From d4667de540384c3d2a00885273822c218faa6197 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 15 Jan 2019 11:55:12 -0500
Subject: [PATCH 01/84] ping openapi and grab current model

---
 ui/app/adapters/secret-engine.js              |  14 +-
 ui/app/models/role-pki.js                     | 188 +++++++++---------
 .../routes/vault/cluster/secrets/backend.js   |   3 +
 .../cluster/secrets/backend/secret-edit.js    |  23 ++-
 ui/app/services/path-help.js                  |  35 ++++
 ui/app/utils/openapi-to-attrs.js              |  20 ++
 6 files changed, 183 insertions(+), 100 deletions(-)
 create mode 100644 ui/app/services/path-help.js
 create mode 100644 ui/app/utils/openapi-to-attrs.js

diff --git a/ui/app/adapters/secret-engine.js b/ui/app/adapters/secret-engine.js
index 56481655368c..42b998f26905 100644
--- a/ui/app/adapters/secret-engine.js
+++ b/ui/app/adapters/secret-engine.js
@@ -7,16 +7,20 @@ export default ApplicationAdapter.extend({
     return path ? url + '/' + path : url;
   },
 
+  internalURL(path) {
+    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
+    if (path) {
+      url = `${url}/${path}`;
+    }
+    return url;
+  },
+
   pathForType() {
     return 'mounts';
   },
 
   query(store, type, query) {
-    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
-    if (query.path) {
-      url = `${url}/${query.path}`;
-    }
-    return this.ajax(url, 'GET');
+    return this.ajax(this.internalURL(query.path), 'GET');
   },
 
   createRecord(store, type, snapshot) {
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 77fe609d7df6..4181a1e221d9 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,100 +15,100 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['rsa', 'ec'],
-  }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
-  allowLocalhost: attr('boolean', {}),
-  allowedDomains: attr('string', {}),
-  allowBareDomains: attr('boolean', {}),
-  allowSubdomains: attr('boolean', {}),
-  allowGlobDomains: attr('boolean', {}),
-  allowAnyName: attr('boolean', {}),
-  enforceHostnames: attr('boolean', {}),
-  allowIpSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Allow clients to request IP Subject Alternative Names (SANs)',
-  }),
-  allowedOtherSans: attr({
-    editType: 'stringArray',
-    label: 'Allowed Other SANs',
-  }),
-  serverFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  clientFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  codeSigningFlag: attr('boolean', {}),
-  emailProtectionFlag: attr('boolean', {}),
-  keyBits: attr('number', {
-    defaultValue: 2048,
-  }),
-  keyUsage: attr('string', {
-    defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
-    editType: 'stringArray',
-  }),
-  extKeyUsageOids: attr({
-    label: 'Custom extended key usage OIDs',
-    editType: 'stringArray',
-  }),
-  requireCn: attr('boolean', {
-    label: 'Require common name',
-    defaultValue: true,
-  }),
-  useCsrCommonName: attr('boolean', {
-    label: 'Use CSR common name',
-    defaultValue: true,
-  }),
-  useCsrSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Use CSR subject alternative names (SANs)',
-  }),
-  ou: attr({
-    label: 'OU (OrganizationalUnit)',
-    editType: 'stringArray',
-  }),
-  organization: attr({
-    editType: 'stringArray',
-  }),
-  country: attr({
-    editType: 'stringArray',
-  }),
-  locality: attr({
-    editType: 'stringArray',
-    label: 'Locality/City',
-  }),
-  province: attr({
-    editType: 'stringArray',
-    label: 'Province/State',
-  }),
-  streetAddress: attr({
-    editType: 'stringArray',
-  }),
-  postalCode: attr({
-    editType: 'stringArray',
-  }),
-  generateLease: attr('boolean', {}),
-  noStore: attr('boolean', {}),
-  policyIdentifiers: attr({
-    editType: 'stringArray',
-  }),
-  basicConstraintsValidForNonCA: attr('boolean', {
-    label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
-  }),
-  notBeforeDuration: attr({
-    label: 'Not Before Duration',
-    editType: 'ttl',
-    defaultValue: '30s',
-  }),
+  // keyType: attr('string', {
+  //   possibleValues: ['rsa', 'ec'],
+  // }),
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
+  // maxTtl: attr({
+  //   label: 'Max TTL',
+  //   editType: 'ttl',
+  // }),
+  // allowLocalhost: attr('boolean', {}),
+  // allowedDomains: attr('string', {}),
+  // allowBareDomains: attr('boolean', {}),
+  // allowSubdomains: attr('boolean', {}),
+  // allowGlobDomains: attr('boolean', {}),
+  // allowAnyName: attr('boolean', {}),
+  // enforceHostnames: attr('boolean', {}),
+  // allowIpSans: attr('boolean', {
+  //   defaultValue: true,
+  //   label: 'Allow clients to request IP Subject Alternative Names (SANs)',
+  // }),
+  // allowedOtherSans: attr({
+  //   editType: 'stringArray',
+  //   label: 'Allowed Other SANs',
+  // }),
+  // serverFlag: attr('boolean', {
+  //   defaultValue: true,
+  // }),
+  // clientFlag: attr('boolean', {
+  //   defaultValue: true,
+  // }),
+  // codeSigningFlag: attr('boolean', {}),
+  // emailProtectionFlag: attr('boolean', {}),
+  // keyBits: attr('number', {
+  //   defaultValue: 2048,
+  // }),
+  // keyUsage: attr('string', {
+  //   defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
+  //   editType: 'stringArray',
+  // }),
+  // extKeyUsageOids: attr({
+  //   label: 'Custom extended key usage OIDs',
+  //   editType: 'stringArray',
+  // }),
+  // requireCn: attr('boolean', {
+  //   label: 'Require common name',
+  //   defaultValue: true,
+  // }),
+  // useCsrCommonName: attr('boolean', {
+  //   label: 'Use CSR common name',
+  //   defaultValue: true,
+  // }),
+  // useCsrSans: attr('boolean', {
+  //   defaultValue: true,
+  //   label: 'Use CSR subject alternative names (SANs)',
+  // }),
+  // ou: attr({
+  //   label: 'OU (OrganizationalUnit)',
+  //   editType: 'stringArray',
+  // }),
+  // organization: attr({
+  //   editType: 'stringArray',
+  // }),
+  // country: attr({
+  //   editType: 'stringArray',
+  // }),
+  // locality: attr({
+  //   editType: 'stringArray',
+  //   label: 'Locality/City',
+  // }),
+  // province: attr({
+  //   editType: 'stringArray',
+  //   label: 'Province/State',
+  // }),
+  // streetAddress: attr({
+  //   editType: 'stringArray',
+  // }),
+  // postalCode: attr({
+  //   editType: 'stringArray',
+  // }),
+  // generateLease: attr('boolean', {}),
+  // noStore: attr('boolean', {}),
+  // policyIdentifiers: attr({
+  //   editType: 'stringArray',
+  // }),
+  // basicConstraintsValidForNonCA: attr('boolean', {
+  //   label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
+  // }),
+  // notBeforeDuration: attr({
+  //   label: 'Not Before Duration',
+  //   editType: 'ttl',
+  //   defaultValue: '30s',
+  // }),
 
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index b7964a59b186..70bd9f2abe45 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -1,7 +1,10 @@
 import { inject as service } from '@ember/service';
+import { getOwner } from '@ember/application';
+import { run } from '@ember/runloop';
 import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
+  oldModel: null,
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 943ad2a54a0a..1e64b38b3f0e 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -1,11 +1,13 @@
 import { set } from '@ember/object';
 import { hash, resolve } from 'rsvp';
+import { inject as service } from '@ember/service';
 import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
+import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
-import DS from 'ember-data';
 
 export default Route.extend(UnloadModelRoute, {
+  pathHelp: service('path-help'),
   capabilities(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let backendModel = this.modelFor('vault.cluster.secrets.backend');
@@ -35,6 +37,7 @@ export default Route.extend(UnloadModelRoute, {
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
     const { secret } = this.paramsFor(this.routeName);
+    this.buildModel(secret);
     const parentKey = utils.parentKeyForKey(secret);
     const mode = this.routeName.split('.').pop();
     if (mode === 'edit' && utils.keyIsFolder(secret)) {
@@ -46,6 +49,24 @@ export default Route.extend(UnloadModelRoute, {
     }
   },
 
+  buildModel(secret) {
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.modelType(backend, secret);
+    let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+      let newModel;
+      if (modelFactory) {
+        //combine them
+        newModel = modelFactory.class.reopen({
+          attrs,
+        });
+      } else {
+        //generate a whole new model
+      }
+      getOwner(this).register(newModel.toString(), newModel);
+    });
+  },
+
   modelType(backend, secret) {
     let backendModel = this.modelFor('vault.cluster.secrets.backend', backend);
     let type = backendModel.get('engineType');
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
new file mode 100644
index 000000000000..e70f4d3cbe51
--- /dev/null
+++ b/ui/app/services/path-help.js
@@ -0,0 +1,35 @@
+// Low level service that allows users to input paths to make requests to vault
+// this service provides the UI synecdote to the cli commands read, write, delete, and list
+import Service from '@ember/service';
+
+import { getOwner } from '@ember/application';
+import { expandOpenApiProps } from 'vault/utils/openapi-to-attrs';
+
+export function sanitizePath(path) {
+  //remove whitespace + remove trailing and leading slashes
+  return path.trim().replace(/^\/+|\/+$/g, '');
+}
+
+export default Service.extend({
+  attrs: null,
+  ajax(url, options = {}) {
+    let appAdapter = getOwner(this).lookup(`adapter:application`);
+    let { data } = options;
+    return appAdapter.ajax(url, 'GET', {
+      data,
+    });
+  },
+
+  getAttrs(modelType, backend) {
+    let adapter = getOwner(this).lookup(`adapter:${modelType}`);
+    let path = adapter.pathForType();
+    let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    let wildcard = { roles: 'name', mounts: 'config' }[path];
+    return this.ajax(helpUrl, backend).then(help => {
+      let props =
+        help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
+          .properties;
+      return expandOpenApiProps(props);
+    });
+  },
+});
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
new file mode 100644
index 000000000000..c440450868b6
--- /dev/null
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -0,0 +1,20 @@
+import DS from 'ember-data';
+const { attr } = DS;
+
+export const expandOpenApiProps = function(props) {
+  let attrs = {};
+  // expand all attributes
+  for (let prop in props) {
+    let details = props[prop];
+    let editType = details.type;
+    if (details.format === 'seconds') {
+      editType = 'ttl';
+    } else if (details.items) {
+      editType = details.items.type + details.type.capitalize();
+    }
+    attrs[prop.camelize()] = attr({
+      editType: editType || details.type,
+    });
+  }
+  return attrs;
+};

From 0faf738a1fc7856523f702bfb804a95d9b999556 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 16 Jan 2019 11:32:43 -0500
Subject: [PATCH 02/84] add debugger statements to figure out order of
 operations

---
 ui/app/models/role-pki.js                           |  8 ++++----
 ui/app/routes/vault/cluster/secrets/backend.js      |  3 +++
 .../vault/cluster/secrets/backend/secret-edit.js    | 13 ++++++++-----
 ui/app/utils/field-to-attrs.js                      |  2 ++
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 4181a1e221d9..91fa112c67df 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,9 +15,9 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  // keyType: attr('string', {
-  //   possibleValues: ['rsa', 'ec'],
-  // }),
+  keyType: attr('string', {
+    possibleValues: ['rsa', 'ec'],
+  }),
   // ttl: attr({
   //   label: 'TTL',
   //   editType: 'ttl',
@@ -124,7 +124,7 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed(function() {
+  fieldGroups: computed('backend', function() {
     const groups = [
       { default: ['name', 'keyType'] },
       {
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index 70bd9f2abe45..060dbbc9631c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -5,6 +5,9 @@ import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
   oldModel: null,
+  beforeModel(params) {
+    debugger; //eslint-disable-line
+  },
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 1e64b38b3f0e..7fde1a0afe8a 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -32,7 +32,7 @@ export default Route.extend(UnloadModelRoute, {
 
   templateName: 'vault/cluster/secrets/backend/secretEditLayout',
 
-  beforeModel() {
+  beforeModel(params) {
     // currently there is no recursive delete for folders in vault, so there's no need to 'edit folders'
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
@@ -53,17 +53,20 @@ export default Route.extend(UnloadModelRoute, {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
     let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    let owner = getOwner(this);
     this.pathHelp.getAttrs(modelType, backend).then(attrs => {
       let newModel;
       if (modelFactory) {
         //combine them
-        newModel = modelFactory.class.reopen({
-          attrs,
-        });
+        newModel = modelFactory.class.reopenClass(attrs);
       } else {
         //generate a whole new model
       }
-      getOwner(this).register(newModel.toString(), newModel);
+      newModel = newModel.class.reopenClass({ merged: true });
+      debugger; //eslint-disable-line
+      owner.unregister(newModel.toString());
+      owner.register(newModel.toString(), newModel);
+      this.refresh();
     });
   },
 
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index 730c9076bc19..e6c5f0a0b45a 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -36,6 +36,7 @@ import { expandProperties } from '@ember/object/computed';
  */
 
 export const expandAttributeMeta = function(modelClass, attributeNames, namePrefix, map) {
+  debugger; //eslint-disable-line
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
@@ -96,6 +97,7 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
  */
 
 export default function(modelClass, fieldGroups) {
+  debugger; //eslint-disable-line
   return fieldGroups.map(group => {
     const groupKey = Object.keys(group)[0];
     const fields = expandAttributeMeta(modelClass, group[groupKey]);

From 64962a39db6f2fca0112a924b1f24bb72a9cf10f Mon Sep 17 00:00:00 2001
From: Matthew Irish <matthew@hashicorp.com>
Date: Fri, 18 Jan 2019 17:41:34 -0600
Subject: [PATCH 03/84] block in model generation strategy

---
 .../cluster/secrets/backend/secret-edit.js    | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 7fde1a0afe8a..66df6be7f590 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -37,36 +37,36 @@ export default Route.extend(UnloadModelRoute, {
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
     const { secret } = this.paramsFor(this.routeName);
-    this.buildModel(secret);
-    const parentKey = utils.parentKeyForKey(secret);
-    const mode = this.routeName.split('.').pop();
-    if (mode === 'edit' && utils.keyIsFolder(secret)) {
-      if (parentKey) {
-        return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
-      } else {
-        return this.transitionTo('vault.cluster.secrets.backend.list-root');
+    return this.buildModel(secret).then(() => {
+      const parentKey = utils.parentKeyForKey(secret);
+      const mode = this.routeName.split('.').pop();
+      if (mode === 'edit' && utils.keyIsFolder(secret)) {
+        if (parentKey) {
+          return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
+        } else {
+          return this.transitionTo('vault.cluster.secrets.backend.list-root');
+        }
       }
-    }
+    });
   },
 
   buildModel(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
-    let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    let name = `model:${modelType}`;
     let owner = getOwner(this);
-    this.pathHelp.getAttrs(modelType, backend).then(attrs => {
-      let newModel;
-      if (modelFactory) {
+    return this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+      let newModel = owner.factoryFor(name).class;
+      if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        newModel = modelFactory.class.reopenClass(attrs);
+        // TODO - this doesn't merge attributes
+        newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
       }
-      newModel = newModel.class.reopenClass({ merged: true });
-      debugger; //eslint-disable-line
-      owner.unregister(newModel.toString());
-      owner.register(newModel.toString(), newModel);
-      this.refresh();
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
     });
   },
 

From f150cee2463a67bb41f285259fa84ffca86a3954 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 23 Jan 2019 12:07:05 -0500
Subject: [PATCH 04/84] make sure all form fields appear correctly for pki

---
 ui/app/models/role-pki.js                     |  2 +-
 .../cluster/secrets/backend/secret-edit.js    |  6 +++--
 ui/app/templates/components/form-field.hbs    | 15 ++++++++---
 ui/app/utils/field-to-attrs.js                |  3 +--
 ui/app/utils/openapi-to-attrs.js              | 27 ++++++++++++++++---
 5 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 91fa112c67df..fa018c69ebab 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -167,7 +167,7 @@ export default DS.Model.extend({
         ],
       },
       {
-        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCA', 'policyIdentifiers'],
+        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCa', 'policyIdentifiers'],
       },
     ];
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 66df6be7f590..a2cd340f949c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -5,6 +5,7 @@ import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
 import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   pathHelp: service('path-help'),
@@ -55,11 +56,12 @@ export default Route.extend(UnloadModelRoute, {
     let modelType = this.modelType(backend, secret);
     let name = `model:${modelType}`;
     let owner = getOwner(this);
-    return this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+    return this.pathHelp.getProps(modelType, backend).then(props => {
       let newModel = owner.factoryFor(name).class;
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        // TODO - this doesn't merge attributes
+        let attrs = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index c84e51cb77e6..91fd3a89d162 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -1,7 +1,12 @@
 {{#unless
   (or
-    (and attr.options.editType (not-eq attr.options.editType "textarea"))
     (eq attr.type "boolean")
+    (contains
+      attr.options.editType
+      (array
+        "searchSelect" "mountAccessor" "kv" "file" "ttl" "stringArray" "json"
+      )
+    )
   )
 }}
   <label for="{{attr.name}}" class="is-label">
@@ -16,6 +21,7 @@
   </label>
 {{/unless}}
 {{#if attr.options.possibleValues}}
+  {{log attr}}
   <div class="control is-expanded">
     <div class="select is-fullwidth">
       <select
@@ -124,9 +130,10 @@
   <MaskedInput
     @value={{or (get model valuePath) attr.options.defaultValue}}
     @placeholder=""
-    @allowCopy=true
-  />
-{{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+    @allowCopy="true"
+   />
+
+{{else if (or (eq attr.type "number") (eq attr.type "string"))}}
   <div class="control">
     {{#if (eq attr.options.editType "textarea")}}
       <textarea
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index e6c5f0a0b45a..3bf29f5317a6 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -36,10 +36,10 @@ import { expandProperties } from '@ember/object/computed';
  */
 
 export const expandAttributeMeta = function(modelClass, attributeNames, namePrefix, map) {
-  debugger; //eslint-disable-line
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
+  debugger; //eslint-disable-line
   let attributeMap = map || new Map();
   modelClass.eachAttribute((name, meta) => {
     let fieldName = namePrefix ? namePrefix + name : name;
@@ -97,7 +97,6 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
  */
 
 export default function(modelClass, fieldGroups) {
-  debugger; //eslint-disable-line
   return fieldGroups.map(group => {
     const groupKey = Object.keys(group)[0];
     const fields = expandAttributeMeta(modelClass, group[groupKey]);
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index c440450868b6..ee97d11af33a 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,5 +1,6 @@
 import DS from 'ember-data';
 const { attr } = DS;
+import { assign } from '@ember/polyfills';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -12,9 +13,29 @@ export const expandOpenApiProps = function(props) {
     } else if (details.items) {
       editType = details.items.type + details.type.capitalize();
     }
-    attrs[prop.camelize()] = attr({
-      editType: editType || details.type,
-    });
+    attrs[prop.camelize()] = {
+      editType: editType,
+      type: details.type,
+    };
   }
   return attrs;
 };
+
+export const combineAttributes = function(oldAttrs, newProps) {
+  let newAttrs = {};
+  oldAttrs.forEach(function(value, name) {
+    if (newProps[name]) {
+      newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));
+    } else {
+      newAttrs[name] = attr(value.type, value.options);
+    }
+  });
+  for (let prop in newProps) {
+    if (newAttrs[prop]) {
+      continue;
+    } else {
+      newAttrs[prop] = attr(newProps[prop].type, newProps[prop]);
+    }
+  }
+  return newAttrs;
+};

From ceed82fc49543753044a7f7681211a015f80c7f8 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 23 Jan 2019 12:24:03 -0500
Subject: [PATCH 05/84] hook up openapi for pki certificates

---
 ui/app/adapters/pki-certificate-sign.js       |  4 ++
 ui/app/adapters/pki-certificate.js            |  4 ++
 ui/app/models/pki-certificate.js              | 36 ++++++++---------
 .../routes/vault/cluster/secrets/backend.js   |  3 --
 .../cluster/secrets/backend/credentials.js    | 40 +++++++++++++++++++
 ui/app/services/path-help.js                  |  4 +-
 6 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/ui/app/adapters/pki-certificate-sign.js b/ui/app/adapters/pki-certificate-sign.js
index eb5ca26157a4..1acdbfb8192b 100644
--- a/ui/app/adapters/pki-certificate-sign.js
+++ b/ui/app/adapters/pki-certificate-sign.js
@@ -7,4 +7,8 @@ export default Adapter.extend({
     }
     return `/v1/${role.backend}/sign/${role.name}`;
   },
+
+  pathForType() {
+    return 'sign';
+  },
 });
diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index 942d2610b106..bed8bfa4b2f1 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -14,6 +14,10 @@ export default Adapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'issue';
+  },
+
   optionsForQuery(id) {
     let data = {};
     if (!id) {
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 5bcd2dc94467..b95d3b0ed5ac 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -36,24 +36,24 @@ export default DS.Model.extend({
     label: 'Common Name',
   }),
 
-  altNames: attr('string', {
-    label: 'DNS/Email Subject Alternative Names (SANs)',
-  }),
-
-  ipSans: attr('string', {
-    label: 'IP Subject Alternative Names (SANs)',
-  }),
-  otherSans: attr({
-    editType: 'stringArray',
-    label: 'Other SANs',
-    helpText:
-      'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
-  }),
-
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
+  // altNames: attr('string', {
+  //   label: 'DNS/Email Subject Alternative Names (SANs)',
+  // }),
+
+  // ipSans: attr('string', {
+  //   label: 'IP Subject Alternative Names (SANs)',
+  // }),
+  // otherSans: attr({
+  //   editType: 'stringArray',
+  //   label: 'Other SANs',
+  //   helpText:
+  //     'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
+  // }),
+
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
 
   format: attr('string', {
     defaultValue: 'pem',
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index 060dbbc9631c..70bd9f2abe45 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -5,9 +5,6 @@ import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
   oldModel: null,
-  beforeModel(params) {
-    debugger; //eslint-disable-line
-  },
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 655577ca90c0..de3d66bca0f6 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -1,15 +1,55 @@
 import { resolve } from 'rsvp';
 import Route from '@ember/routing/route';
+import { getOwner } from '@ember/application';
+import { inject as service } from '@ember/service';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 const SUPPORTED_DYNAMIC_BACKENDS = ['ssh', 'aws', 'pki'];
 
 export default Route.extend({
   templateName: 'vault/cluster/secrets/backend/credentials',
+  pathHelp: service('path-help'),
 
   backendModel() {
     return this.modelFor('vault.cluster.secrets.backend');
   },
 
+  modelType(action) {
+    let types = {
+      sign: 'pki-certificate-sign',
+      issue: 'pki-certificate',
+      signVerbatim: 'pki-certificate',
+    };
+    return types[action];
+  },
+
+  beforeModel() {
+    const { action } = this.paramsFor(this.routeName);
+    return this.buildModel(action);
+  },
+
+  buildModel(action) {
+    debugger; //eslint-disable-line
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.modelType(action);
+    let name = `model:${modelType}`;
+    let owner = getOwner(this);
+    return this.pathHelp.getProps(modelType, backend).then(props => {
+      let newModel = owner.factoryFor(name).class;
+      if (owner.hasRegistration(name) && !newModel.merged) {
+        //combine them
+        let attrs = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
+        newModel = newModel.extend(attrs);
+      } else {
+        //generate a whole new model
+      }
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
+    });
+  },
+
   model(params) {
     let role = params.secret;
     let backendModel = this.backendModel();
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e70f4d3cbe51..daaaa4fb1bb1 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -20,11 +20,11 @@ export default Service.extend({
     });
   },
 
-  getAttrs(modelType, backend) {
+  getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    let wildcard = { roles: 'name', mounts: 'config' }[path];
+    let wildcard = { roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema

From 3e3ad11685871265fe0dc517bffc31c8c929297f Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 24 Jan 2019 13:00:00 -0500
Subject: [PATCH 06/84] hook up adding new fields for ssh roles

---
 ui/app/adapters/pki-certificate.js            |  1 +
 ui/app/adapters/secret.js                     |  4 +++
 ui/app/models/role-aws.js                     | 22 ++++++------
 .../cluster/secrets/backend/credentials.js    |  2 --
 .../cluster/secrets/backend/secret-edit.js    | 34 ++++++++++++-------
 .../vault/cluster/secrets/backend/sign.js     |  4 +++
 ui/app/services/path-help.js                  | 19 ++++++++++-
 ui/app/utils/field-to-attrs.js                |  1 -
 ui/app/utils/openapi-to-attrs.js              |  5 ++-
 9 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index bed8bfa4b2f1..7e62f934313a 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -15,6 +15,7 @@ export default Adapter.extend({
   },
 
   pathForType() {
+    debugger; //eslint-disable-line
     return 'issue';
   },
 
diff --git a/ui/app/adapters/secret.js b/ui/app/adapters/secret.js
index d282d08e89d0..59c39a0387ea 100644
--- a/ui/app/adapters/secret.js
+++ b/ui/app/adapters/secret.js
@@ -34,6 +34,10 @@ export default ApplicationAdapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'mounts';
+  },
+
   optionsForQuery(id, action, wrapTTL) {
     let data = {};
     if (action === 'query') {
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index a5be5a82d7e4..e8a6563c853b 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -40,26 +40,26 @@ export default DS.Model.extend({
     defaultValue: 'iam_user',
     possibleValues: CREDENTIAL_TYPES,
   }),
-  roleArns: attr({
-    editType: 'stringArray',
-    label: 'Role ARNs',
-  }),
-  policyArns: attr({
-    editType: 'stringArray',
-    label: 'Policy ARNs',
-  }),
+  // roleArns: attr({
+  //   editType: 'stringArray',
+  //   label: 'Role ARNs',
+  // }),
+  // policyArns: attr({
+  //   editType: 'stringArray',
+  //   label: 'Policy ARNs',
+  // }),
   policyDocument: attr('string', {
     editType: 'json',
   }),
-  fields: computed('credentialType', function() {
+  fields: computed('credentialType', 'newFields', function() {
     let keys;
-    let credentialType = this.get('credentialType');
+    let credentialType = this.credentialType;
     let keysForType = {
       iam_user: ['name', 'credentialType', 'policyArns', 'policyDocument'],
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType];
+    keys = keysForType[credentialType].concat(this.newFields || []);
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index de3d66bca0f6..a46b1c4f1d17 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -29,7 +29,6 @@ export default Route.extend({
   },
 
   buildModel(action) {
-    debugger; //eslint-disable-line
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(action);
     let name = `model:${modelType}`;
@@ -39,7 +38,6 @@ export default Route.extend({
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
         let attrs = combineAttributes(newModel.attributes, props);
-        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index a2cd340f949c..9df960b7ad2c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -54,22 +54,30 @@ export default Route.extend(UnloadModelRoute, {
   buildModel(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
+    if (modelType in ['secret', 'secret-v2']) {
+      return;
+    }
     let name = `model:${modelType}`;
     let owner = getOwner(this);
-    return this.pathHelp.getProps(modelType, backend).then(props => {
-      let newModel = owner.factoryFor(name).class;
-      if (owner.hasRegistration(name) && !newModel.merged) {
-        //combine them
-        let attrs = combineAttributes(newModel.attributes, props);
+    return this.pathHelp
+      .getProps(modelType, backend)
+      .then(props => {
+        let newModel = owner.factoryFor(name).class;
+        if (owner.hasRegistration(name) && !newModel.merged) {
+          //combine them
+          debugger; //eslint-disable-line
+          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+          newModel = newModel.extend(attrs, { newFields });
+        } else {
+          //generate a whole new model
+        }
+        newModel.reopenClass({ merged: true });
+        owner.unregister(name);
+        owner.register(name, newModel);
+      })
+      .catch(e => {
         debugger; //eslint-disable-line
-        newModel = newModel.extend(attrs);
-      } else {
-        //generate a whole new model
-      }
-      newModel.reopenClass({ merged: true });
-      owner.unregister(name);
-      owner.register(name, newModel);
-    });
+      });
   },
 
   modelType(backend, secret) {
diff --git a/ui/app/routes/vault/cluster/secrets/backend/sign.js b/ui/app/routes/vault/cluster/secrets/backend/sign.js
index 8c33298b01fc..c187a089d183 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/sign.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/sign.js
@@ -14,6 +14,10 @@ export default Route.extend(UnloadModel, {
     };
   },
 
