiding this comment.
setting up the form state moved to initializeFormState
hellobontempo
commented
May 5, 2025
| onSuccess: CallableFunction; | ||
| } | ||
|
|
||
| interface AuthTabs { |
There was a problem hiding this comment.
moved to a d.ts file
hellobontempo
commented
May 5, 2025
| @value={{@namespace}} | ||
| autocomplete="namespace" | ||
| @value={{@namespaceValue}} | ||
| autocomplete="off" |
There was a problem hiding this comment.
follow-on from #30444
hellobontempo
commented
May 5, 2025
|
|
||
| get cspError() { | ||
| const isStandby = this.args.cluster.standby; | ||
| const hasConnectionViolations = this.csp.connectionViolations.length; | ||
| return isStandby && hasConnectionViolations ? CSP_ERROR : ''; | ||
| } | ||
|
|
||
| get authTabData() { |
There was a problem hiding this comment.
This getter will eventually also include logic for managing tabs depending on the login customization settings. I decided it should live here because it only needs to be computed once (based on the fetch mounts request in the route) and does not change with user interactions (which everything in Auth::FormTemplate does).
It could also technically live in the route, but having it in the component makes it easier to test
hellobontempo
commented
May 5, 2025
| } | ||
|
|
||
| resetController(controller) { | ||
| controller.set('authMethod', 'token'); | ||
| } | ||
|
|
||
| afterModel() { | ||
| afterModel(model) { |
There was a problem hiding this comment.
Moved the transition to the afterModel hook because Error: TransitionAborted was occasionally failing the wrapped_token tests. This way the model gets to cleanly finish its transition and then we redirect the user.
hellobontempo
commented
May 5, 2025
| } | ||
| return super.model(...arguments); |
There was a problem hiding this comment.
super.model() returned the cluster model previously
vault/ui/app/routes/vault/cluster/cluster-route-base.js
Lines 16 to 18 in c1754f5
hellobontempo
commented
May 5, 2025
| clusterId, | ||
| backend: 'token', | ||
| data: { token: auth.clientToken }, | ||
| selectedAuth: 'token', | ||
| }); | ||
| // handles transition | ||
| return authController.send('authSuccess', authResponse); |
There was a problem hiding this comment.
moved to afterModel hook
hellobontempo
commented
May 5, 2025
| @@ -17,7 +17,7 @@ export const BASE_LOGIN_METHODS = [ | |||
| }, | |||
| { | |||
| type: 'userpass', | |||
| displayName: 'Username', | |||
There was a problem hiding this comment.
lots of methods use username and password to login, changed this to match vault documentation so it's clear this is referencing the userpass auth type
Monkeychip
reviewed
May 5, 2025
| @@ -7,15 +7,14 @@ import Component from '@glimmer/component'; | |||
| import { service } from '@ember/service'; | |||
| import { tracked } from '@glimmer/tracking'; | |||
| import { action } from '@ember/object'; | |||
There was a problem hiding this comment.
Love to see these no longer needed
Monkeychip
reviewed
May 5, 2025
| import { ALL_LOGIN_METHODS, supportedTypes } from 'vault/utils/supported-login-methods'; | ||
| import { getRelativePath } from 'core/utils/sanitize-path'; | ||
|
|
||
| import type FlagsService from 'vault/services/flags'; | ||
| import type Store from '@ember-data/store'; | ||
| import type VersionService from 'vault/services/version'; | ||
| import type ClusterModel from 'vault/models/cluster'; | ||
| import type { AuthTabData } from 'vault/vault/auth/form'; |
There was a problem hiding this comment.
Is the double 'vault/vault' intentional?
There was a problem hiding this comment.
Yep - it's just where the type declarations live https://github.com/hashicorp/vault/blob/main/ui/app/components/secret-engine/configure-ssh.ts#L12
Monkeychip
reviewed
May 5, 2025
| @@ -29,32 +28,24 @@ import type { HTMLElementEvent } from 'vault/forms'; | |||
| * dynamically renders the corresponding form. | |||
| * | |||
| * | |||
| * @param {object} authTabData - auth methods to render as tabs, contains mount data for any mounts with listing_visibility="unauth" | |||
Monkeychip
reviewed
May 5, 2025
Monkeychip
reviewed
May 5, 2025
| @@ -155,9 +155,12 @@ module('Acceptance | oidc provider', function (hooks) { | |||
| 'Once you log in, you will be redirected back to your application. If you require login credentials, contact your administrator.', | |||
| 'Has updated text for client authorization flow' | |||
| ); | |||
| await fillIn(AUTH_FORM.method, authMethodPath); | |||
|
|
|||
| await fillIn(GENERAL.selectByAttr('auth-method'), 'userpass'); | |||
There was a problem hiding this comment.
Thank you for the cleanup!
Monkeychip
approved these changes
May 5, 2025
There was a problem hiding this comment.
