-
Notifications
You must be signed in to change notification settings - Fork 4.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UI: Fix oidc auth method missing default_role field (#28539)
* add auth-config/oidc to openapi model helper * alphabetize * update maskedinput selector to be standard data-test-input * add test * add changelog * fix maskedinput test and kv selector * final textarea selector!
- Loading branch information
1 parent
b195342
commit 71422d4
Showing
21 changed files
with
335 additions
and
108 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:bug | ||
ui: fix `default_role` input missing from oidc auth method configuration form | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,216 @@ | ||
/** | ||
* Copyright (c) HashiCorp, Inc. | ||
* SPDX-License-Identifier: BUSL-1.1 | ||
*/ | ||
|
||
import { module, test } from 'qunit'; | ||
import { setupApplicationTest } from 'ember-qunit'; | ||
import { v4 as uuidv4 } from 'uuid'; | ||
|
||
import { login } from 'vault/tests/helpers/auth/auth-helpers'; | ||
import { visit } from '@ember/test-helpers'; | ||
import { deleteAuthCmd, runCmd } from 'vault/tests/helpers/commands'; | ||
import testHelper from './test-helper'; | ||
import { GENERAL } from 'vault/tests/helpers/general-selectors'; | ||
|
||
// These models use openAPI so we assert the form inputs using an acceptance test | ||
// The default selector is to use GENERAL.inputByAttr() | ||
// custom fields should be added to the this.customSelectorss object | ||
module('Acceptance | auth enable tune form test', function (hooks) { | ||
setupApplicationTest(hooks); | ||
hooks.beforeEach(async function () { | ||
// these tend to be the same across models because they share the same mount-config model | ||
// if necessary, they can be overridden in the individual module | ||
this.mountFields = [ | ||
'path', | ||
'description', | ||
'local', | ||
'sealWrap', | ||
'config.listingVisibility', | ||
'config.defaultLeaseTtl', | ||
'config.maxLeaseTtl', | ||
'config.tokenType', | ||
'config.auditNonHmacRequestKeys', | ||
'config.auditNonHmacResponseKeys', | ||
'config.passthroughRequestHeaders', | ||
'config.allowedResponseHeaders', | ||
'config.pluginVersion', | ||
]; | ||
}); | ||
|
||
module('azure', function (hooks) { | ||
hooks.beforeEach(async function () { | ||
this.type = 'azure'; | ||
this.path = `${this.type}-${uuidv4()}`; | ||
this.tuneFields = [ | ||
'environment', | ||
'identityTokenAudience', | ||
'identityTokenTtl', | ||
'maxRetries', | ||
'maxRetryDelay', | ||
'resource', | ||
'retryDelay', | ||
'rootPasswordTtl', | ||
'tenantId', | ||
]; | ||
this.tuneToggles = { 'Azure Options': ['clientId', 'clientSecret'] }; | ||
await login(); | ||
return visit('/vault/settings/auth/enable'); | ||
}); | ||
hooks.afterEach(async function () { | ||
await runCmd(deleteAuthCmd(this.path), false); | ||
}); | ||
testHelper(test); | ||
}); | ||
|
||
module('jwt', function (hooks) { | ||
hooks.beforeEach(async function () { | ||
this.type = 'jwt'; | ||
this.path = `${this.type}-${uuidv4()}`; | ||
this.customSelectors = { | ||
providerConfig: `${GENERAL.fieldByAttr('providerConfig')} textarea`, | ||
}; | ||
this.tuneFields = [ | ||
'defaultRole', | ||
'jwksCaPem', | ||
'jwksUrl', | ||
'namespaceInState', | ||
'oidcDiscoveryUrl', | ||
'oidcResponseMode', | ||
'oidcResponseTypes', | ||
'providerConfig', | ||
'unsupportedCriticalCertExtensions', | ||
]; | ||
this.tuneToggles = { | ||
'JWT Options': [ | ||
'oidcClientId', | ||
'oidcClientSecret', | ||
'oidcDiscoveryCaPem', | ||
'jwtValidationPubkeys', | ||
'jwtSupportedAlgs', | ||
'boundIssuer', | ||
], | ||
}; | ||
await login(); | ||
return visit('/vault/settings/auth/enable'); | ||
}); | ||
hooks.afterEach(async function () { | ||
await runCmd(deleteAuthCmd(this.path), false); | ||
}); | ||
testHelper(test); | ||
}); | ||
|
||
module('ldap', function (hooks) { | ||
hooks.beforeEach(async function () { | ||
this.type = 'ldap'; | ||
this.path = `${this.type}-${uuidv4()}`; | ||
this.tuneFields = [ | ||
'url', | ||
'caseSensitiveNames', | ||
'connectionTimeout', | ||
'dereferenceAliases', | ||
'maxPageSize', | ||
'passwordPolicy', | ||
'requestTimeout', | ||
'tokenBoundCidrs', | ||
'tokenExplicitMaxTtl', | ||
'tokenMaxTtl', | ||
'tokenNoDefaultPolicy', | ||