+  pathForType() {
+    return 'sign';
+  },
+
   model(params) {
     const role = params.secret;
     const backendModel = this.backendModel();
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index daaaa4fb1bb1..e63ec87cb13d 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,24 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    let wildcard = { roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
+    let wildcard;
+    switch (path) {
+      case 'roles':
+        wildcard = 'name';
+        break;
+      case 'mounts':
+        if (modelType === 'secret') {
+          wildcard = 'path';
+        } else {
+          wildcard = 'config';
+        }
+        break;
+      case 'sign':
+      case 'issue':
+        wildcard = 'role';
+        break;
+    }
+    //{ roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index 3bf29f5317a6..730c9076bc19 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -39,7 +39,6 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
-  debugger; //eslint-disable-line
   let attributeMap = map || new Map();
   modelClass.eachAttribute((name, meta) => {
     let fieldName = namePrefix ? namePrefix + name : name;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index ee97d11af33a..427fc3b3106a 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,6 +1,7 @@
 import DS from 'ember-data';
 const { attr } = DS;
 import { assign } from '@ember/polyfills';
+import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -23,6 +24,7 @@ export const expandOpenApiProps = function(props) {
 
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
+  let newFields = [];
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));
@@ -35,7 +37,8 @@ export const combineAttributes = function(oldAttrs, newProps) {
       continue;
     } else {
       newAttrs[prop] = attr(newProps[prop].type, newProps[prop]);
+      newFields.push(prop);
     }
   }
-  return newAttrs;
+  return { attrs: newAttrs, newFields };
 };

From 4abfc3d47c292da5a81947a3e221b9089f0de8ca Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 28 Jan 2019 14:03:23 -0500
Subject: [PATCH 07/84] combine fields and fieldgroups for aws, pki, ssh

---
 ui/app/models/pki-certificate.js              |  15 +-
 ui/app/models/role-aws.js                     |  10 +-
 ui/app/models/role-pki.js                     |  16 ++-
 ui/app/models/role-ssh.js                     | 135 +++++++++---------
 .../cluster/secrets/backend/credentials.js    |   4 +-
 .../cluster/secrets/backend/secret-edit.js    |   1 -
 ui/app/services/path-help.js                  |   9 +-
 .../partials/form-field-from-model.hbs        |  97 ++++++++-----
 ui/app/utils/openapi-to-attrs.js              |   1 +
 9 files changed, 182 insertions(+), 106 deletions(-)

diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index b95d3b0ed5ac..ca3c264e93a5 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -80,11 +80,24 @@ export default DS.Model.extend({
     return fieldToAttrs(this, fieldGroups);
   },
 
-  fieldDefinition: computed(function() {
+  fieldDefinition: computed('newFields', function() {
     const groups = [
       { default: ['commonName', 'format'] },
       { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] },
     ];
+    if (this.newFields) {
+      let allFields = [];
+      for (let group in groups) {
+        let type = Object.keys(groups[group])[0];
+        allFields.concat(groups[group]);
+      }
+      let otherFields = this.newFields.filter(field => {
+        !allFields.includes(field);
+      });
+      if (otherFields.length) {
+        groups.push({ Other: otherFields });
+      }
+    }
     return groups;
   }),
 
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index e8a6563c853b..27afc18f9308 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -59,7 +59,15 @@ export default DS.Model.extend({
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType].concat(this.newFields || []);
+    keys = keysForType[credentialType];
+    //TODO: distinguish behind fields intentionally exluded
+    //and fields we need to add in
+    if (this.newFields) {
+      let otherFields = this.newFields.filter(field => !keys.includes(field));
+      if (otherFields.length) {
+        keys = keys.concat(otherFields);
+      }
+    }
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index fa018c69ebab..081a0553f42f 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -124,7 +124,7 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed('backend', function() {
+  fieldGroups: computed('backend', 'merged', function() {
     const groups = [
       { default: ['name', 'keyType'] },
       {
@@ -171,6 +171,20 @@ export default DS.Model.extend({
       },
     ];
 
+    if (this.newFields) {
+      let allFields = [];
+      for (let group in groups) {
+        let fieldName = Object.keys(groups[group])[0];
+        allFields.concat(groups[group][fieldName]);
+      }
+      let otherFields = this.newFields.filter(field => {
+        !allFields.includes(field);
+      });
+      if (otherFields.length) {
+        groups.default.concat(otherFields);
+      }
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 1bb553ab5d6c..9c870f76f0e1 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -53,78 +53,85 @@ export default DS.Model.extend({
   keyType: attr('string', {
     possibleValues: ['ca', 'otp'],
   }),
-  adminUser: attr('string', {
-    helpText: 'Username of the admin user at the remote host',
-  }),
-  defaultUser: attr('string', {
-    helpText: "Username to use when one isn't specified",
-  }),
-  allowedUsers: attr('string', {
-    helpText:
-      'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
-  }),
-  allowedDomains: attr('string', {
-    helpText:
-      'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
-  }),
-  cidrList: attr('string', {
-    label: 'CIDR list',
-    helpText: 'List of CIDR blocks for which this role is applicable',
-  }),
-  excludeCidrList: attr('string', {
-    label: 'Exclude CIDR list',
-    helpText: 'List of CIDR blocks that are not accepted by this role',
-  }),
+  // adminUser: attr('string', {
+  //   helpText: 'Username of the admin user at the remote host',
+  // }),
+  // defaultUser: attr('string', {
+  //   helpText: "Username to use when one isn't specified",
+  // }),
+  // allowedUsers: attr('string', {
+  //   helpText:
+  //     'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
+  // }),
+  // allowedDomains: attr('string', {
+  //   helpText:
+  //     'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
+  // }),
+  // cidrList: attr('string', {
+  //   label: 'CIDR list',
+  //   helpText: 'List of CIDR blocks for which this role is applicable',
+  // }),
+  // excludeCidrList: attr('string', {
+  //   label: 'Exclude CIDR list',
+  //   helpText: 'List of CIDR blocks that are not accepted by this role',
+  // }),
   port: attr('number', {
     defaultValue: 22,
     helpText: 'Port number for the SSH connection (default is `22`)',
   }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
-  allowedCriticalOptions: attr('string', {
-    helpText: 'List of critical options that certificates have when signed',
-  }),
-  defaultCriticalOptions: attr('object', {
-    helpText: 'Map of critical options certificates should have if none are provided when signing',
-  }),
-  allowedExtensions: attr('string', {
-    helpText: 'List of extensions that certificates can have when signed',
-  }),
-  defaultExtensions: attr('object', {
-    helpText: 'Map of extensions certificates should have if none are provided when signing',
-  }),
-  allowUserCertificates: attr('boolean', {
-    helpText: 'Specifies if certificates are allowed to be signed for us as a user',
-  }),
-  allowHostCertificates: attr('boolean', {
-    helpText: 'Specifies if certificates are allowed to be signed for us as a host',
-  }),
-  allowBareDomains: attr('boolean', {
-    helpText:
-      'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
-  }),
-  allowSubdomains: attr('boolean', {
-    helpText:
-      'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
-  }),
-  allowUserKeyIds: attr('boolean', {
-    label: 'Allow user key IDs',
-    helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
-  }),
-  keyIdFormat: attr('string', {
-    label: 'Key ID format',
-    helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
-  }),
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
+  // maxTtl: attr({
+  //   label: 'Max TTL',
+  //   editType: 'ttl',
+  // }),
+  // allowedCriticalOptions: attr('string', {
+  //   helpText: 'List of critical options that certificates have when signed',
+  // }),
+  // defaultCriticalOptions: attr('object', {
+  //   helpText: 'Map of critical options certificates should have if none are provided when signing',
+  // }),
+  // allowedExtensions: attr('string', {
+  //   helpText: 'List of extensions that certificates can have when signed',
+  // }),
+  // defaultExtensions: attr('object', {
+  //   helpText: 'Map of extensions certificates should have if none are provided when signing',
+  // }),
+  // allowUserCertificates: attr('boolean', {
+  //   helpText: 'Specifies if certificates are allowed to be signed for us as a user',
+  // }),
+  // allowHostCertificates: attr('boolean', {
+  //   helpText: 'Specifies if certificates are allowed to be signed for us as a host',
+  // }),
+  // allowBareDomains: attr('boolean', {
+  //   helpText:
+  //     'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
+  // }),
+  // allowSubdomains: attr('boolean', {
+  //   helpText:
+  //     'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
+  // }),
+  // allowUserKeyIds: attr('boolean', {
+  //   label: 'Allow user key IDs',
+  //   helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
+  // }),
+  // keyIdFormat: attr('string', {
+  //   label: 'Key ID format',
+  //   helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
+  // }),
 
   attrsForKeyType: computed('keyType', function() {
     const keyType = this.get('keyType');
     let keys = keyType === 'ca' ? CA_FIELDS.slice(0) : OTP_FIELDS.slice(0);
+    debugger; //eslint-disable-line
+    // if (this.newFields) {
+    //   let otherFields = this.newFields.filter(field => !keys.includes(field));
+    //   if (otherFields.length) {
+    //     keys = keys.concat(otherFields);
+    //   }
+    // }
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index a46b1c4f1d17..44e8c6de144f 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -37,8 +37,8 @@ export default Route.extend({
       let newModel = owner.factoryFor(name).class;
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        let attrs = combineAttributes(newModel.attributes, props);
-        newModel = newModel.extend(attrs);
+        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        newModel = newModel.extend(attrs, { newFields });
       } else {
         //generate a whole new model
       }
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 9df960b7ad2c..ec0e0de40225 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -65,7 +65,6 @@ export default Route.extend(UnloadModelRoute, {
         let newModel = owner.factoryFor(name).class;
         if (owner.hasRegistration(name) && !newModel.merged) {
           //combine them
-          debugger; //eslint-disable-line
           let { attrs, newFields } = combineAttributes(newModel.attributes, props);
           newModel = newModel.extend(attrs, { newFields });
         } else {
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e63ec87cb13d..ab094d031db8 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,10 +24,15 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    debugger; //eslint-disable-line
     let wildcard;
     switch (path) {
       case 'roles':
-        wildcard = 'name';
+        if (modelType === 'role-ssh') {
+          wildcard = 'role';
+        } else {
+          wildcard = 'name';
+        }
         break;
       case 'mounts':
         if (modelType === 'secret') {
@@ -41,8 +46,8 @@ export default Service.extend({
         wildcard = 'role';
         break;
     }
-    //{ roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
+      debugger; //eslint-disable-line
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
           .properties;
diff --git a/ui/app/templates/partials/form-field-from-model.hbs b/ui/app/templates/partials/form-field-from-model.hbs
index 43acae746a43..ca7e49df25ab 100644
--- a/ui/app/templates/partials/form-field-from-model.hbs
+++ b/ui/app/templates/partials/form-field-from-model.hbs
@@ -1,23 +1,38 @@
 <div class="field">
-  {{#unless (or attr.options.editType (eq attr.type 'boolean'))}}
+  {{#unless
+    (or
+      (contains
+        attr.options.editType
+        (array
+          "boolean"
+          "searchSelect"
+          "mountAccessor"
+          "kv"
+          "file"
+          "ttl"
+          "stringArray"
+          "json"
+        )
+      )
+      (eq attr.type "boolean")
+    )
+  }}
     <label for="{{attr.name}}" class="is-label">
       {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
       {{#if attr.options.helpText}}
-        {{#info-tooltip}}
-          {{attr.options.helpText}}
-        {{/info-tooltip}}
+        {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
       {{/if}}
     </label>
   {{/unless}}
   {{#if attr.options.possibleValues}}
-    <div class="control is-expanded" >
+    <div class="control is-expanded">
       <div class="select is-fullwidth">
         <select
           name="{{attr.name}}"
           id="{{attr.name}}"
           onchange={{action (mut (get model attr.name)) value="target.value"}}
           data-test-input={{attr.name}}
-          >
+        >
           {{#each attr.options.possibleValues as |val|}}
             <option selected={{eq (get model attr.name) val}} value={{val}}>
               {{val}}
@@ -26,34 +41,48 @@
         </select>
       </div>
     </div>
-  {{else if (eq attr.options.editType 'ttl')}}
-    {{ttl-picker initialValue=(or (get model attr.name) attr.options.defaultValue) labelText=(if attr.options.label attr.options.label (humanize (dasherize attr.name))) setDefaultValue=false onChange=(action (mut (get model attr.name)))}}
-  {{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+  {{else if (eq attr.options.editType "ttl")}}
+    {{ttl-picker
+      initialValue=(or (get model attr.name) attr.options.defaultValue)
+      labelText=(if
+        attr.options.label attr.options.label (humanize (dasherize attr.name))
+      )
+      setDefaultValue=false
+      onChange=(action (mut (get model attr.name)))
+    }}
+  {{else if (or (eq attr.type "number") (eq attr.type "string"))}}
     <div class="control">
-      {{input id=attr.name value=(get model (or attr.options.fieldValue attr.name)) class="input" data-test-input=attr.name}}
+      {{input
+        id=attr.name
+        value=(get model (or attr.options.fieldValue attr.name))
+        class="input"
+        data-test-input=attr.name
+      }}
     </div>
-  {{else if (eq attr.type 'boolean')}}
+  {{else if (eq attr.type "boolean")}}
     <div class="b-checkbox">
-      <input type="checkbox"
-       id="{{attr.name}}"
-       class="styled"
-         checked={{get model attr.name}}
-         onchange={{action (mut (get model attr.name)) value="target.checked"}}
-         data-test-input={{attr.name}}
-        />
-        <label for="{{attr.name}}" class="is-label">
-          {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
-          {{#if attr.options.helpText}}
-            {{#info-tooltip}}
-              {{attr.options.helpText}}
-            {{/info-tooltip}}
-          {{/if}}
-        </label>
-      </div>
-    {{else if (eq attr.type 'object')}}
-      {{json-editor
-        value=(if (get model attr.name) (stringify (get model attr.name)) emptyData)
-        valueUpdated=(action "codemirrorUpdated" attr.name)
-      }}
-    {{/if}}
-  </div>
+      <input
+        type="checkbox"
+        id="{{attr.name}}"
+        class="styled"
+        checked={{get model attr.name}}
+        onchange={{action (mut (get model attr.name)) value="target.checked"}}
+        data-test-input={{attr.name}}
+       />
+
+      <label for="{{attr.name}}" class="is-label">
+        {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
+        {{#if attr.options.helpText}}
+          {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
+        {{/if}}
+      </label>
+    </div>
+  {{else if (eq attr.type "object")}}
+    {{json-editor
+      value=(if
+        (get model attr.name) (stringify (get model attr.name)) emptyData
+      )
+      valueUpdated=(action "codemirrorUpdated" attr.name)
+    }}
+  {{/if}}
+</div>
\ No newline at end of file
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 427fc3b3106a..bc190961f817 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -25,6 +25,7 @@ export const expandOpenApiProps = function(props) {
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
   let newFields = [];
+  debugger; //eslint-disable-line
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));

From 71e764a0ab903747316479ff3e10973e506247dc Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 29 Jan 2019 11:39:32 -0500
Subject: [PATCH 08/84] add flag to ignore openAPI if we only want the ones
 listed in the model

---
 ui/app/models/role-aws.js                     | 36 ++++++++-----------
 .../cluster/secrets/backend/secret-edit.js    |  6 +++-
 ui/app/services/path-help.js                  |  3 +-
 ui/app/utils/openapi-to-attrs.js              |  5 +++
 4 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index 27afc18f9308..06e608e973c1 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -20,7 +20,7 @@ const CREDENTIAL_TYPES = [
     displayName: 'Federation Token',
   },
 ];
-export default DS.Model.extend({
+const roleAWSModel = DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
@@ -40,37 +40,27 @@ export default DS.Model.extend({
     defaultValue: 'iam_user',
     possibleValues: CREDENTIAL_TYPES,
   }),
-  // roleArns: attr({
-  //   editType: 'stringArray',
-  //   label: 'Role ARNs',
-  // }),
-  // policyArns: attr({
-  //   editType: 'stringArray',
-  //   label: 'Policy ARNs',
-  // }),
+  roleArns: attr({
+    editType: 'stringArray',
+    label: 'Role ARNs',
+  }),
+  policyArns: attr({
+    editType: 'stringArray',
+    label: 'Policy ARNs',
+  }),
   policyDocument: attr('string', {
     editType: 'json',
   }),
-  fields: computed('credentialType', 'newFields', function() {
-    let keys;
+  fields: computed('credentialType', function() {
     let credentialType = this.credentialType;
     let keysForType = {
       iam_user: ['name', 'credentialType', 'policyArns', 'policyDocument'],
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType];
-    //TODO: distinguish behind fields intentionally exluded
-    //and fields we need to add in
-    if (this.newFields) {
-      let otherFields = this.newFields.filter(field => !keys.includes(field));
-      if (otherFields.length) {
-        keys = keys.concat(otherFields);
-      }
-    }
-    return expandAttributeMeta(this, keys);
-  }),
 
+    return expandAttributeMeta(this, keysForType[credentialType]);
+  }),
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
   canEdit: alias('updatePath.canUpdate'),
@@ -79,3 +69,5 @@ export default DS.Model.extend({
   generatePath: lazyCapabilities(apiPath`${'backend'}/creds/${'id'}`, 'backend', 'id'),
   canGenerate: alias('generatePath.canUpdate'),
 });
+roleAWSModel.reopenClass({ useOpenAPI: false });
+export default roleAWSModel;
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index ec0e0de40225..d3c217a1f081 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -59,10 +59,14 @@ export default Route.extend(UnloadModelRoute, {
     }
     let name = `model:${modelType}`;
     let owner = getOwner(this);
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || newModel.useOpenAPI === false) {
+      return resolve();
+    }
+
     return this.pathHelp
       .getProps(modelType, backend)
       .then(props => {
-        let newModel = owner.factoryFor(name).class;
         if (owner.hasRegistration(name) && !newModel.merged) {
           //combine them
           let { attrs, newFields } = combineAttributes(newModel.attributes, props);
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index ab094d031db8..c92037617d03 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,6 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    debugger; //eslint-disable-line
     let wildcard;
     switch (path) {
       case 'roles':
@@ -46,8 +45,8 @@ export default Service.extend({
         wildcard = 'role';
         break;
     }
+
     return this.ajax(helpUrl, backend).then(help => {
-      debugger; //eslint-disable-line
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
           .properties;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index bc190961f817..d6b485c6cb23 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -14,10 +14,15 @@ export const expandOpenApiProps = function(props) {
     } else if (details.items) {
       editType = details.items.type + details.type.capitalize();
     }
+
     attrs[prop.camelize()] = {
       editType: editType,
       type: details.type,
     };
+
+    if (props[prop]['x-vault-display-name']) {
+      attrs[prop.camelize()].label = props[prop]['x-vault-display-name'];
+    }
   }
   return attrs;
 };

From fe41675a0fe6ea806b36a841ffbaac930256f1af Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 09:09:30 -0800
Subject: [PATCH 09/84] add display names to pki

---
 builtin/logical/pki/path_roles.go | 48 +++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index e796df0122df..226e6f59bf80 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -31,9 +31,16 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
+			"backend": &framework.FieldSchema{
+				Type:        framework.TypeString,
+				Description: "Backend Type",
+				DisplayName: "Backend",
+			},
+
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the role",
+				DisplayName: "Role name",
 			},
 
 			"ttl": &framework.FieldSchema{
@@ -42,11 +49,13 @@ func pathRoles(b *backend) *framework.Path {
 requested. The lease duration controls the expiration
 of certificates issued by this backend. Defaults to
 the value of max_ttl.`,
+				DisplayName: "TTL",
 			},
 
 			"max_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: "The maximum allowed lease duration",
+				DisplayName: "Max TTL",
 			},
 
 			"allow_localhost": &framework.FieldSchema{
@@ -54,6 +63,7 @@ the value of max_ttl.`,
 				Default: true,
 				Description: `Whether to allow "localhost" as a valid common
 name in a request`,
+				DisplayName: "Allow Localhost",
 			},
 
 			"allowed_domains": &framework.FieldSchema{
@@ -63,6 +73,7 @@ subdomains directly beneath these domains, including
 the wildcard subdomains. See the documentation for more
 information. This parameter accepts a comma-separated 
 string or list of domains.`,
+				DisplayName: "Allowed Domains",
 			},
 
 			"allow_bare_domains": &framework.FieldSchema{
@@ -71,6 +82,7 @@ string or list of domains.`,
 for the base domains themselves, e.g. "example.com".
 This is a separate option as in some cases this can
 be considered a security threat.`,
+				DisplayName: "Allow Bare Domains",
 			},
 
 			"allow_subdomains": &framework.FieldSchema{
@@ -79,6 +91,7 @@ be considered a security threat.`,
 subdomains of the CNs allowed by the other role options,
 including wildcard subdomains. See the documentation for
 more information.`,
+				DisplayName: "Allow Subdomains",
 			},
 
 			"allow_glob_domains": &framework.FieldSchema{
@@ -86,6 +99,7 @@ more information.`,
 				Description: `If set, domains specified in "allowed_domains"
 can include glob patterns, e.g. "ftp*.example.com". See
 the documentation for more information.`,
+				DisplayName: "Allow Glob Domains",
 			},
 
 			"allow_any_name": &framework.FieldSchema{
@@ -93,6 +107,7 @@ the documentation for more information.`,
 				Description: `If set, clients can request certificates for
 any CN they like. See the documentation for more
 information.`,
+				DisplayName: "Allow Any Name",
 			},
 
 			"enforce_hostnames": &framework.FieldSchema{
@@ -100,6 +115,7 @@ information.`,
 				Default: true,
 				Description: `If set, only valid host names are allowed for
 CN and SANs. Defaults to true.`,
+				DisplayName: "Allow Bare Domains",
 			},
 
 			"allow_ip_sans": &framework.FieldSchema{
@@ -107,22 +123,26 @@ CN and SANs. Defaults to true.`,
 				Default: true,
 				Description: `If set, IP Subject Alternative Names are allowed.
 Any valid IP is accepted.`,
+				DisplayName: "Allow IP Subject Alternative Names",
 			},
 
 			"allowed_uri_sans": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed URIs to put in the URI Subject Alternative Names.
 Any valid URI is accepted, these values support globbing.`,
+				DisplayName: "Allowed URI Subject Alternative Names",
 			},
 
 			"allowed_other_sans": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format <oid>;<type>:<value>. Currently only "utf8" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single "*" which allows any OID and any value (but type must still be utf8).`,
+				DisplayName: "Allow Other Subject Alternative Names",
 			},
 
 			"allowed_serial_numbers": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed serial numbers to put in Subject. These values support globbing.`,
+				DisplayName: "Allowed Serial Numbers",
 			},
 
 			"server_flag": &framework.FieldSchema{
@@ -130,6 +150,7 @@ Any valid URI is accepted, these values support globbing.`,
 				Default: true,
 				Description: `If set, certificates are flagged for server auth use.
 Defaults to true.`,
+				DisplayName: "Server Flag",
 			},
 
 			"client_flag": &framework.FieldSchema{
@@ -137,18 +158,21 @@ Defaults to true.`,
 				Default: true,
 				Description: `If set, certificates are flagged for client auth use.
 Defaults to true.`,
+				DisplayName: "Client Flag",
 			},
 
 			"code_signing_flag": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `If set, certificates are flagged for code signing
 use. Defaults to false.`,
+				DisplayName: "Code Signing Flag",
 			},
 
 			"email_protection_flag": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `If set, certificates are flagged for email
 protection use. Defaults to false.`,
+				DisplayName: "Email Protection Flag",
 			},
 
 			"key_type": &framework.FieldSchema{
@@ -156,6 +180,7 @@ protection use. Defaults to false.`,
 				Default: "rsa",
 				Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
+				DisplayName: "Key Type",
 			},
 
 			"key_bits": &framework.FieldSchema{
@@ -164,6 +189,7 @@ and "ec" are the only valid values.`,
 				Description: `The number of bits to use. You will almost
 certainly want to change this if you adjust
 the key_type.`,
+				DisplayName: "Key Bits",
 			},
 
 			"key_usage": &framework.FieldSchema{
@@ -175,6 +201,7 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
 -- simply drop the "KeyUsage" part of the name.
 To remove all key usages from being set, set
 this value to an empty list.`,
+				DisplayName: "Key Usage",
 			},
 