Biggest comment is on the use of setTimeout. However, this is side-branch and I don't consider it blocking but more of a recommendation. Really great description on the PR—that makes any future questions/debugging so much easier. Thank you for taking the time to be detailed there.
e77f206
into
VAULT-35470/wire-up-accessible-auth-components
25 checks passed
hellobontempo
added a commit
that referenced
this pull request
May 8, 2025
* UI: Move `wrapped_token` login functionality to route (#30465) * move token unwrap functionality to page component * update mfa test * remove wrapped_token logic from page component * more cleanup to relocate unwrap logic * move wrapped_token to route * move unwrap tests to acceptance * move mfa form back * add some padding * update mfa-form tests * get param from params * wait for auth form on back * run rests * UI: Add MFA support for SSO methods (#30489) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * Update ui/app/components/auth/form/saml.ts Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> * Move CSP error to page component (#30492) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * move csp error to page component * move csp error to page component * Move fetching unauthenticated mounts to the route (#30509) * rename namespace arg to namespaceQueryParam * move fetch mounts to route * add margin to sign in button spacing * update selectors for oidc provider test * add todo delete comments * fix arg typo in test * change method name * fix args handling tab click * remove tests that no longer relate to components functionality * add tests for preselectedAuthType functionality * move typescript interfaces, fix selector * add await * oops * move format method down, make private * move tab formatting to the route * move to page object * fix token unwrap aborting transition * not sure what that is doing there.. * add comments * rename to presetAuthType * use did-insert instead * UI: Implement `Auth::FormTemplate` (#30521) * replace Auth::LoginForm with Auth::FormTemplate * first round of test updates * return null if mounts object is empty * add comment and test for empty sys/internal/mounts data * more test updates * delete listing_visibility test, delete login-form component test * update divs to Hds::Card::Container * add overflow class * remove unused getters * move requesting stored auth type to page component * fix typo * Update ui/app/components/auth/form/oidc-jwt.ts make comment make more sense * small cleanup items, update imports * Delete old auth components (#30527) * delete old components * update codeowners * Update `with` query param functionality (#30537) * update path input to type=hidden * add test coverage * update page test * update auth route * delete login form * update ent test * consolidate logic in getter * add more comments * more comments.. * rename selector * refresh model as well * redirect for invalid query params * move unwrap to redirect * only redirect on invalid query params * add tests for query param * test selector updates * remove todos, update relevant ones with initials * add changelog --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
Erfankam
pushed a commit
to Erfankam/vault
that referenced
this pull request
Sep 1, 2025
* UI: Move `wrapped_token` login functionality to route (hashicorp#30465) * move token unwrap functionality to page component * update mfa test * remove wrapped_token logic from page component * more cleanup to relocate unwrap logic * move wrapped_token to route * move unwrap tests to acceptance * move mfa form back * add some padding * update mfa-form tests * get param from params * wait for auth form on back * run rests * UI: Add MFA support for SSO methods (hashicorp#30489) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * Update ui/app/components/auth/form/saml.ts Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com> * Move CSP error to page component (hashicorp#30492) * initial implementation of mfa validation for sso methods * update typescript interfaces * add stopgap changes to auth service * switch order backend is defined * update login form for tests even though it will be deleted * attempt to stabilize wrapped_query test * =update login form test why not * move csp error to page component * move csp error to page component * Move fetching unauthenticated mounts to the route (hashicorp#30509) * rename namespace arg to namespaceQueryParam * move fetch mounts to route * add margin to sign in button spacing * update selectors for oidc provider test * add todo delete comments * fix arg typo in test * change method name * fix args handling tab click * remove tests that no longer relate to components functionality * add tests for preselectedAuthType functionality * move typescript interfaces, fix selector * add await * oops * move format method down, make private * move tab formatting to the route * move to page object * fix token unwrap aborting transition * not sure what that is doing there.. * add comments * rename to presetAuthType * use did-insert instead * UI: Implement `Auth::FormTemplate` (hashicorp#30521) * replace Auth::LoginForm with Auth::FormTemplate * first round of test updates * return null if mounts object is empty * add comment and test for empty sys/internal/mounts data * more test updates * delete listing_visibility test, delete login-form component test * update divs to Hds::Card::Container * add overflow class * remove unused getters * move requesting stored auth type to page component * fix typo * Update ui/app/components/auth/form/oidc-jwt.ts make comment make more sense * small cleanup items, update imports * Delete old auth components (hashicorp#30527) * delete old components * update codeowners * Update `with` query param functionality (hashicorp#30537) * update path input to type=hidden * add test coverage * update page test * update auth route * delete login form * update ent test * consolidate logic in getter * add more comments * more comments.. * rename selector * refresh model as well * redirect for invalid query params * move unwrap to redirect * only redirect on invalid query params * add tests for query param * test selector updates * remove todos, update relevant ones with initials * add changelog --------- Co-authored-by: lane-wetmore <lane.wetmore@hashicorp.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fetching mounts in the component started to feel really awkward and resulted in a lot of manual state management. The
sys/internal/ui/mountsrequest has to be re-fetched anytime the namespace query param changes anyway (which can happen when the namespace input is updated).While I don't entirely agree with the namespace being a query param in the URL (see note below) it's out of scope to change it for this auth form refactor work. In short, fetching this data in the route model hook seems to most sensible and as you can see drastically cleaned up the component logic 🎉
Why the namespace param in the url is confusing
The namespace architecture of the web ui (and vault) is confusing because there is a narrow distinction between authenticating vs navigating to a namespace.
ldapmethod is mounted in theadmin/namespace, users can only log in to theadminnamespace.admin/but has access toadmin/westthey can navigate to that namespace. But they cannot authenticate toadmin/west**Tokens generated in a namespace can log in without specifying the namespace and will be navigated accordingly because their root namespace is returned as part of the token data.
TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.