Auth method token_type possibleValues fix #19290
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Monkeychip
commented
Feb 22, 2023
| defaultFormValue: 'default', | ||
| 'The type of token that should be generated via this role. For `default-service` and `default-batch` service and batch tokens will be issued respectively, unless the auth method explicitly requests a different type.', | ||
| possibleValues: ['default-service', 'default-batch', 'batch', 'service'], | ||
| noDefault: true, | ||
| }) |
There was a problem hiding this comment.
Ivana helped me with the new tooltip language.
Monkeychip
commented
Feb 22, 2023
zofskeez
requested changes
Feb 23, 2023
zofskeez
approved these changes
Feb 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When configuring an Auth mount the UI was displaying the following three types:
default,batchandservice. However, the API lists the following four possible types:default-service,default-batch,batchandservice. This caused the following problems:If the user didn't touch the Token Type dropdown we would send an empty string, which the api defaults to "default-service." However, if the user toggled this dropdown and then reselected
default, and saved that value, the API returned with a not valid type error because it doesn't accept type default.The UI displayed the wrong values. I suspect
defaultin the UI was supposed to generalizedefault-batchanddefault-service, however, they mean different things and confused the user.I have fixed these errors by setting
noDefault=trueon the dropdown and changing thepossibleValuesto match the API. Ideally the API's default value would bedefault-servicebecause this is the value all current auth methods return when you sendtoken_type=''. I went back and forth on whether I should make the default value "default-service" in the UI. However, I settled on following what the API behavior is just in case for some reason in the future another Auth method does not returndefault-serviceas the token_type when passing an empty string.With the fix:
When they go to tune their mount it will show
default-servicebecause even if they didn't send a token_type the API returnsdefault-serviceI also went ahead and fixed an active class error on the section tabs in this area by removing a surrounding
lielement.Before:
After:
Notes:
TokenTypeas a mount config option (it only shows that it's available for tuning). I'll make a ticket for this.allowed_response_headersandplugin_versionthat the API lists but we don't have in the UI (we showallowed_response_headerson secret engine mounts but not on auth methods even though it's in the mount-config model?). I'll follow up with this as well, but thought I'd add a note in case anyone has some background here.