 			"ext_key_usage": &framework.FieldSchema{
@@ -185,11 +212,13 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
 -- simply drop the "ExtKeyUsage" part of the name.
 To remove all key usages from being set, set
 this value to an empty list.`,
+				DisplayName: "Extended Key Usage",
 			},
 
 			"ext_key_usage_oids": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or list of extended key usage oids.`,
+				DisplayName: "Extended Key Usage OIDs",
 			},
 
 			"use_csr_common_name": &framework.FieldSchema{
@@ -199,6 +228,7 @@ this value to an empty list.`,
 the common name in the CSR will be used. This
 does *not* include any requested Subject Alternative
 Names. Defaults to true.`,
+				DisplayName: "Use CSR Common Name",
 			},
 
 			"use_csr_sans": &framework.FieldSchema{
@@ -207,48 +237,56 @@ Names. Defaults to true.`,
 				Description: `If set, when used with a signing profile,
 the SANs in the CSR will be used. This does *not*
 include the Common Name (cn). Defaults to true.`,
+				DisplayName: "Use CSR Subject Alternative Names",
 			},
 
 			"ou": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, OU (OrganizationalUnit) will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Organizational Unit",
 			},
 
 			"organization": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, O (Organization) will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Organization",
 			},
 
 			"country": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Country will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Country",
 			},
 
 			"locality": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Locality will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Locality/City",
 			},
 
 			"province": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Province will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Province/State",
 			},
 
 			"street_address": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Street Address will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Street Address",
 			},
 
 			"postal_code": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Postal Code will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Postal Code",
 			},
 
 			"generate_lease": &framework.FieldSchema{
@@ -262,7 +300,9 @@ disabled, invoking "pki/revoke" would be the only way to add the certificates
 to the CRL.  When large number of certificates are generated with long
 lifetimes, it is recommended that lease generation be disabled, as large amount of
 leases adversely affect the startup time of Vault.`,
+				DisplayName: "Generate Lease",
 			},
+
 			"no_store": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `
@@ -272,24 +312,32 @@ certificates. However, certificates issued in this way cannot be enumerated
 or revoked, so this option is recommended only for certificates that are
 non-sensitive, or extremely short-lived. This option implies a value of "false"
 for "generate_lease".`,
+				DisplayName: "No Store",
 			},
+
 			"require_cn": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Default:     true,
 				Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`,
+				DisplayName: "Use CSR Common Name",
 			},
+
 			"policy_identifiers": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or list of policy oids.`,
+				DisplayName: "Policy Identifiers",
 			},
+
 			"basic_constraints_valid_for_non_ca": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `Mark Basic Constraints valid when issuing non-CA certificates.`,
+				DisplayName: "Basic Constraints Valid for Non-CA",
 			},
 			"not_before_duration": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Default:     30,
 				Description: `The duration before now the cert needs to be created / signed.`,
+				DisplayName: "Not Before Duration",
 			},
 		},
 

From 196dcff131a5f01fabcf31d76109ab126c450189 Mon Sep 17 00:00:00 2001
From: Jim Kalafut <jkalafut@hashicorp.com>
Date: Tue, 15 Jan 2019 16:52:33 -0800
Subject: [PATCH 10/84] Add fields to support UI/display uses, along with
 OpenAPI mappings

---
 logical/framework/backend.go               | 14 +++++-
 logical/framework/openapi.go               | 50 ++++++++++++++--------
 logical/framework/openapi_test.go          |  9 ++++
 logical/framework/testdata/operations.json |  9 ++++
 4 files changed, 63 insertions(+), 19 deletions(-)

diff --git a/logical/framework/backend.go b/logical/framework/backend.go
index 52b490b56eb6..c6a12112cb4f 100644
--- a/logical/framework/backend.go
+++ b/logical/framework/backend.go
@@ -14,7 +14,7 @@ import (
 
 	"github.com/hashicorp/errwrap"
 	log "github.com/hashicorp/go-hclog"
-	"github.com/hashicorp/go-multierror"
+	multierror "github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/vault/helper/errutil"
 	"github.com/hashicorp/vault/helper/license"
 	"github.com/hashicorp/vault/helper/logging"
@@ -505,6 +505,18 @@ type FieldSchema struct {
 	Description string
 	Required    bool
 	Deprecated  bool
+
+	// AllowedValues is an optional list of permitted values for this field.
+	// This constraint is not (yet) enforced by the framework, but the list is
+	// output as part of OpenAPI generation and may effect documentation and
+	// dynamic UI generation.
+	AllowedValues []interface{}
+
+	// Display* members are available to provide hints for UI and documentation
+	// generators. They will be included in OpenAPI output if set.
+	DisplayName      string
+	DisplayValue     interface{}
+	DisplaySensitive bool
 }
 
 // DefaultOrZero returns the default value if it is set, or otherwise
diff --git a/logical/framework/openapi.go b/logical/framework/openapi.go
index adc4e38a3044..4985fe9e6b33 100644
--- a/logical/framework/openapi.go
+++ b/logical/framework/openapi.go
@@ -148,14 +148,19 @@ type OASMediaTypeObject struct {
 }
 
 type OASSchema struct {
-	Type        string                `json:"type,omitempty"`
-	Description string                `json:"description,omitempty"`
-	Properties  map[string]*OASSchema `json:"properties,omitempty"`
-	Items       *OASSchema            `json:"items,omitempty"`
-	Format      string                `json:"format,omitempty"`
-	Pattern     string                `json:"pattern,omitempty"`
-	Example     interface{}           `json:"example,omitempty"`
-	Deprecated  bool                  `json:"deprecated,omitempty"`
+	Type             string                `json:"type,omitempty"`
+	Description      string                `json:"description,omitempty"`
+	Properties       map[string]*OASSchema `json:"properties,omitempty"`
+	Items            *OASSchema            `json:"items,omitempty"`
+	Format           string                `json:"format,omitempty"`
+	Pattern          string                `json:"pattern,omitempty"`
+	Enum             []interface{}         `json:"enum,omitempty"`
+	Example          interface{}           `json:"example,omitempty"`
+	Deprecated       bool                  `json:"deprecated,omitempty"`
+	Required         bool                  `json:"required,omitempty"`
+	DisplayName      string                `json:"x-vault-display-name,omitempty" mapstructure:"x-vault-display-name,omitempty"`
+	DisplayValue     interface{}           `json:"x-vault-display-value,omitempty" mapstructure:"x-vault-display-value,omitempty"`
+	DisplaySensitive bool                  `json:"x-vault-display-sensitive,omitempty" mapstructure:"x-vault-display-sensitive,omitempty"`
 }
 
 type OASResponse struct {
@@ -255,8 +260,12 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back
 				Description: cleanString(field.Description),
 				In:          location,
 				Schema: &OASSchema{
-					Type:    t.baseType,
-					Pattern: t.pattern,
+					Type:             t.baseType,
+					Pattern:          t.pattern,
+					Enum:             field.AllowedValues,
+					DisplayName:      field.DisplayName,
+					DisplayValue:     field.DisplayValue,
+					DisplaySensitive: field.DisplaySensitive,
 				},
 				Required:   required,
 				Deprecated: field.Deprecated,
@@ -307,11 +316,16 @@ func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.Back
 				for name, field := range bodyFields {
 					openapiField := convertType(field.Type)
 					p := OASSchema{
-						Type:        openapiField.baseType,
-						Description: cleanString(field.Description),
-						Format:      openapiField.format,
-						Pattern:     openapiField.pattern,
-						Deprecated:  field.Deprecated,
+						Type:             openapiField.baseType,
+						Description:      cleanString(field.Description),
+						Format:           openapiField.format,
+						Pattern:          openapiField.pattern,
+						Enum:             field.AllowedValues,
+						Required:         field.Required,
+						Deprecated:       field.Deprecated,
+						DisplayName:      field.DisplayName,
+						DisplayValue:     field.DisplayValue,
+						DisplaySensitive: field.DisplaySensitive,
 					}
 					if openapiField.baseType == "array" {
 						p.Items = &OASSchema{
@@ -530,9 +544,9 @@ func convertType(t FieldType) schemaType {
 		ret.baseType = "string"
 		ret.format = "lowercase"
 	case TypeInt:
-		ret.baseType = "number"
+		ret.baseType = "integer"
 	case TypeDurationSecond:
-		ret.baseType = "number"
+		ret.baseType = "integer"
 		ret.format = "seconds"
 	case TypeBool:
 		ret.baseType = "boolean"
@@ -550,7 +564,7 @@ func convertType(t FieldType) schemaType {
 		ret.items = "string"
 	case TypeCommaIntSlice:
 		ret.baseType = "array"
-		ret.items = "number"
+		ret.items = "integer"
 	default:
 		log.L().Warn("error parsing field type", "type", t)
 		ret.format = "unknown"
diff --git a/logical/framework/openapi_test.go b/logical/framework/openapi_test.go
index 444d0d3081b0..64ab04488849 100644
--- a/logical/framework/openapi_test.go
+++ b/logical/framework/openapi_test.go
@@ -328,6 +328,15 @@ func TestOpenAPI_Paths(t *testing.T) {
 					Type:        TypeNameString,
 					Description: "the name",
 				},
+				"age": {
+					Type:             TypeInt,
+					Description:      "the age",
+					AllowedValues:    []interface{}{1, 2, 3},
+					Required:         true,
+					DisplayName:      "Age",
+					DisplayValue:     7,
+					DisplaySensitive: true,
+				},
 				"x-abc-token": {
 					Type:        TypeHeader,
 					Description: "a header value",
diff --git a/logical/framework/testdata/operations.json b/logical/framework/testdata/operations.json
index 8f1222ab95b2..3ad632d286e4 100644
--- a/logical/framework/testdata/operations.json
+++ b/logical/framework/testdata/operations.json
@@ -72,6 +72,15 @@
                       "type": "string"
                     }
                   },
+                  "age": {
+                    "type": "integer",
+                    "description": "the age",
+                    "enum": [1, 2, 3],
+                    "required": true,
+                    "x-vault-display-name": "Age",
+                    "x-vault-display-value": 7,
+                    "x-vault-display-sensitive": true
+                  },
                   "name": {
                     "type": "string",
                     "description": "the name",

From a804c2ce29dc5d6419093c9f0fc65248eb45f12b Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 10:36:50 -0800
Subject: [PATCH 11/84] wip - add pki

---
 builtin/logical/pki/path_roles.go             | 39 ++++++++++++-------
 ui/app/models/role-pki.js                     |  6 +--
 .../cluster/secrets/backend/credentials.js    |  1 +
 ui/app/services/path-help.js                  |  2 -
 ui/app/utils/openapi-to-attrs.js              |  6 ++-
 5 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index 226e6f59bf80..2d79e023395c 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -63,7 +63,8 @@ the value of max_ttl.`,
 				Default: true,
 				Description: `Whether to allow "localhost" as a valid common
 name in a request`,
-				DisplayName: "Allow Localhost",
+				DisplayName:  "Allow Localhost",
+				DisplayValue: true,
 			},
 
 			"allowed_domains": &framework.FieldSchema{
@@ -115,7 +116,8 @@ information.`,
 				Default: true,
 				Description: `If set, only valid host names are allowed for
 CN and SANs. Defaults to true.`,
-				DisplayName: "Allow Bare Domains",
+				DisplayName:  "Allow Bare Domains",
+				DisplayValue: true,
 			},
 
 			"allow_ip_sans": &framework.FieldSchema{
@@ -123,7 +125,8 @@ CN and SANs. Defaults to true.`,
 				Default: true,
 				Description: `If set, IP Subject Alternative Names are allowed.
 Any valid IP is accepted.`,
-				DisplayName: "Allow IP Subject Alternative Names",
+				DisplayName:  "Allow IP Subject Alternative Names",
+				DisplayValue: true,
 			},
 
 			"allowed_uri_sans": &framework.FieldSchema{
@@ -150,7 +153,8 @@ Any valid URI is accepted, these values support globbing.`,
 				Default: true,
 				Description: `If set, certificates are flagged for server auth use.
 Defaults to true.`,
-				DisplayName: "Server Flag",
+				DisplayName:  "Server Flag",
+				DisplayValue: true,
 			},
 
 			"client_flag": &framework.FieldSchema{
@@ -158,7 +162,8 @@ Defaults to true.`,
 				Default: true,
 				Description: `If set, certificates are flagged for client auth use.
 Defaults to true.`,
-				DisplayName: "Client Flag",
+				DisplayName:  "Client Flag",
+				DisplayValue: true,
 			},
 
 			"code_signing_flag": &framework.FieldSchema{
@@ -181,6 +186,7 @@ protection use. Defaults to false.`,
 				Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
 				DisplayName: "Key Type",
+				DisplayValue: "rsa"
 			},
 
 			"key_bits": &framework.FieldSchema{
@@ -190,6 +196,7 @@ and "ec" are the only valid values.`,
 certainly want to change this if you adjust
 the key_type.`,
 				DisplayName: "Key Bits",
+				DisplayValue: 2048,
 			},
 
 			"key_usage": &framework.FieldSchema{
@@ -202,6 +209,7 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Key Usage",
+				DisplayValue: []string{"DigitalSignature", "KeyAgreement", "KeyEncipherment"},
 			},
 
 			"ext_key_usage": &framework.FieldSchema{
@@ -213,6 +221,7 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Extended Key Usage",
+				DisplayValue: []string{},
 			},
 
 			"ext_key_usage_oids": &framework.FieldSchema{
@@ -229,6 +238,7 @@ the common name in the CSR will be used. This
 does *not* include any requested Subject Alternative
 Names. Defaults to true.`,
 				DisplayName: "Use CSR Common Name",
+				DisplayValue: true,
 			},
 
 			"use_csr_sans": &framework.FieldSchema{
@@ -238,6 +248,7 @@ Names. Defaults to true.`,
 the SANs in the CSR will be used. This does *not*
 include the Common Name (cn). Defaults to true.`,
 				DisplayName: "Use CSR Subject Alternative Names",
+				DisplayValue: true,
 			},
 
 			"ou": &framework.FieldSchema{
@@ -316,10 +327,11 @@ for "generate_lease".`,
 			},
 
 			"require_cn": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Default:     true,
-				Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`,
-				DisplayName: "Use CSR Common Name",
+				Type:         framework.TypeBool,
+				Default:      true,
+				Description:  `If set to false, makes the 'common_name' field optional while generating a certificate.`,
+				DisplayName:  "Use CSR Common Name",
+				DisplayValue: true,
 			},
 
 			"policy_identifiers": &framework.FieldSchema{
@@ -334,10 +346,11 @@ for "generate_lease".`,
 				DisplayName: "Basic Constraints Valid for Non-CA",
 			},
 			"not_before_duration": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     30,
-				Description: `The duration before now the cert needs to be created / signed.`,
-				DisplayName: "Not Before Duration",
+				Type:         framework.TypeDurationSecond,
+				Default:      30,
+				Description:  `The duration before now the cert needs to be created / signed.`,
+				DisplayName:  "Not Before Duration",
+				DisplayValue: 30,
 			},
 		},
 
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 081a0553f42f..c584a00168b9 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,9 +15,9 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['rsa', 'ec'],
-  }),
+  // keyType: attr('string', {
+  //   possibleValues: ['rsa', 'ec'],
+  // }),
   // ttl: attr({
   //   label: 'TTL',
   //   editType: 'ttl',
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 44e8c6de144f..80fa4ec0c531 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -38,6 +38,7 @@ export default Route.extend({
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs, { newFields });
       } else {
         //generate a whole new model
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index ab094d031db8..040340920549 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,6 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    debugger; //eslint-disable-line
     let wildcard;
     switch (path) {
       case 'roles':
@@ -47,7 +46,6 @@ export default Service.extend({
         break;
     }
     return this.ajax(helpUrl, backend).then(help => {
-      debugger; //eslint-disable-line
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
           .properties;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index bc190961f817..5e35bb73be30 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -17,7 +17,12 @@ export const expandOpenApiProps = function(props) {
     attrs[prop.camelize()] = {
       editType: editType,
       type: details.type,
+      label: details['x-vault-display-name'],
+      possibleValues: details['x-vault-allowed-values'],
+      defaultValue: details['x-vault-display-value'],
     };
+
+    // todo: add label, possibleValues, and defaultValue only if they exist
   }
   return attrs;
 };
@@ -25,7 +30,6 @@ export const expandOpenApiProps = function(props) {
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
   let newFields = [];
-  debugger; //eslint-disable-line
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));

From 13172fd06e938881b7c68fc249ca21f497be7d25 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 15:28:06 -0800
Subject: [PATCH 12/84] add ldap auth

---
 helper/ldaputil/config.go | 52 +++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/helper/ldaputil/config.go b/helper/ldaputil/config.go
index 9da1ffd71a11..3174c01f3293 100644
--- a/helper/ldaputil/config.go
+++ b/helper/ldaputil/config.go
@@ -22,26 +22,33 @@ func ConfigFields() map[string]*framework.FieldSchema {
 			Type:        framework.TypeString,
 			Default:     "ldap://127.0.0.1",
 			Description: "LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.",
+			DisplayName: "URL",
 		},
 
 		"userdn": {
 			Type:        framework.TypeString,
 			Description: "LDAP domain to use for users (eg: ou=People,dc=example,dc=org)",
+			DisplayName: "User DN",
 		},
 
 		"binddn": {
 			Type:        framework.TypeString,
 			Description: "LDAP DN for searching for the user DN (optional)",
+			DisplayName: "binddn"
 		},
 
 		"bindpass": {
 			Type:        framework.TypeString,
 			Description: "LDAP password for searching for the user DN (optional)",
+			DisplayName: "Password",
+			DisplaySensitive: true,
+
 		},
 
 		"groupdn": {
 			Type:        framework.TypeString,
 			Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)",
+			DisplayName: "Group DN"
 		},
 
 		"groupfilter": {
@@ -51,6 +58,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
 The template can access the following context variables: UserDN, Username
 Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
 Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`,
+			DisplayName: "Group Filter",
+			DisplayValue: "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))",
 		},
 
 		"groupattr": {
@@ -60,55 +69,76 @@ Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}
 in order to enumerate user group membership.
 Examples: "cn" or "memberOf", etc.
 Default: cn`,
+			DisplayName: "Group Attribute",
+			DisplayValue: "cn",
 		},
 
 		"upndomain": {
 			Type:        framework.TypeString,
 			Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)",
+			DisplayName: "User Principal (UPN) Domain"
 		},
 
 		"userattr": {
 			Type:        framework.TypeString,
 			Default:     "cn",
 			Description: "Attribute used for users (default: cn)",
+			DisplayName: "User Attribute",
+			DisplayValue: "cn"
+
 		},
 
 		"certificate": {
 			Type:        framework.TypeString,
 			Description: "CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)",
+			DisplayName: "Certificate",
 		},
 
 		"discoverdn": {
 			Type:        framework.TypeBool,
 			Description: "Use anonymous bind to discover the bind DN of a user (optional)",
+			DisplayName: "Discover DN",
+			DisplayValue: false,
 		},
 
 		"insecure_tls": {
-			Type:        framework.TypeBool,
-			Description: "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
+			Type:         framework.TypeBool,
+			Description:  "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
+			DisplayName:  "Insecure TLS",
+			DisplayValue: false,
 		},
 
 		"starttls": {
-			Type:        framework.TypeBool,
-			Description: "Issue a StartTLS command after establishing unencrypted connection (optional)",
+			Type:         framework.TypeBool,
+			Description:  "Issue a StartTLS command after establishing unencrypted connection (optional)",
+			DisplayName:  "StartTLS",
+			DisplayValue: false,
 		},
 
 		"tls_min_version": {
-			Type:        framework.TypeString,
-			Default:     "tls12",
-			Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			Type:          framework.TypeString,
+			Default:       "tls12",
+			Description:   "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			DisplayName:   "Minimum TLS Version",
+			DisplayValue:  "tls12",
+			AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
 		},
 
 		"tls_max_version": {
-			Type:        framework.TypeString,
-			Default:     "tls12",
-			Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			Type:          framework.TypeString,
+			Default:       "tls12",
+			Description:   "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			DisplayName:   "Maxumum TLS Version",
+			DisplayValue:  "tls12",
+			AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
 		},
 
 		"deny_null_bind": {
 			Type:        framework.TypeBool,
 			Default:     true,
 			Description: "Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true",
+			DisplayName: "Deny Null Bind",
+			DisplayValue: true,
 		},
 
 		"case_sensitive_names": {
@@ -120,6 +150,8 @@ Default: cn`,
 			Type:        framework.TypeBool,
 			Default:     false,
 			Description: "If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.",
+			DisplayName: "Use Token Groups",
+			DisplayValue: false,
 		},
 	}
 }

From ef212531f40cf9926c3d472630b41e03eef6f248 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 15 Jan 2019 11:55:12 -0500
Subject: [PATCH 13/84] ping openapi and grab current model

---
 ui/app/adapters/secret-engine.js              |  14 +-
 ui/app/models/role-pki.js                     | 188 +++++++++---------
 .../routes/vault/cluster/secrets/backend.js   |   3 +
 .../cluster/secrets/backend/secret-edit.js    |  23 ++-
 ui/app/services/path-help.js                  |  35 ++++
 ui/app/utils/openapi-to-attrs.js              |  20 ++
 6 files changed, 183 insertions(+), 100 deletions(-)
 create mode 100644 ui/app/services/path-help.js
 create mode 100644 ui/app/utils/openapi-to-attrs.js

diff --git a/ui/app/adapters/secret-engine.js b/ui/app/adapters/secret-engine.js
index 56481655368c..42b998f26905 100644
--- a/ui/app/adapters/secret-engine.js
+++ b/ui/app/adapters/secret-engine.js
@@ -7,16 +7,20 @@ export default ApplicationAdapter.extend({
     return path ? url + '/' + path : url;
   },
 
+  internalURL(path) {
+    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
+    if (path) {
+      url = `${url}/${path}`;
+    }
+    return url;
+  },
+
   pathForType() {
     return 'mounts';
   },
 
   query(store, type, query) {
-    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
-    if (query.path) {
-      url = `${url}/${query.path}`;
-    }
-    return this.ajax(url, 'GET');
+    return this.ajax(this.internalURL(query.path), 'GET');
   },
 
   createRecord(store, type, snapshot) {
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 77fe609d7df6..4181a1e221d9 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,100 +15,100 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['rsa', 'ec'],
-  }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
-  allowLocalhost: attr('boolean', {}),
-  allowedDomains: attr('string', {}),
-  allowBareDomains: attr('boolean', {}),
-  allowSubdomains: attr('boolean', {}),
-  allowGlobDomains: attr('boolean', {}),
-  allowAnyName: attr('boolean', {}),
-  enforceHostnames: attr('boolean', {}),
-  allowIpSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Allow clients to request IP Subject Alternative Names (SANs)',
-  }),
-  allowedOtherSans: attr({
-    editType: 'stringArray',
-    label: 'Allowed Other SANs',
-  }),
-  serverFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  clientFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  codeSigningFlag: attr('boolean', {}),
-  emailProtectionFlag: attr('boolean', {}),
-  keyBits: attr('number', {
-    defaultValue: 2048,
-  }),
-  keyUsage: attr('string', {
-    defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
-    editType: 'stringArray',
-  }),
-  extKeyUsageOids: attr({
-    label: 'Custom extended key usage OIDs',
-    editType: 'stringArray',
-  }),
-  requireCn: attr('boolean', {
-    label: 'Require common name',
-    defaultValue: true,
-  }),
-  useCsrCommonName: attr('boolean', {
-    label: 'Use CSR common name',
-    defaultValue: true,
-  }),
-  useCsrSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Use CSR subject alternative names (SANs)',
-  }),
-  ou: attr({
-    label: 'OU (OrganizationalUnit)',
-    editType: 'stringArray',
-  }),
-  organization: attr({
-    editType: 'stringArray',
-  }),
-  country: attr({
-    editType: 'stringArray',
-  }),
-  locality: attr({
-    editType: 'stringArray',
-    label: 'Locality/City',
-  }),
-  province: attr({
-    editType: 'stringArray',
-    label: 'Province/State',
-  }),
-  streetAddress: attr({
-    editType: 'stringArray',
-  }),
-  postalCode: attr({
-    editType: 'stringArray',
-  }),
-  generateLease: attr('boolean', {}),
-  noStore: attr('boolean', {}),
-  policyIdentifiers: attr({
-    editType: 'stringArray',
-  }),
-  basicConstraintsValidForNonCA: attr('boolean', {
-    label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
-  }),
-  notBeforeDuration: attr({
-    label: 'Not Before Duration',
-    editType: 'ttl',
-    defaultValue: '30s',
-  }),
+  // keyType: attr('string', {
+  //   possibleValues: ['rsa', 'ec'],
+  // }),
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
+  // maxTtl: attr({
+  //   label: 'Max TTL',
+  //   editType: 'ttl',
+  // }),
+  // allowLocalhost: attr('boolean', {}),
+  // allowedDomains: attr('string', {}),
+  // allowBareDomains: attr('boolean', {}),
+  // allowSubdomains: attr('boolean', {}),
+  // allowGlobDomains: attr('boolean', {}),
+  // allowAnyName: attr('boolean', {}),
+  // enforceHostnames: attr('boolean', {}),
+  // allowIpSans: attr('boolean', {
+  //   defaultValue: true,
+  //   label: 'Allow clients to request IP Subject Alternative Names (SANs)',
+  // }),
+  // allowedOtherSans: attr({
+  //   editType: 'stringArray',
+  //   label: 'Allowed Other SANs',
+  // }),
+  // serverFlag: attr('boolean', {
+  //   defaultValue: true,
+  // }),
+  // clientFlag: attr('boolean', {
+  //   defaultValue: true,
+  // }),
+  // codeSigningFlag: attr('boolean', {}),
+  // emailProtectionFlag: attr('boolean', {}),
+  // keyBits: attr('number', {
+  //   defaultValue: 2048,
+  // }),
+  // keyUsage: attr('string', {
+  //   defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
+  //   editType: 'stringArray',
+  // }),
+  // extKeyUsageOids: attr({
+  //   label: 'Custom extended key usage OIDs',
+  //   editType: 'stringArray',
+  // }),
+  // requireCn: attr('boolean', {
+  //   label: 'Require common name',
+  //   defaultValue: true,
+  // }),
+  // useCsrCommonName: attr('boolean', {
+  //   label: 'Use CSR common name',
+  //   defaultValue: true,
+  // }),
+  // useCsrSans: attr('boolean', {
+  //   defaultValue: true,
+  //   label: 'Use CSR subject alternative names (SANs)',
+  // }),
+  // ou: attr({
+  //   label: 'OU (OrganizationalUnit)',
+  //   editType: 'stringArray',
+  // }),
+  // organization: attr({
+  //   editType: 'stringArray',
+  // }),
+  // country: attr({
+  //   editType: 'stringArray',
+  // }),
+  // locality: attr({
+  //   editType: 'stringArray',
+  //   label: 'Locality/City',
+  // }),
+  // province: attr({
+  //   editType: 'stringArray',
+  //   label: 'Province/State',
+  // }),
+  // streetAddress: attr({
+  //   editType: 'stringArray',
+  // }),
+  // postalCode: attr({
+  //   editType: 'stringArray',
+  // }),
+  // generateLease: attr('boolean', {}),
+  // noStore: attr('boolean', {}),
+  // policyIdentifiers: attr({
+  //   editType: 'stringArray',
+  // }),
+  // basicConstraintsValidForNonCA: attr('boolean', {
+  //   label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
+  // }),
+  // notBeforeDuration: attr({
+  //   label: 'Not Before Duration',
+  //   editType: 'ttl',
+  //   defaultValue: '30s',
+  // }),
 
