UI: (Enterprise) Login form customization feature #30700
Conversation
|
CI Results: |
|
Build Results: |
| @@ -3,105 +3,103 @@ | |||
| SPDX-License-Identifier: BUSL-1.1 | |||
| }} | |||
|
|
|||
| <div {{did-insert this.initializeState}}> | |||
There was a problem hiding this comment.
moved initialization to the parent, so no more need for did-insert 🎉 . I recommend reviewing with ✅ Hide whitespace
| } | ||
|
|
||
| private constructViews(view: FormView, tabData: UnauthMountsByType | null) { | ||
| return { view, tabData }; |
There was a problem hiding this comment.
view is actually never used anywhere and only included it to make the form view logic easier to navigate. Without it, the dropdown view has to be deduced whether or not tabData exists. So for state that has an alternate view, but no tabs it would be alternateView = { tabData: null }. It felt strange to rely on an object of that shape for a truthy value. Alternatively, I could add a key like hasAlternateView but at that point it just seemed like I might as well say what said alternate view is to ease navigating these chaotic logic combinations 😅
| */ | ||
| getMountOrTypeData(authMount, visibleAuthMounts) { | ||
| if (visibleAuthMounts?.[authMount]) { | ||
| return { path: authMount, ...visibleAuthMounts[authMount], isVisibleMount: true }; | ||
| const sanitizedParam = sanitizePath(authMount); // strip leading/trailing slashes |
There was a problem hiding this comment.
added test here for this update
| @@ -180,37 +155,14 @@ module('Integration | Component | auth | form template', function (hooks) { | |||
| assert.dom(AUTH_FORM.advancedSettings).doesNotExist(); | |||
| }); | |||
|
|
|||
| test('it renders the mount description', async function (assert) { | |||
There was a problem hiding this comment.
moved these tests to auth/tabs-test component
There was a problem hiding this comment.
unless otherwise noted, tests deleted here migrated to auth/page-test.js
|
|
|
Enterprise tests ✅ |
b028ffa
| @@ -15,35 +15,52 @@ | |||
|
|
|||
| {{#if @loginRules}} | |||
| {{#each @loginRules as |rule|}} | |||
| <div class="list-item-row linked-block-item is-no-underline"> | |||
There was a problem hiding this comment.
Makes the list item clickable
|
|
* add request for custom login settings to auth route * add tests to page integration before updating logic * make tab component tests * move form state logic to parent page component * test updates for sanitizing query param in auth route * add custom login feature * add test for fetching login settings on ent only * add changelog * reword changelog * rename variable from showOtherMethods to showAlternateView * cleanup store * cleanup comments per PR feedback * abc * VAULT-34672 render line breaks in description * update endpoints after testing with live api * add test coverage * word * remove backup types from test-ns for testing * change to manually log in * add error handling for no login settings * add inheritance badge and make list item linkable
* add request for custom login settings to auth route * add tests to page integration before updating logic * make tab component tests * move form state logic to parent page component * test updates for sanitizing query param in auth route * add custom login feature * add test for fetching login settings on ent only * add changelog * reword changelog * rename variable from showOtherMethods to showAlternateView * cleanup store * cleanup comments per PR feedback * abc * VAULT-34672 render line breaks in description * update endpoints after testing with live api * add test coverage * word * remove backup types from test-ns for testing * change to manually log in * add error handling for no login settings * add inheritance badge and make list item linkable
Description
Users can simplify the web UI login experience and remove unwanted login methods by choosing a default auth method (and optional backup methods). These settings can be inherited by child namespaces.
Frontend compliment to https://github.com/hashicorp/vault-enterprise/pull/8097. Closes 9076.
To encourage best practices, creating custom login rules not supported as a form in the web ui and must happen via the API or CLI.
⚙️ Configuration options:
The login form either renders a
dropdownortabsdepending on specific configuration combinations.In some scenarios, the component supports toggling between a default view and an alternate view. Users can use a direct link to override any login settings or default behavior.
📋 Dropdown (default view)
▸ All supported auth methods show in a dropdown.
▸ No alternate view.
🗂️ Visible mount tabs (visible (unauth) mount tabs)
▸ Groups visible mounts (
listing_visibility="unauth") by type and displays as tabs.▸ Alternate view: full dropdown of all methods.
🔗 Direct link (via
?with=query param)▸ If the param references a visible mount, that method renders by default and the mount path is assumed.
↳ Alternate view: full dropdown.
▸ If the param references a method type (legacy behavior), the method is preselected in the dropdown or its tab is selected.
↳ Alternate view: if other methods have visible mounts, the form can toggle between tabs and dropdown. The initial view depends on whether the chosen type is a tab.
🏢 Enterprise-only login settings
▸ A namespace can define a default method and/or preferred methods (i.e. "backups") and enable child namespaces to inherit these preferences.
✎ Both set:
▸ Default method shown initially.
▸ Alternate view: preferred methods in tab layout.
✎ Only one set:
▸ No alternate view.
🛠️ Advanced settings toggle reveals the custom path input:
🚫 No visible mounts:
▸ UI defaults to method type as path.
▸ "Advanced settings" shows a path input.
1️⃣ One visible mount:
▸ Path is assumed and hidden.
🔀 Multiple visible mounts:
▸ Path dropdown is shown.
📸 Screenshots
Default + Backup methods set with mount data
Advanced settingstoggle is hidden because method has mount data availableAdvanced settingshides/shows for each tab depending on mount visibilityDefault + Backup methods set with no mount data
Advanced settingsrendersDefault only
Direct links
?with=query param refers to an auth method type it is preselected in the dropdown (backward compatibility)TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.