UI - unauthed login methods

[meirish]

The UI will now take advantage of the ability to mark auth methods as "unauth"'d in the tune api.

1. adds new tune fields for auth methods (listing_visibility, audit_non_hmac_request_keys, audit_non_hmac_response_keys, and passthrough_request_headers)

2. If there are any auth methods tuned with listing_visibility="unauth" when logging in to Vault, the tabs are those methods, with an "Other" tab that allows you to use the previous list of methods and specify a path. Fixes Vault UI Feature Request: Don't Show all login methods in Vault UI Login Page #4307
   

3. The UI now accepts a query parameter to /ui/vault/auth called wrapped_token. If this is specified, the UI will attempt to unwrap the token, and will then use it to fill in the token form, and log the user in. Fixes Passthrough auth in UI #4834
   

Minor changes:
Adds copy button to more console output.
Fixes console refresh on pages that use lazyPaginatedQuery.

[joshuaogle]

Works great! This should be a nice UX improvement for some folks. Code looks good on the template side at least, those angle brackets are nice!

[johncowen]

Little nit for the minute, do you need this nulling here?

[meirish]

Heh whoops, been a while since doing DOM-y things and was just overzealous. I imagine it doesn't hurt, but also probably not needed.

[johncowen]

Hey @meirish

So had a quick look at the unauth thing, looks nice, love that you can configure all this. Couple of tiny user perspective things I spotted:

1. When on /ui/vault/access I could not click on the 'list items' I had to use the right hand [...] buttons to view/edit the config.
2. When clicking through on of these to view/edit the configuration, say here /ui/vault/access/token/configuration I then could not use the '< token' breadcrumb to go back to my list, its seems to try but looks more like it just refreshes the page.

I had a quick look at the copy button in the console, which works nice. I didn't dig into the refresh thing as I don't really have context on that to follow.

Cheers

[meirish]

@johncowen Thanks for checking it out! It looks like you've run into a couple of "we just haven't done it yet" things.

For 1 - the items in that list will eventually click through to a list of users / accessors (depending on the auth method). We haven't gotten that far with the auth method build out yet, so for now we're just leaving the item row as an element and not a link so that we don't have to swap where it goes later and potentially cause confusion.

For 2 - we're planning on re-working all of the breadcrumbs throughout the application, but yeah some of them don't have the parent (that one is one example - there would be an Access one that would take you back to the list, not clicking on the token one to get back).

The refresh thing was a bug where that command in the console didn't work if you were on a page where we did front-end-caching. So if you navigate to the secrets list page, then add a secret via some other method (cli, or UI open in another tab), then did refresh in the console you wouldn't get an updated list. Now you will.

[johncowen]

👍