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index b7964a59b186..70bd9f2abe45 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -1,7 +1,10 @@
 import { inject as service } from '@ember/service';
+import { getOwner } from '@ember/application';
+import { run } from '@ember/runloop';
 import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
+  oldModel: null,
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 943ad2a54a0a..1e64b38b3f0e 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -1,11 +1,13 @@
 import { set } from '@ember/object';
 import { hash, resolve } from 'rsvp';
+import { inject as service } from '@ember/service';
 import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
+import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
-import DS from 'ember-data';
 
 export default Route.extend(UnloadModelRoute, {
+  pathHelp: service('path-help'),
   capabilities(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let backendModel = this.modelFor('vault.cluster.secrets.backend');
@@ -35,6 +37,7 @@ export default Route.extend(UnloadModelRoute, {
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
     const { secret } = this.paramsFor(this.routeName);
+    this.buildModel(secret);
     const parentKey = utils.parentKeyForKey(secret);
     const mode = this.routeName.split('.').pop();
     if (mode === 'edit' && utils.keyIsFolder(secret)) {
@@ -46,6 +49,24 @@ export default Route.extend(UnloadModelRoute, {
     }
   },
 
+  buildModel(secret) {
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.modelType(backend, secret);
+    let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+      let newModel;
+      if (modelFactory) {
+        //combine them
+        newModel = modelFactory.class.reopen({
+          attrs,
+        });
+      } else {
+        //generate a whole new model
+      }
+      getOwner(this).register(newModel.toString(), newModel);
+    });
+  },
+
   modelType(backend, secret) {
     let backendModel = this.modelFor('vault.cluster.secrets.backend', backend);
     let type = backendModel.get('engineType');
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
new file mode 100644
index 000000000000..e70f4d3cbe51
--- /dev/null
+++ b/ui/app/services/path-help.js
@@ -0,0 +1,35 @@
+// Low level service that allows users to input paths to make requests to vault
+// this service provides the UI synecdote to the cli commands read, write, delete, and list
+import Service from '@ember/service';
+
+import { getOwner } from '@ember/application';
+import { expandOpenApiProps } from 'vault/utils/openapi-to-attrs';
+
+export function sanitizePath(path) {
+  //remove whitespace + remove trailing and leading slashes
+  return path.trim().replace(/^\/+|\/+$/g, '');
+}
+
+export default Service.extend({
+  attrs: null,
+  ajax(url, options = {}) {
+    let appAdapter = getOwner(this).lookup(`adapter:application`);
+    let { data } = options;
+    return appAdapter.ajax(url, 'GET', {
+      data,
+    });
+  },
+
+  getAttrs(modelType, backend) {
+    let adapter = getOwner(this).lookup(`adapter:${modelType}`);
+    let path = adapter.pathForType();
+    let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    let wildcard = { roles: 'name', mounts: 'config' }[path];
+    return this.ajax(helpUrl, backend).then(help => {
+      let props =
+        help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
+          .properties;
+      return expandOpenApiProps(props);
+    });
+  },
+});
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
new file mode 100644
index 000000000000..c440450868b6
--- /dev/null
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -0,0 +1,20 @@
+import DS from 'ember-data';
+const { attr } = DS;
+
+export const expandOpenApiProps = function(props) {
+  let attrs = {};
+  // expand all attributes
+  for (let prop in props) {
+    let details = props[prop];
+    let editType = details.type;
+    if (details.format === 'seconds') {
+      editType = 'ttl';
+    } else if (details.items) {
+      editType = details.items.type + details.type.capitalize();
+    }
+    attrs[prop.camelize()] = attr({
+      editType: editType || details.type,
+    });
+  }
+  return attrs;
+};

From e40df94151931431281163a58a57330585d67acf Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 16 Jan 2019 11:32:43 -0500
Subject: [PATCH 14/84] add debugger statements to figure out order of
 operations

---
 ui/app/models/role-pki.js                           |  8 ++++----
 ui/app/routes/vault/cluster/secrets/backend.js      |  3 +++
 .../vault/cluster/secrets/backend/secret-edit.js    | 13 ++++++++-----
 ui/app/utils/field-to-attrs.js                      |  2 ++
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 4181a1e221d9..91fa112c67df 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,9 +15,9 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  // keyType: attr('string', {
-  //   possibleValues: ['rsa', 'ec'],
-  // }),
+  keyType: attr('string', {
+    possibleValues: ['rsa', 'ec'],
+  }),
   // ttl: attr({
   //   label: 'TTL',
   //   editType: 'ttl',
@@ -124,7 +124,7 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed(function() {
+  fieldGroups: computed('backend', function() {
     const groups = [
       { default: ['name', 'keyType'] },
       {
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index 70bd9f2abe45..060dbbc9631c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -5,6 +5,9 @@ import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
   oldModel: null,
+  beforeModel(params) {
+    debugger; //eslint-disable-line
+  },
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 1e64b38b3f0e..7fde1a0afe8a 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -32,7 +32,7 @@ export default Route.extend(UnloadModelRoute, {
 
   templateName: 'vault/cluster/secrets/backend/secretEditLayout',
 
-  beforeModel() {
+  beforeModel(params) {
     // currently there is no recursive delete for folders in vault, so there's no need to 'edit folders'
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
@@ -53,17 +53,20 @@ export default Route.extend(UnloadModelRoute, {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
     let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    let owner = getOwner(this);
     this.pathHelp.getAttrs(modelType, backend).then(attrs => {
       let newModel;
       if (modelFactory) {
         //combine them
-        newModel = modelFactory.class.reopen({
-          attrs,
-        });
+        newModel = modelFactory.class.reopenClass(attrs);
       } else {
         //generate a whole new model
       }
-      getOwner(this).register(newModel.toString(), newModel);
+      newModel = newModel.class.reopenClass({ merged: true });
+      debugger; //eslint-disable-line
+      owner.unregister(newModel.toString());
+      owner.register(newModel.toString(), newModel);
+      this.refresh();
     });
   },
 
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index 730c9076bc19..e6c5f0a0b45a 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -36,6 +36,7 @@ import { expandProperties } from '@ember/object/computed';
  */
 
 export const expandAttributeMeta = function(modelClass, attributeNames, namePrefix, map) {
+  debugger; //eslint-disable-line
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
@@ -96,6 +97,7 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
  */
 
 export default function(modelClass, fieldGroups) {
+  debugger; //eslint-disable-line
   return fieldGroups.map(group => {
     const groupKey = Object.keys(group)[0];
     const fields = expandAttributeMeta(modelClass, group[groupKey]);

From 7b10e5c19e70a038b48c48fb20ff3ff285d55c1c Mon Sep 17 00:00:00 2001
From: Matthew Irish <matthew@hashicorp.com>
Date: Fri, 18 Jan 2019 17:41:34 -0600
Subject: [PATCH 15/84] block in model generation strategy

---
 .../cluster/secrets/backend/secret-edit.js    | 38 +++++++++----------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 7fde1a0afe8a..66df6be7f590 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -37,36 +37,36 @@ export default Route.extend(UnloadModelRoute, {
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
     const { secret } = this.paramsFor(this.routeName);
-    this.buildModel(secret);
-    const parentKey = utils.parentKeyForKey(secret);
-    const mode = this.routeName.split('.').pop();
-    if (mode === 'edit' && utils.keyIsFolder(secret)) {
-      if (parentKey) {
-        return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
-      } else {
-        return this.transitionTo('vault.cluster.secrets.backend.list-root');
+    return this.buildModel(secret).then(() => {
+      const parentKey = utils.parentKeyForKey(secret);
+      const mode = this.routeName.split('.').pop();
+      if (mode === 'edit' && utils.keyIsFolder(secret)) {
+        if (parentKey) {
+          return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
+        } else {
+          return this.transitionTo('vault.cluster.secrets.backend.list-root');
+        }
       }
-    }
+    });
   },
 
   buildModel(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
-    let modelFactory = getOwner(this).factoryFor(`model:${modelType}`);
+    let name = `model:${modelType}`;
     let owner = getOwner(this);
-    this.pathHelp.getAttrs(modelType, backend).then(attrs => {
-      let newModel;
-      if (modelFactory) {
+    return this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+      let newModel = owner.factoryFor(name).class;
+      if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        newModel = modelFactory.class.reopenClass(attrs);
+        // TODO - this doesn't merge attributes
+        newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
       }
-      newModel = newModel.class.reopenClass({ merged: true });
-      debugger; //eslint-disable-line
-      owner.unregister(newModel.toString());
-      owner.register(newModel.toString(), newModel);
-      this.refresh();
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
     });
   },
 

From 312acfa71e590b922d4e45708b33501bb3cf14fc Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 23 Jan 2019 12:07:05 -0500
Subject: [PATCH 16/84] make sure all form fields appear correctly for pki

---
 ui/app/models/role-pki.js                     |  2 +-
 .../cluster/secrets/backend/secret-edit.js    |  6 +++--
 ui/app/templates/components/form-field.hbs    | 15 ++++++++---
 ui/app/utils/field-to-attrs.js                |  3 +--
 ui/app/utils/openapi-to-attrs.js              | 27 ++++++++++++++++---
 5 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 91fa112c67df..fa018c69ebab 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -167,7 +167,7 @@ export default DS.Model.extend({
         ],
       },
       {
-        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCA', 'policyIdentifiers'],
+        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCa', 'policyIdentifiers'],
       },
     ];
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 66df6be7f590..a2cd340f949c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -5,6 +5,7 @@ import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
 import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   pathHelp: service('path-help'),
@@ -55,11 +56,12 @@ export default Route.extend(UnloadModelRoute, {
     let modelType = this.modelType(backend, secret);
     let name = `model:${modelType}`;
     let owner = getOwner(this);
-    return this.pathHelp.getAttrs(modelType, backend).then(attrs => {
+    return this.pathHelp.getProps(modelType, backend).then(props => {
       let newModel = owner.factoryFor(name).class;
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        // TODO - this doesn't merge attributes
+        let attrs = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index c84e51cb77e6..91fd3a89d162 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -1,7 +1,12 @@
 {{#unless
   (or
-    (and attr.options.editType (not-eq attr.options.editType "textarea"))
     (eq attr.type "boolean")
+    (contains
+      attr.options.editType
+      (array
+        "searchSelect" "mountAccessor" "kv" "file" "ttl" "stringArray" "json"
+      )
+    )
   )
 }}
   <label for="{{attr.name}}" class="is-label">
@@ -16,6 +21,7 @@
   </label>
 {{/unless}}
 {{#if attr.options.possibleValues}}
+  {{log attr}}
   <div class="control is-expanded">
     <div class="select is-fullwidth">
       <select
@@ -124,9 +130,10 @@
   <MaskedInput
     @value={{or (get model valuePath) attr.options.defaultValue}}
     @placeholder=""
-    @allowCopy=true
-  />
-{{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+    @allowCopy="true"
+   />
+
+{{else if (or (eq attr.type "number") (eq attr.type "string"))}}
   <div class="control">
     {{#if (eq attr.options.editType "textarea")}}
       <textarea
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index e6c5f0a0b45a..3bf29f5317a6 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -36,10 +36,10 @@ import { expandProperties } from '@ember/object/computed';
  */
 
 export const expandAttributeMeta = function(modelClass, attributeNames, namePrefix, map) {
-  debugger; //eslint-disable-line
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
+  debugger; //eslint-disable-line
   let attributeMap = map || new Map();
   modelClass.eachAttribute((name, meta) => {
     let fieldName = namePrefix ? namePrefix + name : name;
@@ -97,7 +97,6 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
  */
 
 export default function(modelClass, fieldGroups) {
-  debugger; //eslint-disable-line
   return fieldGroups.map(group => {
     const groupKey = Object.keys(group)[0];
     const fields = expandAttributeMeta(modelClass, group[groupKey]);
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index c440450868b6..ee97d11af33a 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,5 +1,6 @@
 import DS from 'ember-data';
 const { attr } = DS;
+import { assign } from '@ember/polyfills';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -12,9 +13,29 @@ export const expandOpenApiProps = function(props) {
     } else if (details.items) {
       editType = details.items.type + details.type.capitalize();
     }
-    attrs[prop.camelize()] = attr({
-      editType: editType || details.type,
-    });
+    attrs[prop.camelize()] = {
+      editType: editType,
+      type: details.type,
+    };
   }
   return attrs;
 };
+
+export const combineAttributes = function(oldAttrs, newProps) {
+  let newAttrs = {};
+  oldAttrs.forEach(function(value, name) {
+    if (newProps[name]) {
+      newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));
+    } else {
+      newAttrs[name] = attr(value.type, value.options);
+    }
+  });
+  for (let prop in newProps) {
+    if (newAttrs[prop]) {
+      continue;
+    } else {
+      newAttrs[prop] = attr(newProps[prop].type, newProps[prop]);
+    }
+  }
+  return newAttrs;
+};

From 4a11f69da319e0701c97e7b82c0e6869e318224d Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 23 Jan 2019 12:24:03 -0500
Subject: [PATCH 17/84] hook up openapi for pki certificates

---
 ui/app/adapters/pki-certificate-sign.js       |  4 ++
 ui/app/adapters/pki-certificate.js            |  4 ++
 ui/app/models/pki-certificate.js              | 36 ++++++++---------
 .../routes/vault/cluster/secrets/backend.js   |  3 --
 .../cluster/secrets/backend/credentials.js    | 40 +++++++++++++++++++
 ui/app/services/path-help.js                  |  4 +-
 6 files changed, 68 insertions(+), 23 deletions(-)

diff --git a/ui/app/adapters/pki-certificate-sign.js b/ui/app/adapters/pki-certificate-sign.js
index eb5ca26157a4..1acdbfb8192b 100644
--- a/ui/app/adapters/pki-certificate-sign.js
+++ b/ui/app/adapters/pki-certificate-sign.js
@@ -7,4 +7,8 @@ export default Adapter.extend({
     }
     return `/v1/${role.backend}/sign/${role.name}`;
   },
+
+  pathForType() {
+    return 'sign';
+  },
 });
diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index 942d2610b106..bed8bfa4b2f1 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -14,6 +14,10 @@ export default Adapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'issue';
+  },
+
   optionsForQuery(id) {
     let data = {};
     if (!id) {
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 5bcd2dc94467..b95d3b0ed5ac 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -36,24 +36,24 @@ export default DS.Model.extend({
     label: 'Common Name',
   }),
 
-  altNames: attr('string', {
-    label: 'DNS/Email Subject Alternative Names (SANs)',
-  }),
-
-  ipSans: attr('string', {
-    label: 'IP Subject Alternative Names (SANs)',
-  }),
-  otherSans: attr({
-    editType: 'stringArray',
-    label: 'Other SANs',
-    helpText:
-      'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
-  }),
-
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
+  // altNames: attr('string', {
+  //   label: 'DNS/Email Subject Alternative Names (SANs)',
+  // }),
+
+  // ipSans: attr('string', {
+  //   label: 'IP Subject Alternative Names (SANs)',
+  // }),
+  // otherSans: attr({
+  //   editType: 'stringArray',
+  //   label: 'Other SANs',
+  //   helpText:
+  //     'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
+  // }),
+
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
 
   format: attr('string', {
     defaultValue: 'pem',
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index 060dbbc9631c..70bd9f2abe45 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -5,9 +5,6 @@ import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
   oldModel: null,
-  beforeModel(params) {
-    debugger; //eslint-disable-line
-  },
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 655577ca90c0..de3d66bca0f6 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -1,15 +1,55 @@
 import { resolve } from 'rsvp';
 import Route from '@ember/routing/route';
+import { getOwner } from '@ember/application';
+import { inject as service } from '@ember/service';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 const SUPPORTED_DYNAMIC_BACKENDS = ['ssh', 'aws', 'pki'];
 
 export default Route.extend({
   templateName: 'vault/cluster/secrets/backend/credentials',
+  pathHelp: service('path-help'),
 
   backendModel() {
     return this.modelFor('vault.cluster.secrets.backend');
   },
 
+  modelType(action) {
+    let types = {
+      sign: 'pki-certificate-sign',
+      issue: 'pki-certificate',
+      signVerbatim: 'pki-certificate',
+    };
+    return types[action];
+  },
+
+  beforeModel() {
+    const { action } = this.paramsFor(this.routeName);
+    return this.buildModel(action);
+  },
+
+  buildModel(action) {
+    debugger; //eslint-disable-line
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.modelType(action);
+    let name = `model:${modelType}`;
+    let owner = getOwner(this);
+    return this.pathHelp.getProps(modelType, backend).then(props => {
+      let newModel = owner.factoryFor(name).class;
+      if (owner.hasRegistration(name) && !newModel.merged) {
+        //combine them
+        let attrs = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
+        newModel = newModel.extend(attrs);
+      } else {
+        //generate a whole new model
+      }
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
+    });
+  },
+
   model(params) {
     let role = params.secret;
     let backendModel = this.backendModel();
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e70f4d3cbe51..daaaa4fb1bb1 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -20,11 +20,11 @@ export default Service.extend({
     });
   },
 
-  getAttrs(modelType, backend) {
+  getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    let wildcard = { roles: 'name', mounts: 'config' }[path];
+    let wildcard = { roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema

From c6be8d50e826aed999f875aebec65592e8505275 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 24 Jan 2019 13:00:00 -0500
Subject: [PATCH 18/84] hook up adding new fields for ssh roles

---
 ui/app/adapters/pki-certificate.js            |  1 +
 ui/app/adapters/secret.js                     |  4 +++
 ui/app/models/role-aws.js                     | 22 ++++++------
 .../cluster/secrets/backend/credentials.js    |  2 --
 .../cluster/secrets/backend/secret-edit.js    | 34 ++++++++++++-------
 .../vault/cluster/secrets/backend/sign.js     |  4 +++
 ui/app/services/path-help.js                  | 19 ++++++++++-
 ui/app/utils/field-to-attrs.js                |  1 -
 ui/app/utils/openapi-to-attrs.js              |  5 ++-
 9 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index bed8bfa4b2f1..7e62f934313a 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -15,6 +15,7 @@ export default Adapter.extend({
   },
 
   pathForType() {
+    debugger; //eslint-disable-line
     return 'issue';
   },
 
diff --git a/ui/app/adapters/secret.js b/ui/app/adapters/secret.js
index d282d08e89d0..59c39a0387ea 100644
--- a/ui/app/adapters/secret.js
+++ b/ui/app/adapters/secret.js
@@ -34,6 +34,10 @@ export default ApplicationAdapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'mounts';
+  },
+
   optionsForQuery(id, action, wrapTTL) {
     let data = {};
     if (action === 'query') {
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index a5be5a82d7e4..e8a6563c853b 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -40,26 +40,26 @@ export default DS.Model.extend({
     defaultValue: 'iam_user',
     possibleValues: CREDENTIAL_TYPES,
   }),
-  roleArns: attr({
-    editType: 'stringArray',
-    label: 'Role ARNs',
-  }),
-  policyArns: attr({
-    editType: 'stringArray',
-    label: 'Policy ARNs',
-  }),
+  // roleArns: attr({
+  //   editType: 'stringArray',
+  //   label: 'Role ARNs',
+  // }),
+  // policyArns: attr({
+  //   editType: 'stringArray',
+  //   label: 'Policy ARNs',
+  // }),
   policyDocument: attr('string', {
     editType: 'json',
   }),
-  fields: computed('credentialType', function() {
+  fields: computed('credentialType', 'newFields', function() {
     let keys;
-    let credentialType = this.get('credentialType');
+    let credentialType = this.credentialType;
     let keysForType = {
       iam_user: ['name', 'credentialType', 'policyArns', 'policyDocument'],
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType];
+    keys = keysForType[credentialType].concat(this.newFields || []);
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index de3d66bca0f6..a46b1c4f1d17 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -29,7 +29,6 @@ export default Route.extend({
   },
 
   buildModel(action) {
-    debugger; //eslint-disable-line
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(action);
     let name = `model:${modelType}`;
@@ -39,7 +38,6 @@ export default Route.extend({
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
         let attrs = combineAttributes(newModel.attributes, props);
-        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs);
       } else {
         //generate a whole new model
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index a2cd340f949c..9df960b7ad2c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -54,22 +54,30 @@ export default Route.extend(UnloadModelRoute, {
   buildModel(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
+    if (modelType in ['secret', 'secret-v2']) {
+      return;
+    }
     let name = `model:${modelType}`;
     let owner = getOwner(this);
-    return this.pathHelp.getProps(modelType, backend).then(props => {
-      let newModel = owner.factoryFor(name).class;
-      if (owner.hasRegistration(name) && !newModel.merged) {
-        //combine them
-        let attrs = combineAttributes(newModel.attributes, props);
+    return this.pathHelp
+      .getProps(modelType, backend)
+      .then(props => {
+        let newModel = owner.factoryFor(name).class;
+        if (owner.hasRegistration(name) && !newModel.merged) {
+          //combine them
+          debugger; //eslint-disable-line
+          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+          newModel = newModel.extend(attrs, { newFields });
+        } else {
+          //generate a whole new model
+        }
+        newModel.reopenClass({ merged: true });
+        owner.unregister(name);
+        owner.register(name, newModel);
+      })
+      .catch(e => {
         debugger; //eslint-disable-line
-        newModel = newModel.extend(attrs);
-      } else {
-        //generate a whole new model
-      }
-      newModel.reopenClass({ merged: true });
-      owner.unregister(name);
-      owner.register(name, newModel);
-    });
+      });
   },
 
   modelType(backend, secret) {
diff --git a/ui/app/routes/vault/cluster/secrets/backend/sign.js b/ui/app/routes/vault/cluster/secrets/backend/sign.js
index 8c33298b01fc..c187a089d183 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/sign.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/sign.js
@@ -14,6 +14,10 @@ export default Route.extend(UnloadModel, {
     };
   },
 
+  pathForType() {
+    return 'sign';
+  },
+
   model(params) {
     const role = params.secret;
     const backendModel = this.backendModel();
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index daaaa4fb1bb1..e63ec87cb13d 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,24 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    let wildcard = { roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
+    let wildcard;
+    switch (path) {
+      case 'roles':
+        wildcard = 'name';
+        break;
+      case 'mounts':
+        if (modelType === 'secret') {
+          wildcard = 'path';
+        } else {
+          wildcard = 'config';
+        }
+        break;
+      case 'sign':
+      case 'issue':
+        wildcard = 'role';
+        break;
+    }
+    //{ roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
diff --git a/ui/app/utils/field-to-attrs.js b/ui/app/utils/field-to-attrs.js
index 3bf29f5317a6..730c9076bc19 100644
--- a/ui/app/utils/field-to-attrs.js
+++ b/ui/app/utils/field-to-attrs.js
@@ -39,7 +39,6 @@ export const expandAttributeMeta = function(modelClass, attributeNames, namePref
   let fields = [];
   // expand all attributes
   attributeNames.forEach(field => expandProperties(field, x => fields.push(x)));
-  debugger; //eslint-disable-line
   let attributeMap = map || new Map();
   modelClass.eachAttribute((name, meta) => {
     let fieldName = namePrefix ? namePrefix + name : name;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index ee97d11af33a..427fc3b3106a 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,6 +1,7 @@
 import DS from 'ember-data';
 const { attr } = DS;
 import { assign } from '@ember/polyfills';
+import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -23,6 +24,7 @@ export const expandOpenApiProps = function(props) {
 
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
+  let newFields = [];
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));
@@ -35,7 +37,8 @@ export const combineAttributes = function(oldAttrs, newProps) {
       continue;
     } else {
       newAttrs[prop] = attr(newProps[prop].type, newProps[prop]);
+      newFields.push(prop);
     }
   }
-  return newAttrs;
+  return { attrs: newAttrs, newFields };
 };

From 679a2521ac87704942e6f12c1c46a9f8b2b378d0 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 28 Jan 2019 14:03:23 -0500
Subject: [PATCH 19/84] combine fields and fieldgroups for aws, pki, ssh

---
 ui/app/models/pki-certificate.js              |  15 +-
 ui/app/models/role-aws.js                     |  10 +-
 ui/app/models/role-pki.js                     |  16 ++-
 ui/app/models/role-ssh.js                     | 135 +++++++++---------
 .../cluster/secrets/backend/credentials.js    |   4 +-
 .../cluster/secrets/backend/secret-edit.js    |   1 -
 ui/app/services/path-help.js                  |   9 +-
 .../partials/form-field-from-model.hbs        |  97 ++++++++-----
 ui/app/utils/openapi-to-attrs.js              |   1 +
 9 files changed, 182 insertions(+), 106 deletions(-)

diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index b95d3b0ed5ac..ca3c264e93a5 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -80,11 +80,24 @@ export default DS.Model.extend({
     return fieldToAttrs(this, fieldGroups);
   },
 
-  fieldDefinition: computed(function() {
+  fieldDefinition: computed('newFields', function() {
     const groups = [
       { default: ['commonName', 'format'] },
       { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] },
     ];
+    if (this.newFields) {
+      let allFields = [];
+      for (let group in groups) {
+        let type = Object.keys(groups[group])[0];
+        allFields.concat(groups[group]);
+      }
+      let otherFields = this.newFields.filter(field => {
+        !allFields.includes(field);
+      });
+      if (otherFields.length) {
+        groups.push({ Other: otherFields });
+      }
+    }
     return groups;
   }),
 