'tokenNumUses', | ||
'tokenPeriod', | ||
'tokenPolicies', | ||
'tokenTtl', | ||
'tokenType', | ||
'usePre111GroupCnBehavior', | ||
'usernameAsAlias', | ||
]; | ||
this.tuneToggles = { | ||
'LDAP Options': [ | ||
'starttls', | ||
'insecureTls', | ||
'discoverdn', | ||
'denyNullBind', | ||
'tlsMinVersion', | ||
'tlsMaxVersion', | ||
'certificate', | ||
'clientTlsCert', | ||
'clientTlsKey', | ||
'userattr', | ||
'upndomain', | ||
'anonymousGroupSearch', | ||
], | ||
'Customize User Search': ['binddn', 'userdn', 'bindpass', 'userfilter'], | ||
'Customize Group Membership Search': ['groupfilter', 'groupattr', 'groupdn', 'useTokenGroups'], | ||
}; | ||
await login(); | ||
return visit('/vault/settings/auth/enable'); | ||
}); | ||
hooks.afterEach(async function () { | ||
await runCmd(deleteAuthCmd(this.path), false); | ||
}); | ||
testHelper(test); | ||
}); | ||
|
||
module('oidc', function (hooks) { | ||
hooks.beforeEach(async function () { | ||
this.type = 'oidc'; | ||
this.path = `${this.type}-${uuidv4()}`; | ||
this.customSelectors = { | ||
providerConfig: `${GENERAL.fieldByAttr('providerConfig')} textarea`, | ||
}; | ||
this.tuneFields = [ | ||
'oidcDiscoveryUrl', | ||
'defaultRole', | ||
'jwksCaPem', | ||
'jwksUrl', | ||
'oidcResponseMode', | ||
'oidcResponseTypes', | ||
'namespaceInState', | ||
'providerConfig', | ||
'unsupportedCriticalCertExtensions', | ||
]; | ||
this.tuneToggles = { | ||
'OIDC Options': [ | ||
'oidcClientId', | ||
'oidcClientSecret', | ||
'oidcDiscoveryCaPem', | ||
'jwtValidationPubkeys', | ||
'jwtSupportedAlgs', | ||
'boundIssuer', | ||
], | ||
}; | ||
await login(); | ||
return visit('/vault/settings/auth/enable'); | ||
}); | ||
hooks.afterEach(async function () { | ||
await runCmd(deleteAuthCmd(this.path), false); | ||
}); | ||
testHelper(test); | ||
}); | ||
|
||
module('okta', function (hooks) { | ||
hooks.beforeEach(async function () { | ||
this.type = 'okta'; | ||
this.path = `${this.type}-${uuidv4()}`; | ||
this.tuneFields = [ | ||
'orgName', | ||
'tokenBoundCidrs', | ||
'tokenExplicitMaxTtl', | ||
'tokenMaxTtl', | ||
'tokenNoDefaultPolicy', | ||
'tokenNumUses', | ||
'tokenPeriod', | ||
'tokenPolicies', | ||
'tokenTtl', | ||
'tokenType', | ||
]; | ||
this.tuneToggles = { Options: ['apiToken', 'baseUrl', 'bypassOktaMfa'] }; | ||
await login(); | ||
return visit('/vault/settings/auth/enable'); | ||
}); | ||
hooks.afterEach(async function () { | ||
await runCmd(deleteAuthCmd(this.path), false); | ||
}); | ||
testHelper(test); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
/** | ||
* Copyright (c) HashiCorp, Inc. | ||
* SPDX-License-Identifier: BUSL-1.1 | ||
*/ | ||
|
||
import { click, currentURL, fillIn } from '@ember/test-helpers'; | ||
import { GENERAL } from 'vault/tests/helpers/general-selectors'; | ||
|
||
const SELECTORS = { | ||
mountType: (name) => `[data-test-mount-type="${name}"]`, | ||
submit: '[data-test-mount-submit]', | ||
}; | ||
|
||
const assertFields = (assert, fields, customSelectors = {}) => { | ||
fields.forEach((param) => { | ||
if (Object.keys(customSelectors).includes(param)) { | ||
assert.dom(customSelectors[param]).exists(); | ||
} else { | ||
assert.dom(GENERAL.inputByAttr(param)).exists(); | ||
} | ||
}); | ||
}; | ||
export default (test) => { | ||
test('it renders mount fields', async function (assert) { | ||
await click(SELECTORS.mountType(this.type)); | ||
await click(GENERAL.toggleGroup('Method Options')); | ||
assertFields(assert, this.mountFields, this.customSelectors); | ||
}); | ||
|
||
test('it renders tune fields', async function (assert) { | ||
// enable auth method to check tune fields | ||
await click(SELECTORS.mountType(this.type)); | ||
await fillIn(GENERAL.inputByAttr('path'), this.path); | ||
await click(SELECTORS.submit); | ||
assert.strictEqual( | ||
currentURL(), | ||
`/vault/settings/auth/configure/${this.path}/configuration`, | ||
`${this.type}: it mounts navigates to tune form` | ||
); | ||
|
||
assertFields(assert, this.tuneFields, this.customSelectors); | ||
|
||
for (const toggle in this.tuneToggles) { | ||
const fields = this.tuneToggles[toggle]; | ||
await click(GENERAL.toggleGroup(toggle)); | ||
assertFields(assert, fields, this.customSelectors); | ||
} | ||
}); | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.