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index e8a6563c853b..27afc18f9308 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -59,7 +59,15 @@ export default DS.Model.extend({
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType].concat(this.newFields || []);
+    keys = keysForType[credentialType];
+    //TODO: distinguish behind fields intentionally exluded
+    //and fields we need to add in
+    if (this.newFields) {
+      let otherFields = this.newFields.filter(field => !keys.includes(field));
+      if (otherFields.length) {
+        keys = keys.concat(otherFields);
+      }
+    }
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index fa018c69ebab..081a0553f42f 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -124,7 +124,7 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed('backend', function() {
+  fieldGroups: computed('backend', 'merged', function() {
     const groups = [
       { default: ['name', 'keyType'] },
       {
@@ -171,6 +171,20 @@ export default DS.Model.extend({
       },
     ];
 
+    if (this.newFields) {
+      let allFields = [];
+      for (let group in groups) {
+        let fieldName = Object.keys(groups[group])[0];
+        allFields.concat(groups[group][fieldName]);
+      }
+      let otherFields = this.newFields.filter(field => {
+        !allFields.includes(field);
+      });
+      if (otherFields.length) {
+        groups.default.concat(otherFields);
+      }
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 1bb553ab5d6c..9c870f76f0e1 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -53,78 +53,85 @@ export default DS.Model.extend({
   keyType: attr('string', {
     possibleValues: ['ca', 'otp'],
   }),
-  adminUser: attr('string', {
-    helpText: 'Username of the admin user at the remote host',
-  }),
-  defaultUser: attr('string', {
-    helpText: "Username to use when one isn't specified",
-  }),
-  allowedUsers: attr('string', {
-    helpText:
-      'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
-  }),
-  allowedDomains: attr('string', {
-    helpText:
-      'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
-  }),
-  cidrList: attr('string', {
-    label: 'CIDR list',
-    helpText: 'List of CIDR blocks for which this role is applicable',
-  }),
-  excludeCidrList: attr('string', {
-    label: 'Exclude CIDR list',
-    helpText: 'List of CIDR blocks that are not accepted by this role',
-  }),
+  // adminUser: attr('string', {
+  //   helpText: 'Username of the admin user at the remote host',
+  // }),
+  // defaultUser: attr('string', {
+  //   helpText: "Username to use when one isn't specified",
+  // }),
+  // allowedUsers: attr('string', {
+  //   helpText:
+  //     'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
+  // }),
+  // allowedDomains: attr('string', {
+  //   helpText:
+  //     'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
+  // }),
+  // cidrList: attr('string', {
+  //   label: 'CIDR list',
+  //   helpText: 'List of CIDR blocks for which this role is applicable',
+  // }),
+  // excludeCidrList: attr('string', {
+  //   label: 'Exclude CIDR list',
+  //   helpText: 'List of CIDR blocks that are not accepted by this role',
+  // }),
   port: attr('number', {
     defaultValue: 22,
     helpText: 'Port number for the SSH connection (default is `22`)',
   }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
-  allowedCriticalOptions: attr('string', {
-    helpText: 'List of critical options that certificates have when signed',
-  }),
-  defaultCriticalOptions: attr('object', {
-    helpText: 'Map of critical options certificates should have if none are provided when signing',
-  }),
-  allowedExtensions: attr('string', {
-    helpText: 'List of extensions that certificates can have when signed',
-  }),
-  defaultExtensions: attr('object', {
-    helpText: 'Map of extensions certificates should have if none are provided when signing',
-  }),
-  allowUserCertificates: attr('boolean', {
-    helpText: 'Specifies if certificates are allowed to be signed for us as a user',
-  }),
-  allowHostCertificates: attr('boolean', {
-    helpText: 'Specifies if certificates are allowed to be signed for us as a host',
-  }),
-  allowBareDomains: attr('boolean', {
-    helpText:
-      'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
-  }),
-  allowSubdomains: attr('boolean', {
-    helpText:
-      'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
-  }),
-  allowUserKeyIds: attr('boolean', {
-    label: 'Allow user key IDs',
-    helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
-  }),
-  keyIdFormat: attr('string', {
-    label: 'Key ID format',
-    helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
-  }),
+  // ttl: attr({
+  //   label: 'TTL',
+  //   editType: 'ttl',
+  // }),
+  // maxTtl: attr({
+  //   label: 'Max TTL',
+  //   editType: 'ttl',
+  // }),
+  // allowedCriticalOptions: attr('string', {
+  //   helpText: 'List of critical options that certificates have when signed',
+  // }),
+  // defaultCriticalOptions: attr('object', {
+  //   helpText: 'Map of critical options certificates should have if none are provided when signing',
+  // }),
+  // allowedExtensions: attr('string', {
+  //   helpText: 'List of extensions that certificates can have when signed',
+  // }),
+  // defaultExtensions: attr('object', {
+  //   helpText: 'Map of extensions certificates should have if none are provided when signing',
+  // }),
+  // allowUserCertificates: attr('boolean', {
+  //   helpText: 'Specifies if certificates are allowed to be signed for us as a user',
+  // }),
+  // allowHostCertificates: attr('boolean', {
+  //   helpText: 'Specifies if certificates are allowed to be signed for us as a host',
+  // }),
+  // allowBareDomains: attr('boolean', {
+  //   helpText:
+  //     'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
+  // }),
+  // allowSubdomains: attr('boolean', {
+  //   helpText:
+  //     'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
+  // }),
+  // allowUserKeyIds: attr('boolean', {
+  //   label: 'Allow user key IDs',
+  //   helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
+  // }),
+  // keyIdFormat: attr('string', {
+  //   label: 'Key ID format',
+  //   helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
+  // }),
 
   attrsForKeyType: computed('keyType', function() {
     const keyType = this.get('keyType');
     let keys = keyType === 'ca' ? CA_FIELDS.slice(0) : OTP_FIELDS.slice(0);
+    debugger; //eslint-disable-line
+    // if (this.newFields) {
+    //   let otherFields = this.newFields.filter(field => !keys.includes(field));
+    //   if (otherFields.length) {
+    //     keys = keys.concat(otherFields);
+    //   }
+    // }
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index a46b1c4f1d17..44e8c6de144f 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -37,8 +37,8 @@ export default Route.extend({
       let newModel = owner.factoryFor(name).class;
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
-        let attrs = combineAttributes(newModel.attributes, props);
-        newModel = newModel.extend(attrs);
+        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        newModel = newModel.extend(attrs, { newFields });
       } else {
         //generate a whole new model
       }
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 9df960b7ad2c..ec0e0de40225 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -65,7 +65,6 @@ export default Route.extend(UnloadModelRoute, {
         let newModel = owner.factoryFor(name).class;
         if (owner.hasRegistration(name) && !newModel.merged) {
           //combine them
-          debugger; //eslint-disable-line
           let { attrs, newFields } = combineAttributes(newModel.attributes, props);
           newModel = newModel.extend(attrs, { newFields });
         } else {
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e63ec87cb13d..ab094d031db8 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,10 +24,15 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    debugger; //eslint-disable-line
     let wildcard;
     switch (path) {
       case 'roles':
-        wildcard = 'name';
+        if (modelType === 'role-ssh') {
+          wildcard = 'role';
+        } else {
+          wildcard = 'name';
+        }
         break;
       case 'mounts':
         if (modelType === 'secret') {
@@ -41,8 +46,8 @@ export default Service.extend({
         wildcard = 'role';
         break;
     }
-    //{ roles: 'name', mounts: 'config', sign: 'role', issue: 'role' }[path];
     return this.ajax(helpUrl, backend).then(help => {
+      debugger; //eslint-disable-line
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
           .properties;
diff --git a/ui/app/templates/partials/form-field-from-model.hbs b/ui/app/templates/partials/form-field-from-model.hbs
index 43acae746a43..ca7e49df25ab 100644
--- a/ui/app/templates/partials/form-field-from-model.hbs
+++ b/ui/app/templates/partials/form-field-from-model.hbs
@@ -1,23 +1,38 @@
 <div class="field">
-  {{#unless (or attr.options.editType (eq attr.type 'boolean'))}}
+  {{#unless
+    (or
+      (contains
+        attr.options.editType
+        (array
+          "boolean"
+          "searchSelect"
+          "mountAccessor"
+          "kv"
+          "file"
+          "ttl"
+          "stringArray"
+          "json"
+        )
+      )
+      (eq attr.type "boolean")
+    )
+  }}
     <label for="{{attr.name}}" class="is-label">
       {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
       {{#if attr.options.helpText}}
-        {{#info-tooltip}}
-          {{attr.options.helpText}}
-        {{/info-tooltip}}
+        {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
       {{/if}}
     </label>
   {{/unless}}
   {{#if attr.options.possibleValues}}
-    <div class="control is-expanded" >
+    <div class="control is-expanded">
       <div class="select is-fullwidth">
         <select
           name="{{attr.name}}"
           id="{{attr.name}}"
           onchange={{action (mut (get model attr.name)) value="target.value"}}
           data-test-input={{attr.name}}
-          >
+        >
           {{#each attr.options.possibleValues as |val|}}
             <option selected={{eq (get model attr.name) val}} value={{val}}>
               {{val}}
@@ -26,34 +41,48 @@
         </select>
       </div>
     </div>
-  {{else if (eq attr.options.editType 'ttl')}}
-    {{ttl-picker initialValue=(or (get model attr.name) attr.options.defaultValue) labelText=(if attr.options.label attr.options.label (humanize (dasherize attr.name))) setDefaultValue=false onChange=(action (mut (get model attr.name)))}}
-  {{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+  {{else if (eq attr.options.editType "ttl")}}
+    {{ttl-picker
+      initialValue=(or (get model attr.name) attr.options.defaultValue)
+      labelText=(if
+        attr.options.label attr.options.label (humanize (dasherize attr.name))
+      )
+      setDefaultValue=false
+      onChange=(action (mut (get model attr.name)))
+    }}
+  {{else if (or (eq attr.type "number") (eq attr.type "string"))}}
     <div class="control">
-      {{input id=attr.name value=(get model (or attr.options.fieldValue attr.name)) class="input" data-test-input=attr.name}}
+      {{input
+        id=attr.name
+        value=(get model (or attr.options.fieldValue attr.name))
+        class="input"
+        data-test-input=attr.name
+      }}
     </div>
-  {{else if (eq attr.type 'boolean')}}
+  {{else if (eq attr.type "boolean")}}
     <div class="b-checkbox">
-      <input type="checkbox"
-       id="{{attr.name}}"
-       class="styled"
-         checked={{get model attr.name}}
-         onchange={{action (mut (get model attr.name)) value="target.checked"}}
-         data-test-input={{attr.name}}
-        />
-        <label for="{{attr.name}}" class="is-label">
-          {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
-          {{#if attr.options.helpText}}
-            {{#info-tooltip}}
-              {{attr.options.helpText}}
-            {{/info-tooltip}}
-          {{/if}}
-        </label>
-      </div>
-    {{else if (eq attr.type 'object')}}
-      {{json-editor
-        value=(if (get model attr.name) (stringify (get model attr.name)) emptyData)
-        valueUpdated=(action "codemirrorUpdated" attr.name)
-      }}
-    {{/if}}
-  </div>
+      <input
+        type="checkbox"
+        id="{{attr.name}}"
+        class="styled"
+        checked={{get model attr.name}}
+        onchange={{action (mut (get model attr.name)) value="target.checked"}}
+        data-test-input={{attr.name}}
+       />
+
+      <label for="{{attr.name}}" class="is-label">
+        {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
+        {{#if attr.options.helpText}}
+          {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
+        {{/if}}
+      </label>
+    </div>
+  {{else if (eq attr.type "object")}}
+    {{json-editor
+      value=(if
+        (get model attr.name) (stringify (get model attr.name)) emptyData
+      )
+      valueUpdated=(action "codemirrorUpdated" attr.name)
+    }}
+  {{/if}}
+</div>
\ No newline at end of file
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 427fc3b3106a..bc190961f817 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -25,6 +25,7 @@ export const expandOpenApiProps = function(props) {
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
   let newFields = [];
+  debugger; //eslint-disable-line
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));

From 6e750028aa76163088ab196974a979bf5200d790 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 29 Jan 2019 11:39:32 -0500
Subject: [PATCH 20/84] add flag to ignore openAPI if we only want the ones
 listed in the model

---
 ui/app/models/role-aws.js                     | 36 ++++++++-----------
 .../cluster/secrets/backend/secret-edit.js    |  6 +++-
 ui/app/services/path-help.js                  |  3 +-
 ui/app/utils/openapi-to-attrs.js              |  5 +++
 4 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index 27afc18f9308..06e608e973c1 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -20,7 +20,7 @@ const CREDENTIAL_TYPES = [
     displayName: 'Federation Token',
   },
 ];
-export default DS.Model.extend({
+const roleAWSModel = DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
@@ -40,37 +40,27 @@ export default DS.Model.extend({
     defaultValue: 'iam_user',
     possibleValues: CREDENTIAL_TYPES,
   }),
-  // roleArns: attr({
-  //   editType: 'stringArray',
-  //   label: 'Role ARNs',
-  // }),
-  // policyArns: attr({
-  //   editType: 'stringArray',
-  //   label: 'Policy ARNs',
-  // }),
+  roleArns: attr({
+    editType: 'stringArray',
+    label: 'Role ARNs',
+  }),
+  policyArns: attr({
+    editType: 'stringArray',
+    label: 'Policy ARNs',
+  }),
   policyDocument: attr('string', {
     editType: 'json',
   }),
-  fields: computed('credentialType', 'newFields', function() {
-    let keys;
+  fields: computed('credentialType', function() {
     let credentialType = this.credentialType;
     let keysForType = {
       iam_user: ['name', 'credentialType', 'policyArns', 'policyDocument'],
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType];
-    //TODO: distinguish behind fields intentionally exluded
-    //and fields we need to add in
-    if (this.newFields) {
-      let otherFields = this.newFields.filter(field => !keys.includes(field));
-      if (otherFields.length) {
-        keys = keys.concat(otherFields);
-      }
-    }
-    return expandAttributeMeta(this, keys);
-  }),
 
+    return expandAttributeMeta(this, keysForType[credentialType]);
+  }),
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
   canEdit: alias('updatePath.canUpdate'),
@@ -79,3 +69,5 @@ export default DS.Model.extend({
   generatePath: lazyCapabilities(apiPath`${'backend'}/creds/${'id'}`, 'backend', 'id'),
   canGenerate: alias('generatePath.canUpdate'),
 });
+roleAWSModel.reopenClass({ useOpenAPI: false });
+export default roleAWSModel;
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index ec0e0de40225..d3c217a1f081 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -59,10 +59,14 @@ export default Route.extend(UnloadModelRoute, {
     }
     let name = `model:${modelType}`;
     let owner = getOwner(this);
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || newModel.useOpenAPI === false) {
+      return resolve();
+    }
+
     return this.pathHelp
       .getProps(modelType, backend)
       .then(props => {
-        let newModel = owner.factoryFor(name).class;
         if (owner.hasRegistration(name) && !newModel.merged) {
           //combine them
           let { attrs, newFields } = combineAttributes(newModel.attributes, props);
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index ab094d031db8..c92037617d03 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,6 @@ export default Service.extend({
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     let helpUrl = `/v1/${backend}/${path}/example?help=1`;
-    debugger; //eslint-disable-line
     let wildcard;
     switch (path) {
       case 'roles':
@@ -46,8 +45,8 @@ export default Service.extend({
         wildcard = 'role';
         break;
     }
+
     return this.ajax(helpUrl, backend).then(help => {
-      debugger; //eslint-disable-line
       let props =
         help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
           .properties;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index bc190961f817..d6b485c6cb23 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -14,10 +14,15 @@ export const expandOpenApiProps = function(props) {
     } else if (details.items) {
       editType = details.items.type + details.type.capitalize();
     }
+
     attrs[prop.camelize()] = {
       editType: editType,
       type: details.type,
     };
+
+    if (props[prop]['x-vault-display-name']) {
+      attrs[prop.camelize()].label = props[prop]['x-vault-display-name'];
+    }
   }
   return attrs;
 };

From 2d947be412c8e58e18c45010fb23430a45363918 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 09:09:30 -0800
Subject: [PATCH 21/84] add display names to pki

---
 builtin/logical/pki/path_roles.go | 48 +++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index e796df0122df..226e6f59bf80 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -31,9 +31,16 @@ func pathRoles(b *backend) *framework.Path {
 	return &framework.Path{
 		Pattern: "roles/" + framework.GenericNameRegex("name"),
 		Fields: map[string]*framework.FieldSchema{
+			"backend": &framework.FieldSchema{
+				Type:        framework.TypeString,
+				Description: "Backend Type",
+				DisplayName: "Backend",
+			},
+
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the role",
+				DisplayName: "Role name",
 			},
 
 			"ttl": &framework.FieldSchema{
@@ -42,11 +49,13 @@ func pathRoles(b *backend) *framework.Path {
 requested. The lease duration controls the expiration
 of certificates issued by this backend. Defaults to
 the value of max_ttl.`,
+				DisplayName: "TTL",
 			},
 
 			"max_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: "The maximum allowed lease duration",
+				DisplayName: "Max TTL",
 			},
 
 			"allow_localhost": &framework.FieldSchema{
@@ -54,6 +63,7 @@ the value of max_ttl.`,
 				Default: true,
 				Description: `Whether to allow "localhost" as a valid common
 name in a request`,
+				DisplayName: "Allow Localhost",
 			},
 
 			"allowed_domains": &framework.FieldSchema{
@@ -63,6 +73,7 @@ subdomains directly beneath these domains, including
 the wildcard subdomains. See the documentation for more
 information. This parameter accepts a comma-separated 
 string or list of domains.`,
+				DisplayName: "Allowed Domains",
 			},
 
 			"allow_bare_domains": &framework.FieldSchema{
@@ -71,6 +82,7 @@ string or list of domains.`,
 for the base domains themselves, e.g. "example.com".
 This is a separate option as in some cases this can
 be considered a security threat.`,
+				DisplayName: "Allow Bare Domains",
 			},
 
 			"allow_subdomains": &framework.FieldSchema{
@@ -79,6 +91,7 @@ be considered a security threat.`,
 subdomains of the CNs allowed by the other role options,
 including wildcard subdomains. See the documentation for
 more information.`,
+				DisplayName: "Allow Subdomains",
 			},
 
 			"allow_glob_domains": &framework.FieldSchema{
@@ -86,6 +99,7 @@ more information.`,
 				Description: `If set, domains specified in "allowed_domains"
 can include glob patterns, e.g. "ftp*.example.com". See
 the documentation for more information.`,
+				DisplayName: "Allow Glob Domains",
 			},
 
 			"allow_any_name": &framework.FieldSchema{
@@ -93,6 +107,7 @@ the documentation for more information.`,
 				Description: `If set, clients can request certificates for
 any CN they like. See the documentation for more
 information.`,
+				DisplayName: "Allow Any Name",
 			},
 
 			"enforce_hostnames": &framework.FieldSchema{
@@ -100,6 +115,7 @@ information.`,
 				Default: true,
 				Description: `If set, only valid host names are allowed for
 CN and SANs. Defaults to true.`,
+				DisplayName: "Allow Bare Domains",
 			},
 
 			"allow_ip_sans": &framework.FieldSchema{
@@ -107,22 +123,26 @@ CN and SANs. Defaults to true.`,
 				Default: true,
 				Description: `If set, IP Subject Alternative Names are allowed.
 Any valid IP is accepted.`,
+				DisplayName: "Allow IP Subject Alternative Names",
 			},
 
 			"allowed_uri_sans": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed URIs to put in the URI Subject Alternative Names.
 Any valid URI is accepted, these values support globbing.`,
+				DisplayName: "Allowed URI Subject Alternative Names",
 			},
 
 			"allowed_other_sans": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed other names to put in SANs. These values support globbing and must be in the format <oid>;<type>:<value>. Currently only "utf8" is a valid type. All values, including globbing values, must use this syntax, with the exception being a single "*" which allows any OID and any value (but type must still be utf8).`,
+				DisplayName: "Allow Other Subject Alternative Names",
 			},
 
 			"allowed_serial_numbers": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `If set, an array of allowed serial numbers to put in Subject. These values support globbing.`,
+				DisplayName: "Allowed Serial Numbers",
 			},
 
 			"server_flag": &framework.FieldSchema{
@@ -130,6 +150,7 @@ Any valid URI is accepted, these values support globbing.`,
 				Default: true,
 				Description: `If set, certificates are flagged for server auth use.
 Defaults to true.`,
+				DisplayName: "Server Flag",
 			},
 
 			"client_flag": &framework.FieldSchema{
@@ -137,18 +158,21 @@ Defaults to true.`,
 				Default: true,
 				Description: `If set, certificates are flagged for client auth use.
 Defaults to true.`,
+				DisplayName: "Client Flag",
 			},
 
 			"code_signing_flag": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `If set, certificates are flagged for code signing
 use. Defaults to false.`,
+				DisplayName: "Code Signing Flag",
 			},
 
 			"email_protection_flag": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `If set, certificates are flagged for email
 protection use. Defaults to false.`,
+				DisplayName: "Email Protection Flag",
 			},
 
 			"key_type": &framework.FieldSchema{
@@ -156,6 +180,7 @@ protection use. Defaults to false.`,
 				Default: "rsa",
 				Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
+				DisplayName: "Key Type",
 			},
 
 			"key_bits": &framework.FieldSchema{
@@ -164,6 +189,7 @@ and "ec" are the only valid values.`,
 				Description: `The number of bits to use. You will almost
 certainly want to change this if you adjust
 the key_type.`,
+				DisplayName: "Key Bits",
 			},
 
 			"key_usage": &framework.FieldSchema{
@@ -175,6 +201,7 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
 -- simply drop the "KeyUsage" part of the name.
 To remove all key usages from being set, set
 this value to an empty list.`,
+				DisplayName: "Key Usage",
 			},
 
 			"ext_key_usage": &framework.FieldSchema{
@@ -185,11 +212,13 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
 -- simply drop the "ExtKeyUsage" part of the name.
 To remove all key usages from being set, set
 this value to an empty list.`,
+				DisplayName: "Extended Key Usage",
 			},
 
 			"ext_key_usage_oids": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or list of extended key usage oids.`,
+				DisplayName: "Extended Key Usage OIDs",
 			},
 
 			"use_csr_common_name": &framework.FieldSchema{
@@ -199,6 +228,7 @@ this value to an empty list.`,
 the common name in the CSR will be used. This
 does *not* include any requested Subject Alternative
 Names. Defaults to true.`,
+				DisplayName: "Use CSR Common Name",
 			},
 
 			"use_csr_sans": &framework.FieldSchema{
@@ -207,48 +237,56 @@ Names. Defaults to true.`,
 				Description: `If set, when used with a signing profile,
 the SANs in the CSR will be used. This does *not*
 include the Common Name (cn). Defaults to true.`,
+				DisplayName: "Use CSR Subject Alternative Names",
 			},
 
 			"ou": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, OU (OrganizationalUnit) will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Organizational Unit",
 			},
 
 			"organization": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, O (Organization) will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Organization",
 			},
 
 			"country": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Country will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Country",
 			},
 
 			"locality": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Locality will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Locality/City",
 			},
 
 			"province": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Province will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Province/State",
 			},
 
 			"street_address": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Street Address will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Street Address",
 			},
 
 			"postal_code": &framework.FieldSchema{
 				Type: framework.TypeCommaStringSlice,
 				Description: `If set, Postal Code will be set to
 this value in certificates issued by this role.`,
+				DisplayName: "Postal Code",
 			},
 
 			"generate_lease": &framework.FieldSchema{
@@ -262,7 +300,9 @@ disabled, invoking "pki/revoke" would be the only way to add the certificates
 to the CRL.  When large number of certificates are generated with long
 lifetimes, it is recommended that lease generation be disabled, as large amount of
 leases adversely affect the startup time of Vault.`,
+				DisplayName: "Generate Lease",
 			},
+
 			"no_store": &framework.FieldSchema{
 				Type: framework.TypeBool,
 				Description: `
@@ -272,24 +312,32 @@ certificates. However, certificates issued in this way cannot be enumerated
 or revoked, so this option is recommended only for certificates that are
 non-sensitive, or extremely short-lived. This option implies a value of "false"
 for "generate_lease".`,
+				DisplayName: "No Store",
 			},
+
 			"require_cn": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Default:     true,
 				Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`,
+				DisplayName: "Use CSR Common Name",
 			},
+
 			"policy_identifiers": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A comma-separated string or list of policy oids.`,
+				DisplayName: "Policy Identifiers",
 			},
+
 			"basic_constraints_valid_for_non_ca": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `Mark Basic Constraints valid when issuing non-CA certificates.`,
+				DisplayName: "Basic Constraints Valid for Non-CA",
 			},
 			"not_before_duration": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Default:     30,
 				Description: `The duration before now the cert needs to be created / signed.`,
+				DisplayName: "Not Before Duration",
 			},
 		},
 

From 7b7fcd322e5ac13341f7c6f4152cea1c7c220385 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 10:36:50 -0800
Subject: [PATCH 22/84] wip - add pki

---
 builtin/logical/pki/path_roles.go             | 39 ++++++++++++-------
 ui/app/models/role-pki.js                     |  6 +--
 .../cluster/secrets/backend/credentials.js    |  1 +
 ui/app/utils/openapi-to-attrs.js              |  9 +++--
 4 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index 226e6f59bf80..2d79e023395c 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -63,7 +63,8 @@ the value of max_ttl.`,
 				Default: true,
 				Description: `Whether to allow "localhost" as a valid common
 name in a request`,
-				DisplayName: "Allow Localhost",
+				DisplayName:  "Allow Localhost",
+				DisplayValue: true,
 			},
 
 			"allowed_domains": &framework.FieldSchema{
@@ -115,7 +116,8 @@ information.`,
 				Default: true,
 				Description: `If set, only valid host names are allowed for
 CN and SANs. Defaults to true.`,
-				DisplayName: "Allow Bare Domains",
+				DisplayName:  "Allow Bare Domains",
+				DisplayValue: true,
 			},
 
 			"allow_ip_sans": &framework.FieldSchema{
@@ -123,7 +125,8 @@ CN and SANs. Defaults to true.`,
 				Default: true,
 				Description: `If set, IP Subject Alternative Names are allowed.
 Any valid IP is accepted.`,
-				DisplayName: "Allow IP Subject Alternative Names",
+				DisplayName:  "Allow IP Subject Alternative Names",
+				DisplayValue: true,
 			},
 
 			"allowed_uri_sans": &framework.FieldSchema{
@@ -150,7 +153,8 @@ Any valid URI is accepted, these values support globbing.`,
 				Default: true,
 				Description: `If set, certificates are flagged for server auth use.
 Defaults to true.`,
-				DisplayName: "Server Flag",
+				DisplayName:  "Server Flag",
+				DisplayValue: true,
 			},
 
 			"client_flag": &framework.FieldSchema{
@@ -158,7 +162,8 @@ Defaults to true.`,
 				Default: true,
 				Description: `If set, certificates are flagged for client auth use.
 Defaults to true.`,
-				DisplayName: "Client Flag",
+				DisplayName:  "Client Flag",
+				DisplayValue: true,
 			},
 
 			"code_signing_flag": &framework.FieldSchema{
@@ -181,6 +186,7 @@ protection use. Defaults to false.`,
 				Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
 				DisplayName: "Key Type",
+				DisplayValue: "rsa"
 			},
 
 			"key_bits": &framework.FieldSchema{
@@ -190,6 +196,7 @@ and "ec" are the only valid values.`,
 certainly want to change this if you adjust
 the key_type.`,
 				DisplayName: "Key Bits",
+				DisplayValue: 2048,
 			},
 
 			"key_usage": &framework.FieldSchema{
@@ -202,6 +209,7 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Key Usage",
+				DisplayValue: []string{"DigitalSignature", "KeyAgreement", "KeyEncipherment"},
 			},
 
 			"ext_key_usage": &framework.FieldSchema{
@@ -213,6 +221,7 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Extended Key Usage",
+				DisplayValue: []string{},
 			},
 
 			"ext_key_usage_oids": &framework.FieldSchema{
@@ -229,6 +238,7 @@ the common name in the CSR will be used. This
 does *not* include any requested Subject Alternative
 Names. Defaults to true.`,
 				DisplayName: "Use CSR Common Name",
+				DisplayValue: true,
 			},
 
 			"use_csr_sans": &framework.FieldSchema{
@@ -238,6 +248,7 @@ Names. Defaults to true.`,
 the SANs in the CSR will be used. This does *not*
 include the Common Name (cn). Defaults to true.`,
 				DisplayName: "Use CSR Subject Alternative Names",
+				DisplayValue: true,
 			},
 
 			"ou": &framework.FieldSchema{
@@ -316,10 +327,11 @@ for "generate_lease".`,
 			},
 
 			"require_cn": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Default:     true,
-				Description: `If set to false, makes the 'common_name' field optional while generating a certificate.`,
-				DisplayName: "Use CSR Common Name",
+				Type:         framework.TypeBool,
+				Default:      true,
+				Description:  `If set to false, makes the 'common_name' field optional while generating a certificate.`,
+				DisplayName:  "Use CSR Common Name",
+				DisplayValue: true,
 			},
 
 			"policy_identifiers": &framework.FieldSchema{
@@ -334,10 +346,11 @@ for "generate_lease".`,
 				DisplayName: "Basic Constraints Valid for Non-CA",
 			},
 			"not_before_duration": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     30,
-				Description: `The duration before now the cert needs to be created / signed.`,
-				DisplayName: "Not Before Duration",
+				Type:         framework.TypeDurationSecond,
+				Default:      30,
+				Description:  `The duration before now the cert needs to be created / signed.`,
+				DisplayName:  "Not Before Duration",
+				DisplayValue: 30,
 			},
 		},
 
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 081a0553f42f..c584a00168b9 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,9 +15,9 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['rsa', 'ec'],
-  }),
+  // keyType: attr('string', {
+  //   possibleValues: ['rsa', 'ec'],
+  // }),
   // ttl: attr({
   //   label: 'TTL',
   //   editType: 'ttl',
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 44e8c6de144f..80fa4ec0c531 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -38,6 +38,7 @@ export default Route.extend({
       if (owner.hasRegistration(name) && !newModel.merged) {
         //combine them
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        debugger; //eslint-disable-line
         newModel = newModel.extend(attrs, { newFields });
       } else {
         //generate a whole new model
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index d6b485c6cb23..40ca55b76ccf 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -18,11 +18,15 @@ export const expandOpenApiProps = function(props) {
     attrs[prop.camelize()] = {
       editType: editType,
       type: details.type,
+      label: details['x-vault-displayName'],
+      possibleValues: details['x-vault-allowed-values'],
+      defaultValue: details['x-vault-displayValue'],
     };
 
-    if (props[prop]['x-vault-display-name']) {
-      attrs[prop.camelize()].label = props[prop]['x-vault-display-name'];
+    if (props[prop]['x-vault-displayName']) {
+      attrs[prop.camelize()].label = props[prop]['x-vault-displayName'];
     }
+    // todo: add label, possibleValues, and defaultValue only if they exist
   }
   return attrs;
 };
@@ -30,7 +34,6 @@ export const expandOpenApiProps = function(props) {
 export const combineAttributes = function(oldAttrs, newProps) {
   let newAttrs = {};
   let newFields = [];
-  debugger; //eslint-disable-line
   oldAttrs.forEach(function(value, name) {
     if (newProps[name]) {
       newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));

From 79dd45e8ff41d3a809b73f08a35d2141905e38e4 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 29 Jan 2019 15:28:06 -0800
Subject: [PATCH 23/84] add ldap auth

---
 helper/ldaputil/config.go | 52 +++++++++++++++++++++++++++++++--------
 1 file changed, 42 insertions(+), 10 deletions(-)

diff --git a/helper/ldaputil/config.go b/helper/ldaputil/config.go
index 9da1ffd71a11..3174c01f3293 100644
--- a/helper/ldaputil/config.go
+++ b/helper/ldaputil/config.go
@@ -22,26 +22,33 @@ func ConfigFields() map[string]*framework.FieldSchema {
 			Type:        framework.TypeString,
 			Default:     "ldap://127.0.0.1",
 			Description: "LDAP URL to connect to (default: ldap://127.0.0.1). Multiple URLs can be specified by concatenating them with commas; they will be tried in-order.",
+			DisplayName: "URL",
 		},
 
 		"userdn": {
 			Type:        framework.TypeString,
 			Description: "LDAP domain to use for users (eg: ou=People,dc=example,dc=org)",
+			DisplayName: "User DN",
 		},
 
 		"binddn": {
 			Type:        framework.TypeString,
 			Description: "LDAP DN for searching for the user DN (optional)",
+			DisplayName: "binddn"
 		},
 
 		"bindpass": {
 			Type:        framework.TypeString,
 			Description: "LDAP password for searching for the user DN (optional)",
+			DisplayName: "Password",
+			DisplaySensitive: true,
+
 		},
 
 		"groupdn": {
 			Type:        framework.TypeString,
 			Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)",
+			DisplayName: "Group DN"
 		},
 
 		"groupfilter": {
@@ -51,6 +58,8 @@ func ConfigFields() map[string]*framework.FieldSchema {
 The template can access the following context variables: UserDN, Username
 Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
 Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`,
+			DisplayName: "Group Filter",
+			DisplayValue: "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))",
 		},
 
 		"groupattr": {
@@ -60,55 +69,76 @@ Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}
 in order to enumerate user group membership.
 Examples: "cn" or "memberOf", etc.
 Default: cn`,
+			DisplayName: "Group Attribute",
+			DisplayValue: "cn",
 		},
 
 		"upndomain": {
 			Type:        framework.TypeString,
 			Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)",
+			DisplayName: "User Principal (UPN) Domain"
 		},
 
 		"userattr": {
 			Type:        framework.TypeString,
 			Default:     "cn",
 			Description: "Attribute used for users (default: cn)",
+			DisplayName: "User Attribute",
+			DisplayValue: "cn"
+
 		},
 
 		"certificate": {
 			Type:        framework.TypeString,
 			Description: "CA certificate to use when verifying LDAP server certificate, must be x509 PEM encoded (optional)",
+			DisplayName: "Certificate",
 		},
 
 		"discoverdn": {
 			Type:        framework.TypeBool,
 			Description: "Use anonymous bind to discover the bind DN of a user (optional)",
+			DisplayName: "Discover DN",
+			DisplayValue: false,
 		},
 
 		"insecure_tls": {
-			Type:        framework.TypeBool,
-			Description: "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
+			Type:         framework.TypeBool,
+			Description:  "Skip LDAP server SSL Certificate verification - VERY insecure (optional)",
+			DisplayName:  "Insecure TLS",
+			DisplayValue: false,
 		},
 
 		"starttls": {
-			Type:        framework.TypeBool,
-			Description: "Issue a StartTLS command after establishing unencrypted connection (optional)",
+			Type:         framework.TypeBool,
+			Description:  "Issue a StartTLS command after establishing unencrypted connection (optional)",
+			DisplayName:  "StartTLS",
+			DisplayValue: false,
 		},
 
 		"tls_min_version": {
-			Type:        framework.TypeString,
-			Default:     "tls12",
-			Description: "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			Type:          framework.TypeString,
+			Default:       "tls12",
+			Description:   "Minimum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			DisplayName:   "Minimum TLS Version",
+			DisplayValue:  "tls12",
+			AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
 		},
 
 		"tls_max_version": {
-			Type:        framework.TypeString,
-			Default:     "tls12",
-			Description: "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			Type:          framework.TypeString,
+			Default:       "tls12",
+			Description:   "Maximum TLS version to use. Accepted values are 'tls10', 'tls11' or 'tls12'. Defaults to 'tls12'",
+			DisplayName:   "Maxumum TLS Version",
+			DisplayValue:  "tls12",
+			AllowedValues: []interface{}{"tls10", "tls11", "tls12"},
 		},
 
 		"deny_null_bind": {
 			Type:        framework.TypeBool,
 			Default:     true,
 			Description: "Denies an unauthenticated LDAP bind request if the user's password is empty; defaults to true",
+			DisplayName: "Deny Null Bind",
+			DisplayValue: true,
 		},
 
 		"case_sensitive_names": {
@@ -120,6 +150,8 @@ Default: cn`,
 			Type:        framework.TypeBool,
 			Default:     false,
 			Description: "If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.",
+			DisplayName: "Use Token Groups",
+			DisplayValue: false,
 		},
 	}
 }

From cf04a645364af39d5b51e7f63416f631dbaad65a Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 30 Jan 2019 11:06:53 -0500
Subject: [PATCH 24/84] fix conflicts

---
 builtin/logical/pki/path_roles.go | 12 ------------
 ui/app/utils/openapi-to-attrs.js  |  1 -
 2 files changed, 13 deletions(-)

diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go
index 3e5992cd214c..0ca12036d43a 100644
--- a/builtin/logical/pki/path_roles.go
+++ b/builtin/logical/pki/path_roles.go
@@ -186,12 +186,8 @@ protection use. Defaults to false.`,
 				Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
 				DisplayName: "Key Type",
-<<<<<<< HEAD
-				DisplayValue: "rsa"
-=======
 				DisplayValue: "rsa",
 				AllowedValues: []interface{}{"rsa", "ec"},
->>>>>>> 13172fd06e938881b7c68fc249ca21f497be7d25
 			},
 
 			"key_bits": &framework.FieldSchema{
@@ -214,11 +210,7 @@ https://golang.org/pkg/crypto/x509/#KeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Key Usage",
-<<<<<<< HEAD
-				DisplayValue: []string{"DigitalSignature", "KeyAgreement", "KeyEncipherment"},
-=======
 				DisplayValue: "DigitalSignature,KeyAgreement,KeyEncipherment",
->>>>>>> 13172fd06e938881b7c68fc249ca21f497be7d25
 			},
 
 			"ext_key_usage": &framework.FieldSchema{
@@ -230,10 +222,6 @@ https://golang.org/pkg/crypto/x509/#ExtKeyUsage
 To remove all key usages from being set, set
 this value to an empty list.`,
 				DisplayName: "Extended Key Usage",
-<<<<<<< HEAD
-				DisplayValue: []string{},
-=======
->>>>>>> 13172fd06e938881b7c68fc249ca21f497be7d25
 			},
 
 			"ext_key_usage_oids": &framework.FieldSchema{
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 1184372b7148..3c5a83ead543 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -27,7 +27,6 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].label = details['x-vault-displayName'];
     }
     if (details['enum']) {
-      debugger; //eslint-disable-line
       attrs[prop.camelize()].possibleValues = details['enum'];
     }
     if (details['x-vault-displayValue']) {

From 5adad21ed682f9f720a6401c0ef437e90043be76 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 30 Jan 2019 12:14:13 -0500
Subject: [PATCH 25/84] make ssh work without adding in new fields

---
 builtin/logical/aws/path_roles.go             |   9 ++
 builtin/logical/ssh/path_roles.go             |  30 +++-
 helper/ldaputil/config.go                     |  14 +-
 ui/app/models/role-ssh.js                     | 129 +++++++-----------
 .../cluster/secrets/backend/secret-edit.js    |   1 +
 5 files changed, 98 insertions(+), 85 deletions(-)

diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go
index c02c752af3f3..1067ba72144d 100644
--- a/builtin/logical/aws/path_roles.go
+++ b/builtin/logical/aws/path_roles.go
@@ -36,21 +36,25 @@ func pathRoles(b *backend) *framework.Path {
 			"name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the policy",
+				DisplayName: "Policy Name",
 			},
 
 			"credential_type": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: fmt.Sprintf("Type of credential to retrieve. Must be one of %s, %s, or %s", assumedRoleCred, iamUserCred, federationTokenCred),
+				DisplayName: "Credential Type",
 			},
 
 			"role_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS roles allowed to be assumed. Only valid when credential_type is " + assumedRoleCred,
+				DisplayName: "Role ARNs",
 			},
 
 			"policy_arns": &framework.FieldSchema{
 				Type:        framework.TypeCommaStringSlice,
 				Description: "ARNs of AWS policies to attach to IAM users. Only valid when credential_type is " + iamUserCred,
+				DisplayName: "Policy ARNs",
 			},
 
 			"policy_document": &framework.FieldSchema{
@@ -60,27 +64,32 @@ iam_user, then it will attach the contents of the policy_document to the IAM
 user generated. When credential_type is assumed_role or federation_token, this
 will be passed in as the Policy parameter to the AssumeRole or
 GetFederationToken API call, acting as a filter on permissions available.`,
+				DisplayName: "Policy Document",
 			},
 
 			"default_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Default TTL for %s and %s credential types when no TTL is explicitly requested with the credentials", assumedRoleCred, federationTokenCred),
+				DisplayName: "Default TTL",
 			},
 
 			"max_sts_ttl": &framework.FieldSchema{
 				Type:        framework.TypeDurationSecond,
 				Description: fmt.Sprintf("Max allowed TTL for %s and %s credential types", assumedRoleCred, federationTokenCred),
+				DisplayName: "Max TTL",
 			},
 
 			"arn": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `Deprecated; use role_arns or policy_arns instead. ARN Reference to a managed policy
 or IAM role to assume`,
+				Deprecated: true,
 			},
 
 			"policy": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Deprecated; use policy_document instead. IAM policy document",
+				Deprecated: true,
 			},
 		},
 
diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go
index 76fda0e0ea40..01aa75630563 100644
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -72,6 +72,7 @@ func pathRoles(b *backend) *framework.Path {
 				Description: `
 				[Required for all types]
 				Name of the role being created.`,
+				DisplayName: "Role Name",
 			},
 			"key": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -79,6 +80,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Required for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type]
 				Name of the registered key in Vault. Before creating the role, use the
 				'keys/' endpoint to create a named key.`,
+				DisplayName: "Key",
 			},
 			"admin_user": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -89,6 +91,7 @@ func pathRoles(b *backend) *framework.Path {
 				credential is being generated for other users, Vault uses this admin
 				username to login to remote host and install the generated credential
 				for the other user.`,
+				DisplayName: "Admin Username",
 			},
 			"default_user": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -97,6 +100,7 @@ func pathRoles(b *backend) *framework.Path {
 				Default username for which a credential will be generated.
 				When the endpoint 'creds/' is used without a username, this
 				value will be used as default username.`,
+				DisplayName: "Default Username",
 			},
 			"cidr_list": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -104,6 +108,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type]
 				Comma separated list of CIDR blocks for which the role is applicable for.
 				CIDR blocks can belong to more than one role.`,
+				DisplayName: "Admin Username",
 			},
 			"exclude_cidr_list": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -112,6 +117,7 @@ func pathRoles(b *backend) *framework.Path {
 				Comma separated list of CIDR blocks. IP addresses belonging to these blocks are not
 				accepted by the role. This is particularly useful when big CIDR blocks are being used
 				by the role and certain parts of it needs to be kept out.`,
+				DisplayName: "Exclude CIDR List",
 			},
 			"port": &framework.FieldSchema{
 				Type: framework.TypeInt,
@@ -121,6 +127,8 @@ func pathRoles(b *backend) *framework.Path {
 				play any role in creation of OTP. For 'otp' type, this is just a way
 				to inform client about the port number to use. Port number will be
 				returned to client by Vault server along with OTP.`,
+				DisplayName: "Port",
+				DisplayValue: 22,
 			},
 			"key_type": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -128,12 +136,16 @@ func pathRoles(b *backend) *framework.Path {
 				[Required for all types]
 				Type of key used to login to hosts. It can be either 'otp', 'dynamic' or 'ca'.
 				'otp' type requires agent to be installed in remote hosts.`,
+				DisplayName: "Key Type",
+				AllowedValues: []interface{}{"otp", "ca"},
+				DisplayValue: "ca",
 			},
 			"key_bits": &framework.FieldSchema{
 				Type: framework.TypeInt,
 				Description: `
 				[Optional for Dynamic type] [Not applicable for OTP type] [Not applicable for CA type]
 				Length of the RSA dynamic key in bits. It is 1024 by default or it can be 2048.`,
+				DisplayName: "Key Bits",
 			},
 			"install_script": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -142,6 +154,7 @@ func pathRoles(b *backend) *framework.Path {
 				Script used to install and uninstall public keys in the target machine.
 				The inbuilt default install script will be for Linux hosts. For sample
 				script, refer the project documentation website.`,
+				DisplayName: "Install Script",
 			},
 			"allowed_users": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -158,6 +171,7 @@ func pathRoles(b *backend) *framework.Path {
 				list means that no users are allowed; explicitly specify '*' to
 				allow any user.
 				`,
+				DisplayName: "Allowed Users",
 			},
 			"allowed_domains": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -166,6 +180,7 @@ func pathRoles(b *backend) *framework.Path {
 				If this option is not specified, client can request for a signed certificate for any
 				valid host. If only certain domains are allowed, then this list enforces it.
 				`,
+				DisplayName: "Allowed Domains",
 			},
 			"key_option_specs": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -175,6 +190,7 @@ func pathRoles(b *backend) *framework.Path {
 				authorized_keys file. Options should be valid and comply with authorized_keys
 				file format and should not contain spaces.
 				`,
+				DisplayName: "CIDR List",
 			},
 			"ttl": &framework.FieldSchema{
 				Type: framework.TypeDurationSecond,
@@ -184,6 +200,7 @@ func pathRoles(b *backend) *framework.Path {
 				requested. The lease duration controls the expiration
 				of certificates issued by this backend. Defaults to
 				the value of max_ttl.`,
+				DisplayName: "TTL",
 			},
 			"max_ttl": &framework.FieldSchema{
 				Type: framework.TypeDurationSecond,
@@ -191,6 +208,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
 				The maximum allowed lease duration
 				`,
+				DisplayName: "Max TTL",
 			},
 			"allowed_critical_options": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -198,7 +216,8 @@ func pathRoles(b *backend) *framework.Path {
 				[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
 				A comma-separated list of critical options that certificates can have when signed.
  				To allow any critical options, set this to an empty string.
- 				`,
+				 `,
+				DisplayName: "Allowed Critical Options",
 			},
 			"allowed_extensions": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -207,6 +226,7 @@ func pathRoles(b *backend) *framework.Path {
 				A comma-separated list of extensions that certificates can have when signed.
 				To allow any extensions, set this to an empty string.
 				`,
+				DisplayName: "Allowed Extensions",
 			},
 			"default_critical_options": &framework.FieldSchema{
 				Type: framework.TypeMap,
@@ -217,6 +237,7 @@ func pathRoles(b *backend) *framework.Path {
 				value pairs in JSON format.  Note that these are not restricted
 				by "allowed_critical_options". Defaults to none.
 				`,
+				DisplayName: "Default Critical Options",
 			},
 			"default_extensions": &framework.FieldSchema{
 				Type: framework.TypeMap,
@@ -227,6 +248,7 @@ func pathRoles(b *backend) *framework.Path {
 				pairs in JSON format. Note that these are not restricted by
 				"allowed_extensions". Defaults to none.
 				`,
+				DisplayName: "Default Extensions",
 			},
 			"allow_user_certificates": &framework.FieldSchema{
 				Type: framework.TypeBool,
@@ -235,6 +257,7 @@ func pathRoles(b *backend) *framework.Path {
 				If set, certificates are allowed to be signed for use as a 'user'.
 				`,
 				Default: false,
+				DisplayName: "Allow User Certificates",
 			},
 			"allow_host_certificates": &framework.FieldSchema{
 				Type: framework.TypeBool,
@@ -243,6 +266,7 @@ func pathRoles(b *backend) *framework.Path {
 				If set, certificates are allowed to be signed for use as a 'host'.
 				`,
 				Default: false,
+				DisplayName: "Allow Host Certificates",
 			},
 			"allow_bare_domains": &framework.FieldSchema{
 				Type: framework.TypeBool,
@@ -252,6 +276,7 @@ func pathRoles(b *backend) *framework.Path {
 				"allowed_domains", e.g. "example.com".
 				This is a separate option as in some cases this can be considered a security threat.
 				`,
+				DisplayName: "Allow Bare Domains",
 			},
 			"allow_subdomains": &framework.FieldSchema{
 				Type: framework.TypeBool,
@@ -259,6 +284,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
 				If set, host certificates that are requested are allowed to use subdomains of those listed in "allowed_domains".
 				`,
+				DisplayName: "Allow Subdomains",
 			},
 			"allow_user_key_ids": &framework.FieldSchema{
 				Type: framework.TypeBool,
@@ -268,6 +294,7 @@ func pathRoles(b *backend) *framework.Path {
 				When false, the key ID will always be the token display name.
 				The key ID is logged by the SSH server and can be useful for auditing.
 				`,
+				DisplayName: "Allow User Key IDs",
 			},
 			"key_id_format": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -278,6 +305,7 @@ func pathRoles(b *backend) *framework.Path {
 				the token used to make the request. '{{role_name}}' - The name of the role signing the request.
 				'{{public_key_hash}}' - A SHA256 checksum of the public key that is being signed.
 				`,
+				DisplayName: "Key ID Format",
 			},
 		},
 
diff --git a/helper/ldaputil/config.go b/helper/ldaputil/config.go
index 3174c01f3293..3b351f98b709 100644
--- a/helper/ldaputil/config.go
+++ b/helper/ldaputil/config.go
@@ -34,7 +34,7 @@ func ConfigFields() map[string]*framework.FieldSchema {
 		"binddn": {
 			Type:        framework.TypeString,
 			Description: "LDAP DN for searching for the user DN (optional)",
-			DisplayName: "binddn"
+			DisplayName: "Name of Object to bind (binddn)",
 		},
 
 		"bindpass": {
@@ -42,13 +42,12 @@ func ConfigFields() map[string]*framework.FieldSchema {
 			Description: "LDAP password for searching for the user DN (optional)",
 			DisplayName: "Password",
 			DisplaySensitive: true,
-
 		},
 
 		"groupdn": {
 			Type:        framework.TypeString,
 			Description: "LDAP search base to use for group membership search (eg: ou=Groups,dc=example,dc=org)",
-			DisplayName: "Group DN"
+			DisplayName: "Group DN",
 		},
 
 		"groupfilter": {
@@ -59,7 +58,6 @@ The template can access the following context variables: UserDN, Username
 Example: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
 Default: (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))`,
 			DisplayName: "Group Filter",
-			DisplayValue: "(|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}}))",
 		},
 
 		"groupattr": {
@@ -76,7 +74,7 @@ Default: cn`,
 		"upndomain": {
 			Type:        framework.TypeString,
 			Description: "Enables userPrincipalDomain login with [username]@UPNDomain (optional)",
-			DisplayName: "User Principal (UPN) Domain"
+			DisplayName: "User Principal (UPN) Domain",
 		},
 
 		"userattr": {
@@ -84,8 +82,7 @@ Default: cn`,
 			Default:     "cn",
 			Description: "Attribute used for users (default: cn)",
 			DisplayName: "User Attribute",
-			DisplayValue: "cn"
-
+			DisplayValue: "cn",
 		},
 
 		"certificate": {
@@ -111,7 +108,7 @@ Default: cn`,
 		"starttls": {
 			Type:         framework.TypeBool,
 			Description:  "Issue a StartTLS command after establishing unencrypted connection (optional)",
-			DisplayName:  "StartTLS",
+			DisplayName:  "Issue StartTLS command after establishing an unencrypted connection",
 			DisplayValue: false,
 		},
 
@@ -144,6 +141,7 @@ Default: cn`,
 		"case_sensitive_names": {
 			Type:        framework.TypeBool,
 			Description: "If true, case sensitivity will be used when comparing usernames and groups for matching policies.",
+			DisplayName: "Case Sensitive Names",
 		},
 
 		"use_token_groups": {
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 9c870f76f0e1..72d05eb04402 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -46,92 +46,69 @@ export default DS.Model.extend({
     readOnly: true,
   }),
   name: attr('string', {
-    label: 'Role name',
+    label: 'Role Name',
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['ca', 'otp'],
-  }),
-  // adminUser: attr('string', {
-  //   helpText: 'Username of the admin user at the remote host',
-  // }),
-  // defaultUser: attr('string', {
-  //   helpText: "Username to use when one isn't specified",
-  // }),
-  // allowedUsers: attr('string', {
-  //   helpText:
-  //     'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
-  // }),
-  // allowedDomains: attr('string', {
-  //   helpText:
-  //     'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
-  // }),
-  // cidrList: attr('string', {
-  //   label: 'CIDR list',
-  //   helpText: 'List of CIDR blocks for which this role is applicable',
-  // }),
-  // excludeCidrList: attr('string', {
-  //   label: 'Exclude CIDR list',
-  //   helpText: 'List of CIDR blocks that are not accepted by this role',
-  // }),
+  adminUser: attr('string', {
+    helpText: 'Username of the admin user at the remote host',
+  }),
+  defaultUser: attr('string', {
+    helpText: "Username to use when one isn't specified",
+  }),
+  allowedUsers: attr('string', {
+    helpText:
+      'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
+  }),
+  allowedDomains: attr('string', {
+    helpText:
+      'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
+  }),
+  cidrList: attr('string', {
+    helpText: 'List of CIDR blocks for which this role is applicable',
+  }),
+  excludeCidrList: attr('string', {
+    helpText: 'List of CIDR blocks that are not accepted by this role',
+  }),
   port: attr('number', {
-    defaultValue: 22,
     helpText: 'Port number for the SSH connection (default is `22`)',
   }),
-  // ttl: attr({
-  //   label: 'TTL',
-  //   editType: 'ttl',
-  // }),
-  // maxTtl: attr({
-  //   label: 'Max TTL',
-  //   editType: 'ttl',
-  // }),
-  // allowedCriticalOptions: attr('string', {
-  //   helpText: 'List of critical options that certificates have when signed',
-  // }),
-  // defaultCriticalOptions: attr('object', {
-  //   helpText: 'Map of critical options certificates should have if none are provided when signing',
-  // }),
-  // allowedExtensions: attr('string', {
-  //   helpText: 'List of extensions that certificates can have when signed',
-  // }),
-  // defaultExtensions: attr('object', {
-  //   helpText: 'Map of extensions certificates should have if none are provided when signing',
-  // }),
-  // allowUserCertificates: attr('boolean', {
-  //   helpText: 'Specifies if certificates are allowed to be signed for us as a user',
-  // }),
-  // allowHostCertificates: attr('boolean', {
-  //   helpText: 'Specifies if certificates are allowed to be signed for us as a host',
-  // }),
-  // allowBareDomains: attr('boolean', {
-  //   helpText:
-  //     'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
-  // }),
-  // allowSubdomains: attr('boolean', {
-  //   helpText:
-  //     'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
-  // }),
-  // allowUserKeyIds: attr('boolean', {
-  //   label: 'Allow user key IDs',
-  //   helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
-  // }),
-  // keyIdFormat: attr('string', {
-  //   label: 'Key ID format',
-  //   helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
-  // }),
+  allowedCriticalOptions: attr('string', {
+    helpText: 'List of critical options that certificates have when signed',
+  }),
+  defaultCriticalOptions: attr('object', {
+    helpText: 'Map of critical options certificates should have if none are provided when signing',
+  }),
+  allowedExtensions: attr('string', {
+    helpText: 'List of extensions that certificates can have when signed',
+  }),
+  defaultExtensions: attr('object', {
+    helpText: 'Map of extensions certificates should have if none are provided when signing',
+  }),
+  allowUserCertificates: attr('boolean', {
+    helpText: 'Specifies if certificates are allowed to be signed for us as a user',
+  }),
+  allowHostCertificates: attr('boolean', {
+    helpText: 'Specifies if certificates are allowed to be signed for us as a host',
+  }),
+  allowBareDomains: attr('boolean', {
+    helpText:
+      'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
+  }),
+  allowSubdomains: attr('boolean', {
+    helpText:
+      'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
+  }),
+  allowUserKeyIds: attr('boolean', {
+    helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
+  }),
+  keyIdFormat: attr('string', {
+    helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
+  }),
 
   attrsForKeyType: computed('keyType', function() {
     const keyType = this.get('keyType');
     let keys = keyType === 'ca' ? CA_FIELDS.slice(0) : OTP_FIELDS.slice(0);
-    debugger; //eslint-disable-line
-    // if (this.newFields) {
-    //   let otherFields = this.newFields.filter(field => !keys.includes(field));
-    //   if (otherFields.length) {
-    //     keys = keys.concat(otherFields);
-    //   }
-    // }
     return expandAttributeMeta(this, keys);
   }),
 
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index d3c217a1f081..06f928e43f86 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -77,6 +77,7 @@ export default Route.extend(UnloadModelRoute, {
         newModel.reopenClass({ merged: true });
         owner.unregister(name);
         owner.register(name, newModel);
+        debugger; //eslint-disable-line
       })
       .catch(e => {
         debugger; //eslint-disable-line

From 82c85aaa9b608d3a3066cc9571db6384142eb413 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 30 Jan 2019 13:47:00 -0500
Subject: [PATCH 26/84] remove cruft from role-pki

---
 ui/app/models/role-pki.js | 94 ---------------------------------------
 1 file changed, 94 deletions(-)

diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index dde41ce74abf..912c240d8e74 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,100 +15,6 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  // keyType: attr('string', {
-  //   possibleValues: ['rsa', 'ec'],
-  // }),
-  // ttl: attr({
-  //   label: 'TTL',
-  //   editType: 'ttl',
-  // }),
-  // maxTtl: attr({
-  //   label: 'Max TTL',
-  //   editType: 'ttl',
-  // }),
-  // allowLocalhost: attr('boolean', {}),
-  // allowedDomains: attr('string', {}),
-  // allowBareDomains: attr('boolean', {}),
-  // allowSubdomains: attr('boolean', {}),
-  // allowGlobDomains: attr('boolean', {}),
-  // allowAnyName: attr('boolean', {}),
-  // enforceHostnames: attr('boolean', {}),
-  // allowIpSans: attr('boolean', {
-  //   defaultValue: true,
-  //   label: 'Allow clients to request IP Subject Alternative Names (SANs)',
-  // }),
-  // allowedOtherSans: attr({
-  //   editType: 'stringArray',
-  //   label: 'Allowed Other SANs',
-  // }),
-  // serverFlag: attr('boolean', {
-  //   defaultValue: true,
-  // }),
-  // clientFlag: attr('boolean', {
-  //   defaultValue: true,
-  // }),
-  // codeSigningFlag: attr('boolean', {}),
-  // emailProtectionFlag: attr('boolean', {}),
-  // keyBits: attr('number', {
-  //   defaultValue: 2048,
-  // }),
-  // keyUsage: attr('string', {
-  //   defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
-  //   editType: 'stringArray',
-  // }),
-  // extKeyUsageOids: attr({
-  //   label: 'Custom extended key usage OIDs',
-  //   editType: 'stringArray',
-  // }),
-  // requireCn: attr('boolean', {
-  //   label: 'Require common name',
-  //   defaultValue: true,
-  // }),
-  // useCsrCommonName: attr('boolean', {
-  //   label: 'Use CSR common name',
-  //   defaultValue: true,
-  // }),
-  // useCsrSans: attr('boolean', {
-  //   defaultValue: true,
-  //   label: 'Use CSR subject alternative names (SANs)',
-  // }),
-  // ou: attr({
-  //   label: 'OU (OrganizationalUnit)',
-  //   editType: 'stringArray',
-  // }),
-  // organization: attr({
-  //   editType: 'stringArray',
-  // }),
-  // country: attr({
-  //   editType: 'stringArray',
-  // }),
-  // locality: attr({
-  //   editType: 'stringArray',
-  //   label: 'Locality/City',
-  // }),
-  // province: attr({
-  //   editType: 'stringArray',
-  //   label: 'Province/State',
-  // }),
-  // streetAddress: attr({
-  //   editType: 'stringArray',
-  // }),
-  // postalCode: attr({
-  //   editType: 'stringArray',
-  // }),
-  // generateLease: attr('boolean', {}),
-  // noStore: attr('boolean', {}),
-  // policyIdentifiers: attr({
-  //   editType: 'stringArray',
-  // }),
-  // basicConstraintsValidForNonCA: attr('boolean', {
-  //   label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
-  // }),
-  // notBeforeDuration: attr({
-  //   label: 'Not Before Duration',
-  //   editType: 'ttl',
-  //   defaultValue: '30s',
-  // }),
 
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),

From f175745cc88607ffef6e014d97cb033ec1a6fda9 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 30 Jan 2019 15:59:06 -0500
Subject: [PATCH 27/84] update api fields for pki certs

---
 builtin/logical/pki/fields.go              | 31 ++++++++++++
 ui/app/models/pki-certificate.js           | 58 +++++++++++-----------
 ui/app/templates/components/form-field.hbs |  9 +++-
 3 files changed, 68 insertions(+), 30 deletions(-)

diff --git a/builtin/logical/pki/fields.go b/builtin/logical/pki/fields.go
index dee7779be2c9..aede16fb8f2f 100644
--- a/builtin/logical/pki/fields.go
+++ b/builtin/logical/pki/fields.go
@@ -11,6 +11,7 @@ func addIssueAndSignCommonFields(fields map[string]*framework.FieldSchema) map[s
 		Description: `If true, the Common Name will not be
 included in DNS or Email Subject Alternate Names.
 Defaults to false (CN is included).`,
+		DisplayName: "Exclude Common Name from Subject Alternative Names (SANs)",
 	}
 
 	fields["format"] = &framework.FieldSchema{
@@ -20,6 +21,9 @@ Defaults to false (CN is included).`,
 or "pem_bundle". If "pem_bundle" any private
 key and issuing cert will be appended to the
 certificate pem. Defaults to "pem".`,
+		DisplayName: "Format",
+		AllowedValues: []interface{}{"pem", "der", "pem_bundle"},
+		DisplayValue: "pem",
 	}
 
 	fields["private_key_format"] = &framework.FieldSchema{
@@ -31,24 +35,30 @@ parameter as either base64-encoded DER or PEM-encoded DER.
 However, this can be set to "pkcs8" to have the returned
 private key contain base64-encoded pkcs8 or PEM-encoded
 pkcs8 instead. Defaults to "der".`,
+		DisplayName: "Private Key Format",
+		AllowedValues: []interface{}{"", "der", "pem", "pkcs8"},
+		DisplayValue: "",
 	}
 
 	fields["ip_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested IP SANs, if any, in a
 comma-delimited list`,
+		DisplayName: "IP Subject Alternative Names (SANs)",
 	}
 
 	fields["uri_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `The requested URI SANs, if any, in a
 comma-delimited list.`,
+		DisplayName: "URI Subject Alternative Names (SANs)",
 	}
 
 	fields["other_sans"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `Requested other SANs, in an array with the format
 <oid>;UTF8:<utf8 string value> for each entry.`,
+		DisplayName: "Other SANs",
 	}
 
 	return fields
@@ -71,6 +81,7 @@ request`,
 one, specify the alternative names in the
 alt_names map. If email protection is enabled
 in the role, this may be an email address.`,
+		DisplayName: "Common Name",
 	}
 
 	fields["alt_names"] = &framework.FieldSchema{
@@ -79,6 +90,7 @@ in the role, this may be an email address.`,
 in a comma-delimited list. If email protection
 is enabled for the role, this may contain
 email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
@@ -86,6 +98,7 @@ email addresses.`,
 		Description: `The requested serial number, if any. If you want
 more than one, specify alternative names in
 the alt_names map using OID 2.5.4.5.`,
+		DisplayName: "Serial Number",
 	}
 
 	fields["ttl"] = &framework.FieldSchema{
@@ -95,6 +108,7 @@ sets the expiration date. If not specified
 the role default, backend default, or system
 default TTL is used, in that order. Cannot
 be larger than the role max TTL.`,
+		DisplayName: "TTL",
 	}
 
 	return fields
@@ -110,6 +124,7 @@ func addCACommonFields(fields map[string]*framework.FieldSchema) map[string]*fra
 		Description: `The requested Subject Alternative Names, if any,
 in a comma-delimited list. May contain both
 DNS names and email addresses.`,
+		DisplayName: "DNS/Email Subject Alternative Names (SANs)",
 	}
 
 	fields["common_name"] = &framework.FieldSchema{
@@ -119,6 +134,7 @@ one, specify the alternative names in the alt_names
 map. If not specified when signing, the common
 name will be taken from the CSR; other names
 must still be specified in alt_names or ip_sans.`,
+		DisplayName: "Common Name",
 	}
 
 	fields["ttl"] = &framework.FieldSchema{
@@ -131,12 +147,15 @@ be larger than the mount max TTL. Note:
 this only has an effect when generating
 a CA cert or signing a CA cert, not when
 generating a CSR for an intermediate CA.`,
+		DisplayName: "TTL",
 	}
 
 	fields["ou"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, OU (OrganizationalUnit) will be set to
 this value.`,
+	DisplayName: "Common Name",
+
 	}
 
 	fields["organization"] = &framework.FieldSchema{
@@ -155,24 +174,28 @@ this value.`,
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Locality will be set to
 this value.`,
+		DisplayName: "Locality/City",
 	}
 
 	fields["province"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Province will be set to
 this value.`,
+		DisplayName: "Province/State",
 	}
 
 	fields["street_address"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Street Address will be set to
 this value.`,
+		DisplayName: "Street Address",
 	}
 
 	fields["postal_code"] = &framework.FieldSchema{
 		Type: framework.TypeCommaStringSlice,
 		Description: `If set, Postal Code will be set to
 this value.`,
+		DisplayName: "Postal Code",
 	}
 
 	fields["serial_number"] = &framework.FieldSchema{
@@ -180,6 +203,7 @@ this value.`,
 		Description: `The requested serial number, if any. If you want
 more than one, specify alternative names in
 the alt_names map using OID 2.5.4.5.`,
+		DisplayName: "Serial Number",
 	}
 
 	return fields
@@ -202,6 +226,7 @@ the private key!`,
 		Description: `The number of bits to use. You will almost
 certainly want to change this if you adjust
 the key_type.`,
+		DisplayName: "Key Bits",
 	}
 
 	fields["key_type"] = &framework.FieldSchema{
@@ -209,6 +234,9 @@ the key_type.`,
 		Default: "rsa",
 		Description: `The type of key to use; defaults to RSA. "rsa"
 and "ec" are the only valid values.`,
+		DisplayName: "Key Type",
+		AllowedValues: []interface{}{"rsa", "ec"},
+		DisplayValue: "rsa",
 	}
 
 	return fields
@@ -221,11 +249,14 @@ func addCAIssueFields(fields map[string]*framework.FieldSchema) map[string]*fram
 		Type:        framework.TypeInt,
 		Default:     -1,
 		Description: "The maximum allowable path length",
+		DisplayName: "Max Path Length",
+		DisplayValue: -1,
 	}
 
 	fields["permitted_dns_domains"] = &framework.FieldSchema{
 		Type:        framework.TypeCommaStringSlice,
 		Description: `Domains for which this certificate is allowed to sign or issue child certificates. If set, all DNS names (subject and alt) on child certs must be exact matches or subsets of the given domains (see https://tools.ietf.org/html/rfc5280#section-4.2.1.10).`,
+		DisplayName: "Permitted DNS Domains",
 	}
 
 	return fields
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index ca3c264e93a5..70b38fcfa1fe 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -31,10 +31,10 @@ export default DS.Model.extend({
     readOnly: true,
   }),
 
-  revocationTime: attr('number'),
-  commonName: attr('string', {
-    label: 'Common Name',
-  }),
+  // revocationTime: attr('number'),
+  // commonName: attr('string', {
+  //   label: 'Common Name',
+  // }),
 
   // altNames: attr('string', {
   //   label: 'DNS/Email Subject Alternative Names (SANs)',
@@ -43,38 +43,38 @@ export default DS.Model.extend({
   // ipSans: attr('string', {
   //   label: 'IP Subject Alternative Names (SANs)',
   // }),
-  // otherSans: attr({
-  //   editType: 'stringArray',
-  //   label: 'Other SANs',
-  //   helpText:
-  //     'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
-  // }),
+  otherSans: attr({
+    // editType: 'stringArray',
+    // label: 'Other SANs',
+    helpText:
+      'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
+  }),
 
   // ttl: attr({
   //   label: 'TTL',
   //   editType: 'ttl',
   // }),
 
-  format: attr('string', {
-    defaultValue: 'pem',
-    possibleValues: ['pem', 'der', 'pem_bundle'],
-  }),
+  // format: attr('string', {
+  //   defaultValue: 'pem',
+  //   possibleValues: ['pem', 'der', 'pem_bundle'],
+  // }),
 
-  excludeCnFromSans: attr('boolean', {
-    label: 'Exclude Common Name from Subject Alternative Names (SANs)',
-    defaultValue: false,
-  }),
+  // excludeCnFromSans: attr('boolean', {
+  //   label: 'Exclude Common Name from Subject Alternative Names (SANs)',
+  //   defaultValue: false,
+  // }),
 
-  certificate: attr('string'),
-  issuingCa: attr('string', {
-    label: 'Issuing CA',
-  }),
-  caChain: attr('string', {
-    label: 'CA chain',
-  }),
-  privateKey: attr('string'),
-  privateKeyType: attr('string'),
-  serialNumber: attr('string'),
+  // certificate: attr('string'),
+  // issuingCa: attr('string', {
+  //   label: 'Issuing CA',
+  // }),
+  // caChain: attr('string', {
+  //   label: 'CA chain',
+  // }),
+  // privateKey: attr('string'),
+  // privateKeyType: attr('string'),
+  // serialNumber: attr('string'),
 
   fieldsToAttrs(fieldGroups) {
     return fieldToAttrs(this, fieldGroups);
@@ -95,7 +95,7 @@ export default DS.Model.extend({
         !allFields.includes(field);
       });
       if (otherFields.length) {
-        groups.push({ Other: otherFields });
+        groups.default.concat(otherFields);
       }
     }
     return groups;
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index 91fd3a89d162..a77bc452b4d0 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -4,7 +4,14 @@
     (contains
       attr.options.editType
       (array
-        "searchSelect" "mountAccessor" "kv" "file" "ttl" "stringArray" "json"
+        "boolean"
+        "searchSelect"
+        "mountAccessor"
+        "kv"
+        "file"
+        "ttl"
+        "stringArray"
+        "json"
       )
     )
   )

From 15a8fadf294dc54264e929c598cef4b612d75f9b Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Wed, 30 Jan 2019 14:31:01 -0800
Subject: [PATCH 28/84] handle url building for auth configs

---
 ui/app/adapters/auth-config/ldap.js           |  7 ++-
 ui/app/models/auth-config/ldap.js             | 58 +++++++++----------
 .../settings/auth/configure/section.js        | 40 +++++++++++++
 ui/app/services/path-help.js                  | 10 ++--
 ui/app/utils/openapi-to-attrs.js              |  1 +
 5 files changed, 82 insertions(+), 34 deletions(-)

diff --git a/ui/app/adapters/auth-config/ldap.js b/ui/app/adapters/auth-config/ldap.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/ldap.js
+++ b/ui/app/adapters/auth-config/ldap.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/ldap.js b/ui/app/models/auth-config/ldap.js
index 9bb4a14491e3..1151f815c542 100644
--- a/ui/app/models/auth-config/ldap.js
+++ b/ui/app/models/auth-config/ldap.js
@@ -8,68 +8,68 @@ const { attr } = DS;
 
 export default AuthConfig.extend({
   url: attr('string', {
-    label: 'URL',
+    // label: 'URL',
   }),
   starttls: attr('boolean', {
-    defaultValue: false,
-    label: 'Issue StartTLS command after establishing an unencrypted connection',
+    // defaultValue: false,
+    // label: 'Issue StartTLS command after establishing an unencrypted connection',
   }),
   tlsMinVersion: attr('string', {
-    label: 'Minimum TLS Version',
-    defaultValue: 'tls12',
+    // label: 'Minimum TLS Version',
+    // defaultValue: 'tls12',
     possibleValues: ['tls10', 'tls11', 'tls12'],
   }),
 
   tlsMaxVersion: attr('string', {
-    label: 'Maximum TLS Version',
-    defaultValue: 'tls12',
+    // label: 'Maximum TLS Version',
+    // defaultValue: 'tls12',
     possibleValues: ['tls10', 'tls11', 'tls12'],
   }),
   insecureTls: attr('boolean', {
-    defaultValue: false,
-    label: 'Skip LDAP server SSL certificate verification',
+    // defaultValue: false,
+    // label: 'Skip LDAP server SSL certificate verification',
   }),
   certificate: attr('string', {
-    label: 'CA certificate to verify LDAP server certificate',
+    // label: 'CA certificate to verify LDAP server certificate',
     editType: 'file',
   }),
 
   binddn: attr('string', {
-    label: 'Name of Object to bind (binddn)',
+    // label: 'Name of Object to bind (binddn)',
     helpText: 'Used when performing user search. Example: cn=vault,ou=Users,dc=example,dc=com',
   }),
   bindpass: attr('string', {
-    label: 'Password',
+    // label: 'Password',
     helpText: 'Used along with binddn when performing user search',
     sensitive: true,
   }),
 
   userdn: attr('string', {
-    label: 'User DN',
+    // label: 'User DN',
     helpText: 'Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com',
   }),
   userattr: attr('string', {
-    label: 'User Attribute',
-    defaultValue: 'cn',
+    // label: 'User Attribute',
+    // defaultValue: 'cn',
     helpText:
       'Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid',
   }),
-  discoverdn: attr('boolean', {
-    defaultValue: false,
-    label: 'Use anonymous bind to discover the bind DN of a user',
-  }),
-  denyNullBind: attr('boolean', {
-    defaultValue: true,
-    label: 'Prevent users from bypassing authentication when providing an empty password',
-  }),
+  // discoverdn: attr('boolean', {
+  //   // defaultValue: false,
+  //   // label: 'Use anonymous bind to discover the bind DN of a user',
+  // }),
+  // denyNullBind: attr('boolean', {
+  //   // defaultValue: true,
+  //   // label: 'Prevent users from bypassing authentication when providing an empty password',
+  // }),
   upndomain: attr('string', {
-    label: 'User Principal (UPN) Domain',
+    // label: 'User Principal (UPN) Domain',
     helpText:
       'The userPrincipalDomain used to construct the UPN string for the authenticating user. The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com.',
   }),
 
   groupfilter: attr('string', {
-    label: 'Group Filter',
+    // label: 'Group Filter',
     helpText:
       'Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas. To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))',
   }),
@@ -79,15 +79,15 @@ export default AuthConfig.extend({
       'LDAP search base for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com',
   }),
   groupattr: attr('string', {
-    label: 'Group Attribute',
-    defaultValue: 'cn',
+    // label: 'Group Attribute',
+    // defaultValue: 'cn',
 
     helpText:
       'LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership. Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.',
   }),
   useTokenGroups: attr('boolean', {
-    defaultValue: false,
-    label: 'Use Token Groups',
+    // defaultValue: false,
+    // label: 'Use Token Groups',
     helpText:
       'Use the Active Directory tokenGroups constructed attribute to find the group memberships. This returns all security groups for the user, including nested groups. In an Active Directory environment with a large number of groups this method offers increased performance. Selecting this will cause Group DN, Attribute, and Filter to be ignored.',
   }),
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index cc7c358d0992..95c982c8a0ef 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -4,10 +4,14 @@ import Route from '@ember/routing/route';
 import RSVP from 'rsvp';
 import DS from 'ember-data';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
+import { getOwner } from '@ember/application';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   modelPath: 'model.model',
   wizard: service(),
+  pathHelp: service('path-help'),
+
   modelType(backendType, section) {
     const MODELS = {
       'aws-client': 'auth-config/aws/client',
@@ -25,6 +29,42 @@ export default Route.extend(UnloadModelRoute, {
     return MODELS[`${backendType}-${section}`];
   },
 
+  beforeModel() {
+    const { section_name } = this.paramsFor(this.routeName);
+    return this.buildModel(section_name);
+  },
+
+  buildModel(section) {
+    const { method } = this.paramsFor('vault.cluster.settings.auth.configure');
+    let modelType = this.modelType(method, section);
+
+    let name = `model:${modelType}`;
+    let owner = getOwner(this);
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || newModel.useOpenAPI === false) {
+      return RSVP.resolve();
+    }
+
+    return this.pathHelp
+      .getProps(modelType, method)
+      .then(props => {
+        if (owner.hasRegistration(name) && !newModel.merged) {
+          //combine them
+          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+          newModel = newModel.extend(attrs, { newFields });
+        } else {
+          //generate a whole new model
+        }
+        newModel.reopenClass({ merged: true });
+        owner.unregister(name);
+        owner.register(name, newModel);
+        debugger; //eslint-disable-line
+      })
+      .catch(e => {
+        debugger; //eslint-disable-line
+      });
+  },
+
   model(params) {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const { section_name: section } = params;
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index c92037617d03..e17d77cfdf94 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -23,7 +23,10 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    const authMethods = ['auth-config/ldap'];
+    let helpUrl = authMethods.includes(modelType)
+      ? `/v1/auth/${backend}/${path}?help=1`
+      : `/v1/${backend}/${path}/example?help=1`;
     let wildcard;
     switch (path) {
       case 'roles':
@@ -47,9 +50,8 @@ export default Service.extend({
     }
 
     return this.ajax(helpUrl, backend).then(help => {
-      let props =
-        help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
-          .properties;
+      let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
+      let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
     });
   },
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 3c5a83ead543..86ed8750d87d 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -33,6 +33,7 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
     }
   }
+  debugger; //eslint-disable-line
   return attrs;
 };
 

From 7d4eb59db32995f7cd6474b91975fe3c911158dc Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Wed, 30 Jan 2019 14:31:01 -0800
Subject: [PATCH 29/84] finish ldap auth and handle url building for auth
 configs

---
 ui/app/adapters/auth-config/ldap.js           |  7 ++-
 ui/app/models/auth-config/ldap.js             | 58 +++++++++----------
 .../settings/auth/configure/section.js        | 40 +++++++++++++
 ui/app/services/path-help.js                  | 10 ++--
 ui/app/utils/openapi-to-attrs.js              |  1 +
 5 files changed, 82 insertions(+), 34 deletions(-)

diff --git a/ui/app/adapters/auth-config/ldap.js b/ui/app/adapters/auth-config/ldap.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/ldap.js
+++ b/ui/app/adapters/auth-config/ldap.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/ldap.js b/ui/app/models/auth-config/ldap.js
index 9bb4a14491e3..1151f815c542 100644
--- a/ui/app/models/auth-config/ldap.js
+++ b/ui/app/models/auth-config/ldap.js
@@ -8,68 +8,68 @@ const { attr } = DS;
 
 export default AuthConfig.extend({
   url: attr('string', {
-    label: 'URL',
+    // label: 'URL',
   }),
   starttls: attr('boolean', {
-    defaultValue: false,
-    label: 'Issue StartTLS command after establishing an unencrypted connection',
+    // defaultValue: false,
+    // label: 'Issue StartTLS command after establishing an unencrypted connection',
   }),
   tlsMinVersion: attr('string', {
-    label: 'Minimum TLS Version',
-    defaultValue: 'tls12',
+    // label: 'Minimum TLS Version',
+    // defaultValue: 'tls12',
     possibleValues: ['tls10', 'tls11', 'tls12'],
   }),
 
   tlsMaxVersion: attr('string', {
-    label: 'Maximum TLS Version',
-    defaultValue: 'tls12',
+    // label: 'Maximum TLS Version',
+    // defaultValue: 'tls12',
     possibleValues: ['tls10', 'tls11', 'tls12'],
   }),
   insecureTls: attr('boolean', {
-    defaultValue: false,
-    label: 'Skip LDAP server SSL certificate verification',
+    // defaultValue: false,
+    // label: 'Skip LDAP server SSL certificate verification',
   }),
   certificate: attr('string', {
-    label: 'CA certificate to verify LDAP server certificate',
+    // label: 'CA certificate to verify LDAP server certificate',
     editType: 'file',
   }),
 
   binddn: attr('string', {
-    label: 'Name of Object to bind (binddn)',
+    // label: 'Name of Object to bind (binddn)',
     helpText: 'Used when performing user search. Example: cn=vault,ou=Users,dc=example,dc=com',
   }),
   bindpass: attr('string', {
-    label: 'Password',
+    // label: 'Password',
     helpText: 'Used along with binddn when performing user search',
     sensitive: true,
   }),
 
   userdn: attr('string', {
-    label: 'User DN',
+    // label: 'User DN',
     helpText: 'Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com',
   }),
   userattr: attr('string', {
-    label: 'User Attribute',
-    defaultValue: 'cn',
+    // label: 'User Attribute',
+    // defaultValue: 'cn',
     helpText:
       'Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid',
   }),
-  discoverdn: attr('boolean', {
-    defaultValue: false,
-    label: 'Use anonymous bind to discover the bind DN of a user',
-  }),
-  denyNullBind: attr('boolean', {
-    defaultValue: true,
-    label: 'Prevent users from bypassing authentication when providing an empty password',
-  }),
+  // discoverdn: attr('boolean', {
+  //   // defaultValue: false,
+  //   // label: 'Use anonymous bind to discover the bind DN of a user',
+  // }),
+  // denyNullBind: attr('boolean', {
+  //   // defaultValue: true,
+  //   // label: 'Prevent users from bypassing authentication when providing an empty password',
+  // }),
   upndomain: attr('string', {
-    label: 'User Principal (UPN) Domain',
+    // label: 'User Principal (UPN) Domain',
     helpText:
       'The userPrincipalDomain used to construct the UPN string for the authenticating user. The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com.',
   }),
 
   groupfilter: attr('string', {
-    label: 'Group Filter',
+    // label: 'Group Filter',
     helpText:
       'Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas. To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))',
   }),
@@ -79,15 +79,15 @@ export default AuthConfig.extend({
       'LDAP search base for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com',
   }),
   groupattr: attr('string', {
-    label: 'Group Attribute',
-    defaultValue: 'cn',
+    // label: 'Group Attribute',
+    // defaultValue: 'cn',
 
     helpText:
       'LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership. Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.',
   }),
   useTokenGroups: attr('boolean', {
-    defaultValue: false,
-    label: 'Use Token Groups',
+    // defaultValue: false,
+    // label: 'Use Token Groups',
     helpText:
       'Use the Active Directory tokenGroups constructed attribute to find the group memberships. This returns all security groups for the user, including nested groups. In an Active Directory environment with a large number of groups this method offers increased performance. Selecting this will cause Group DN, Attribute, and Filter to be ignored.',
   }),
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index cc7c358d0992..95c982c8a0ef 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -4,10 +4,14 @@ import Route from '@ember/routing/route';
 import RSVP from 'rsvp';
 import DS from 'ember-data';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
+import { getOwner } from '@ember/application';
+import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   modelPath: 'model.model',
   wizard: service(),
+  pathHelp: service('path-help'),
+
   modelType(backendType, section) {
     const MODELS = {
       'aws-client': 'auth-config/aws/client',
@@ -25,6 +29,42 @@ export default Route.extend(UnloadModelRoute, {
     return MODELS[`${backendType}-${section}`];
   },
 
+  beforeModel() {
+    const { section_name } = this.paramsFor(this.routeName);
+    return this.buildModel(section_name);
+  },
+
+  buildModel(section) {
+    const { method } = this.paramsFor('vault.cluster.settings.auth.configure');
+    let modelType = this.modelType(method, section);
+
+    let name = `model:${modelType}`;
+    let owner = getOwner(this);
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || newModel.useOpenAPI === false) {
+      return RSVP.resolve();
+    }
+
+    return this.pathHelp
+      .getProps(modelType, method)
+      .then(props => {
+        if (owner.hasRegistration(name) && !newModel.merged) {
+          //combine them
+          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+          newModel = newModel.extend(attrs, { newFields });
+        } else {
+          //generate a whole new model
+        }
+        newModel.reopenClass({ merged: true });
+        owner.unregister(name);
+        owner.register(name, newModel);
+        debugger; //eslint-disable-line
+      })
+      .catch(e => {
+        debugger; //eslint-disable-line
+      });
+  },
+
   model(params) {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const { section_name: section } = params;
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index c92037617d03..e17d77cfdf94 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -23,7 +23,10 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    let helpUrl = `/v1/${backend}/${path}/example?help=1`;
+    const authMethods = ['auth-config/ldap'];
+    let helpUrl = authMethods.includes(modelType)
+      ? `/v1/auth/${backend}/${path}?help=1`
+      : `/v1/${backend}/${path}/example?help=1`;
     let wildcard;
     switch (path) {
       case 'roles':
@@ -47,9 +50,8 @@ export default Service.extend({
     }
 
     return this.ajax(helpUrl, backend).then(help => {
-      let props =
-        help.openapi.paths[`/${path}/{${wildcard}}`].post.requestBody.content['application/json'].schema
-          .properties;
+      let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
+      let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
     });
   },
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 3c5a83ead543..86ed8750d87d 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -33,6 +33,7 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
     }
   }
+  debugger; //eslint-disable-line
   return attrs;
 };
 

From aacf42c58f33f52af205caf0f5b9b117ec18d1fd Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 31 Jan 2019 10:48:14 -0800
Subject: [PATCH 30/84] add github auth backend

---
 builtin/credential/github/path_config.go      | 12 +++++++++
 ui/app/adapters/auth-config/github.js         |  7 ++++-
 ui/app/models/auth-config/github.js           | 27 ++++++++++++++++---
 .../settings/auth/configure/section.js        |  2 +-
 ui/app/services/path-help.js                  |  2 +-
 ui/app/utils/openapi-to-attrs.js              |  2 +-
 6 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go
index 93c8ef7c8cb8..1f6c545e78e0 100644
--- a/builtin/credential/github/path_config.go
+++ b/builtin/credential/github/path_config.go
@@ -18,6 +18,7 @@ func pathConfig(b *backend) *framework.Path {
 			"organization": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "The organization users must be part of",
+				DisplayName: "Organization",
 			},
 
 			"base_url": &framework.FieldSchema{
@@ -25,6 +26,17 @@ func pathConfig(b *backend) *framework.Path {
 				Description: `The API endpoint to use. Useful if you
 are running GitHub Enterprise or an
 API-compatible authentication server.`,
+				DisplayName: "Base URL",
+			},
+			"ttl": &framework.FieldSchema{
+				Type:        framework.TypeString,
+				Description: `Duration after which authentication will be expired`,
+				DisplayName: "TTL",
+			},
+			"max_ttl": &framework.FieldSchema{
+				Type:        framework.TypeString,
+				Description: `Maximum duration after which authentication will be expired`,
+				DisplayName: "Max TTL",
 			},
 		},
 
diff --git a/ui/app/adapters/auth-config/github.js b/ui/app/adapters/auth-config/github.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/github.js
+++ b/ui/app/adapters/auth-config/github.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/github.js b/ui/app/models/auth-config/github.js
index 0c54653836d6..e14e80fbac48 100644
--- a/ui/app/models/auth-config/github.js
+++ b/ui/app/models/auth-config/github.js
@@ -1,6 +1,5 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
@@ -12,14 +11,36 @@ export default AuthConfig.extend({
     label: 'Base URL',
   }),
 
-  fieldGroups: computed(function() {
+  fieldDefinition: computed('newFields', function() {
     const groups = [
       { default: ['organization'] },
       {
         'GitHub Options': ['baseUrl'],
       },
     ];
+    if (this.newFields) {
+      let allFields = [];
+      for (let group in groups) {
+        const type = Object.keys(groups[group])[0];
+        const field = groups[group][type];
+        allFields = allFields.concat(field);
+      }
+      let otherFields = this.newFields.filter(field => {
+        return !allFields.includes(field);
+      });
+      if (otherFields.length) {
+        Object.assign(groups[0].default, groups[0].default.concat(otherFields));
+      }
+    }
+
+    return groups;
+  }),
 
-    return fieldToAttrs(this, groups);
+  fieldGroups: computed('fieldDefinition', function() {
+    return this.fieldsToAttrs(this.get('fieldDefinition'));
   }),
+
+  fieldsToAttrs(fieldGroups) {
+    return fieldToAttrs(this, fieldGroups);
+  },
 });
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 95c982c8a0ef..0ef5722d9de1 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -55,10 +55,10 @@ export default Route.extend(UnloadModelRoute, {
         } else {
           //generate a whole new model
         }
+
         newModel.reopenClass({ merged: true });
         owner.unregister(name);
         owner.register(name, newModel);
-        debugger; //eslint-disable-line
       })
       .catch(e => {
         debugger; //eslint-disable-line
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e17d77cfdf94..0e2f9adb1f75 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -23,7 +23,7 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    const authMethods = ['auth-config/ldap'];
+    const authMethods = ['auth-config/ldap', 'auth-config/github'];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`
       : `/v1/${backend}/${path}/example?help=1`;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 86ed8750d87d..05b33f1b8cab 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -33,7 +33,7 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
     }
   }
-  debugger; //eslint-disable-line
+
   return attrs;
 };
 

From 9ce52292c750f2ca4a45a7dc504ad6fbc19f0674 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 31 Jan 2019 13:58:36 -0500
Subject: [PATCH 31/84] create utils for combining fields and fieldGroups to
 reuse in models

---
 ui/app/models/auth-config/ldap.js     | 55 +++----------------------
 ui/app/models/pki-certificate-sign.js |  7 +++-
 ui/app/models/pki-certificate.js      | 58 ++-------------------------
 ui/app/models/role-pki.js             | 33 ++-------------
 ui/app/services/path-help.js          |  1 +
 ui/app/utils/openapi-to-attrs.js      | 36 +++++++++++++++--
 6 files changed, 52 insertions(+), 138 deletions(-)

diff --git a/ui/app/models/auth-config/ldap.js b/ui/app/models/auth-config/ldap.js
index 1151f815c542..4a8ec9b2f8ae 100644
--- a/ui/app/models/auth-config/ldap.js
+++ b/ui/app/models/auth-config/ldap.js
@@ -3,97 +3,49 @@ import DS from 'ember-data';
 
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
-  url: attr('string', {
-    // label: 'URL',
-  }),
-  starttls: attr('boolean', {
-    // defaultValue: false,
-    // label: 'Issue StartTLS command after establishing an unencrypted connection',
-  }),
-  tlsMinVersion: attr('string', {
-    // label: 'Minimum TLS Version',
-    // defaultValue: 'tls12',
-    possibleValues: ['tls10', 'tls11', 'tls12'],
-  }),
-
-  tlsMaxVersion: attr('string', {
-    // label: 'Maximum TLS Version',
-    // defaultValue: 'tls12',
-    possibleValues: ['tls10', 'tls11', 'tls12'],
-  }),
-  insecureTls: attr('boolean', {
-    // defaultValue: false,
-    // label: 'Skip LDAP server SSL certificate verification',
-  }),
-  certificate: attr('string', {
-    // label: 'CA certificate to verify LDAP server certificate',
-    editType: 'file',
-  }),
-
   binddn: attr('string', {
-    // label: 'Name of Object to bind (binddn)',
     helpText: 'Used when performing user search. Example: cn=vault,ou=Users,dc=example,dc=com',
   }),
   bindpass: attr('string', {
-    // label: 'Password',
     helpText: 'Used along with binddn when performing user search',
     sensitive: true,
   }),
-
   userdn: attr('string', {
-    // label: 'User DN',
     helpText: 'Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com',
   }),
   userattr: attr('string', {
-    // label: 'User Attribute',
-    // defaultValue: 'cn',
     helpText:
       'Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid',
   }),
-  // discoverdn: attr('boolean', {
-  //   // defaultValue: false,
-  //   // label: 'Use anonymous bind to discover the bind DN of a user',
-  // }),
-  // denyNullBind: attr('boolean', {
-  //   // defaultValue: true,
-  //   // label: 'Prevent users from bypassing authentication when providing an empty password',
-  // }),
   upndomain: attr('string', {
-    // label: 'User Principal (UPN) Domain',
     helpText:
       'The userPrincipalDomain used to construct the UPN string for the authenticating user. The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com.',
   }),
 
   groupfilter: attr('string', {
-    // label: 'Group Filter',
     helpText:
       'Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas. To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))',
   }),
   groupdn: attr('string', {
-    label: 'Group DN',
     helpText:
       'LDAP search base for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com',
   }),
   groupattr: attr('string', {
-    // label: 'Group Attribute',
-    // defaultValue: 'cn',
-
     helpText:
       'LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership. Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.',
   }),
   useTokenGroups: attr('boolean', {
-    // defaultValue: false,
-    // label: 'Use Token Groups',
     helpText:
       'Use the Active Directory tokenGroups constructed attribute to find the group memberships. This returns all security groups for the user, including nested groups. In an Active Directory environment with a large number of groups this method offers increased performance. Selecting this will cause Group DN, Attribute, and Filter to be ignored.',
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['url'],
       },
@@ -117,6 +69,9 @@ export default AuthConfig.extend({
         'Customize Group Membership Search': ['groupfilter', 'groupattr', 'groupdn', 'useTokenGroups'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/pki-certificate-sign.js b/ui/app/models/pki-certificate-sign.js
index 58bf2c35be76..c8e4db45225d 100644
--- a/ui/app/models/pki-certificate-sign.js
+++ b/ui/app/models/pki-certificate-sign.js
@@ -2,7 +2,7 @@ import { copy } from 'ember-copy';
 import { computed } from '@ember/object';
 import DS from 'ember-data';
 import Certificate from './pki-certificate';
-
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default Certificate.extend({
@@ -18,11 +18,14 @@ export default Certificate.extend({
 
   fieldGroups: computed('signVerbatim', function() {
     const options = { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] };
-    const groups = [
+    let groups = [
       {
         default: ['csr', 'commonName', 'format', 'signVerbatim'],
       },
     ];
+    if (this.newFields.length) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
     if (this.get('signVerbatim') === false) {
       groups.push(options);
     }
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 70b38fcfa1fe..4a9653100a2c 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -3,6 +3,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
 import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
@@ -30,73 +31,22 @@ export default DS.Model.extend({
   role: attr('object', {
     readOnly: true,
   }),
-
-  // revocationTime: attr('number'),
-  // commonName: attr('string', {
-  //   label: 'Common Name',
-  // }),
-
-  // altNames: attr('string', {
-  //   label: 'DNS/Email Subject Alternative Names (SANs)',
-  // }),
-
-  // ipSans: attr('string', {
-  //   label: 'IP Subject Alternative Names (SANs)',
-  // }),
   otherSans: attr({
-    // editType: 'stringArray',
-    // label: 'Other SANs',
     helpText:
       'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
   }),
 
-  // ttl: attr({
-  //   label: 'TTL',
-  //   editType: 'ttl',
-  // }),
-
-  // format: attr('string', {
-  //   defaultValue: 'pem',
-  //   possibleValues: ['pem', 'der', 'pem_bundle'],
-  // }),
-
-  // excludeCnFromSans: attr('boolean', {
-  //   label: 'Exclude Common Name from Subject Alternative Names (SANs)',
-  //   defaultValue: false,
-  // }),
-
-  // certificate: attr('string'),
-  // issuingCa: attr('string', {
-  //   label: 'Issuing CA',
-  // }),
-  // caChain: attr('string', {
-  //   label: 'CA chain',
-  // }),
-  // privateKey: attr('string'),
-  // privateKeyType: attr('string'),
-  // serialNumber: attr('string'),
-
   fieldsToAttrs(fieldGroups) {
     return fieldToAttrs(this, fieldGroups);
   },
 
   fieldDefinition: computed('newFields', function() {
-    const groups = [
+    let groups = [
       { default: ['commonName', 'format'] },
       { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] },
     ];
-    if (this.newFields) {
-      let allFields = [];
-      for (let group in groups) {
-        let type = Object.keys(groups[group])[0];
-        allFields.concat(groups[group]);
-      }
-      let otherFields = this.newFields.filter(field => {
-        !allFields.includes(field);
-      });
-      if (otherFields.length) {
-        groups.default.concat(otherFields);
-      }
+    if (this.newFields.length) {
+      groups = combineFieldGroups(groups, this.newFields, []);
     }
     return groups;
   }),
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 912c240d8e74..c167ab694539 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -3,7 +3,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
-
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default DS.Model.extend({
@@ -31,7 +31,7 @@ export default DS.Model.extend({
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
   fieldGroups: computed('backend', 'merged', function() {
-    const groups = [
+    let groups = [
       { default: ['name', 'keyType'] },
       {
         Options: [
@@ -77,34 +77,9 @@ export default DS.Model.extend({
       },
     ];
     let excludedFields = ['extKeyUsage'];
-    if (this.newFields) {
-      let allFields = [];
-      for (let group in groups) {
-        let fieldName = Object.keys(groups[group])[0];
-        allFields.concat(groups[group][fieldName]);
-      }
-      let otherFields = this.newFields.filter(field => {
-        !allFields.includes(field) && !excludedFields.includes(field);
-      });
-      if (otherFields.length) {
-        groups.default.concat(otherFields);
-      }
-    }
-
-    if (this.newFields) {
-      let allFields = [];
-      for (let group in groups) {
-        let fieldName = Object.keys(groups[group])[0];
-        allFields.concat(groups[group][fieldName]);
-      }
-      let otherFields = this.newFields.filter(field => {
-        !allFields.includes(field);
-      });
-      if (otherFields.length) {
-        groups.default.concat(otherFields);
-      }
+    if (this.newFields.length) {
+      groups = combineFieldGroups(groups, this.newFields, excludedFields);
     }
-
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index e17d77cfdf94..0d33b0c53385 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -50,6 +50,7 @@ export default Service.extend({
     }
 
     return this.ajax(helpUrl, backend).then(help => {
+      debugger; //eslint-disable-line
       let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
       let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 86ed8750d87d..1ca8618ad8b6 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -4,10 +4,14 @@ import { assign } from '@ember/polyfills';
 import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 
 export const expandOpenApiProps = function(props) {
+  debugger; //eslint-disable-line
   let attrs = {};
   // expand all attributes
   for (let prop in props) {
     let details = props[prop];
+    if (details.deprecated === true) {
+      continue;
+    }
     if (details.type === 'integer') {
       details.type = 'number';
     }
@@ -17,12 +21,10 @@ export const expandOpenApiProps = function(props) {
     } else if (details.items) {
       editType = details.items.type + details.type.capitalize();
     }
-
     attrs[prop.camelize()] = {
       editType: editType,
       type: details.type,
     };
-
     if (details['x-vault-displayName']) {
       attrs[prop.camelize()].label = details['x-vault-displayName'];
     }
@@ -33,7 +35,6 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
     }
   }
-  debugger; //eslint-disable-line
   return attrs;
 };
 
@@ -57,3 +58,32 @@ export const combineAttributes = function(oldAttrs, newProps) {
   }
   return { attrs: newAttrs, newFields };
 };
+
+export const combineFields = function(currentFields, newFields, excludedFields) {
+  let allFields = [];
+  for (let group in currentGroups) {
+    let fieldName = Object.keys(groups[group])[0];
+    allFields.concat(groups[group][fieldName]);
+  }
+  let otherFields = newFields.filter(field => {
+    !allFields.includes(field) && !excludedFields.includes(field);
+  });
+  if (otherFields.length) {
+    groups.default.concat(otherFields);
+  }
+};
+
+export const combineFieldGroups = function(currentGroups, newFields, excludedFields) {
+  let allFields = [];
+  for (let group of currentGroups) {
+    let fieldName = Object.keys(group)[0];
+    allFields = allFields.concat(group[fieldName]);
+  }
+  let otherFields = newFields.filter(field => {
+    !allFields.includes(field) && !excludedFields.includes(field);
+  });
+  if (otherFields.length) {
+    currentGroups.default = currentGroups.default.concat(otherFields);
+  }
+  return currentGroups;
+};

From cbd08f1462df8aa05563e40c57fa7f504da0c8b4 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 31 Jan 2019 11:10:57 -0800
Subject: [PATCH 32/84] fix combineFieldGroups util

---
 ui/app/models/auth-config/github.js | 28 +++++-----------------------
 ui/app/utils/openapi-to-attrs.js    |  6 +++---
 2 files changed, 8 insertions(+), 26 deletions(-)

diff --git a/ui/app/models/auth-config/github.js b/ui/app/models/auth-config/github.js
index e14e80fbac48..76d050b3aa47 100644
--- a/ui/app/models/auth-config/github.js
+++ b/ui/app/models/auth-config/github.js
@@ -2,6 +2,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
@@ -11,36 +12,17 @@ export default AuthConfig.extend({
     label: 'Base URL',
   }),
 
-  fieldDefinition: computed('newFields', function() {
-    const groups = [
+  fieldGroups: computed(function() {
+    let groups = [
       { default: ['organization'] },
       {
         'GitHub Options': ['baseUrl'],
       },
     ];
     if (this.newFields) {
-      let allFields = [];
-      for (let group in groups) {
-        const type = Object.keys(groups[group])[0];
-        const field = groups[group][type];
-        allFields = allFields.concat(field);
-      }
-      let otherFields = this.newFields.filter(field => {
-        return !allFields.includes(field);
-      });
-      if (otherFields.length) {
-        Object.assign(groups[0].default, groups[0].default.concat(otherFields));
-      }
+      groups = combineFieldGroups(groups, this.newFields, []);
     }
 
-    return groups;
+    return fieldToAttrs(this, groups);
   }),
-
-  fieldGroups: computed('fieldDefinition', function() {
-    return this.fieldsToAttrs(this.get('fieldDefinition'));
-  }),
-
-  fieldsToAttrs(fieldGroups) {
-    return fieldToAttrs(this, fieldGroups);
-  },
 });
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 1ca8618ad8b6..fd7b54293535 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -4,7 +4,6 @@ import { assign } from '@ember/polyfills';
 import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 
 export const expandOpenApiProps = function(props) {
-  debugger; //eslint-disable-line
   let attrs = {};
   // expand all attributes
   for (let prop in props) {
@@ -80,10 +79,11 @@ export const combineFieldGroups = function(currentGroups, newFields, excludedFie
     allFields = allFields.concat(group[fieldName]);
   }
   let otherFields = newFields.filter(field => {
-    !allFields.includes(field) && !excludedFields.includes(field);
+    return !allFields.includes(field) && !excludedFields.includes(field);
   });
   if (otherFields.length) {
-    currentGroups.default = currentGroups.default.concat(otherFields);
+    currentGroups[0].default = currentGroups[0].default.concat(otherFields);
   }
+
   return currentGroups;
 };

From 743c1ca8e5f4a3a686277cd35f42cd34c599c51d Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 31 Jan 2019 17:02:27 -0500
Subject: [PATCH 33/84] create newModel generator in pathHelp so we minimize
 duplicated code in routes

---
 .../cluster/secrets/backend/secret-edit.js    | 25 +------------
 .../settings/auth/configure/section.js        | 36 +++----------------
 ui/app/services/path-help.js                  | 25 +++++++++++--
 ui/app/utils/openapi-to-attrs.js              |  1 +
 4 files changed, 30 insertions(+), 57 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 06f928e43f86..517e64d7e6b0 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -57,31 +57,8 @@ export default Route.extend(UnloadModelRoute, {
     if (modelType in ['secret', 'secret-v2']) {
       return;
     }
-    let name = `model:${modelType}`;
     let owner = getOwner(this);
-    let newModel = owner.factoryFor(name).class;
-    if (newModel.merged || newModel.useOpenAPI === false) {
-      return resolve();
-    }
-
-    return this.pathHelp
-      .getProps(modelType, backend)
-      .then(props => {
-        if (owner.hasRegistration(name) && !newModel.merged) {
-          //combine them
-          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
-          newModel = newModel.extend(attrs, { newFields });
-        } else {
-          //generate a whole new model
-        }
-        newModel.reopenClass({ merged: true });
-        owner.unregister(name);
-        owner.register(name, newModel);
-        debugger; //eslint-disable-line
-      })
-      .catch(e => {
-        debugger; //eslint-disable-line
-      });
+    return this.pathHelp.getNewModel(modelType, backend, owner);
   },
 
   modelType(backend, secret) {
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 0ef5722d9de1..5e8a56938c37 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -5,7 +5,6 @@ import RSVP from 'rsvp';
 import DS from 'ember-data';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
 import { getOwner } from '@ember/application';
-import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   modelPath: 'model.model',
@@ -31,38 +30,13 @@ export default Route.extend(UnloadModelRoute, {
 
   beforeModel() {
     const { section_name } = this.paramsFor(this.routeName);
-    return this.buildModel(section_name);
-  },
-
-  buildModel(section) {
+    if (section_name === 'options') {
+      return;
+    }
     const { method } = this.paramsFor('vault.cluster.settings.auth.configure');
-    let modelType = this.modelType(method, section);
-
-    let name = `model:${modelType}`;
+    let modelType = this.modelType(method, section_name);
     let owner = getOwner(this);
-    let newModel = owner.factoryFor(name).class;
-    if (newModel.merged || newModel.useOpenAPI === false) {
-      return RSVP.resolve();
-    }
-
-    return this.pathHelp
-      .getProps(modelType, method)
-      .then(props => {
-        if (owner.hasRegistration(name) && !newModel.merged) {
-          //combine them
-          let { attrs, newFields } = combineAttributes(newModel.attributes, props);
-          newModel = newModel.extend(attrs, { newFields });
-        } else {
-          //generate a whole new model
-        }
-
-        newModel.reopenClass({ merged: true });
-        owner.unregister(name);
-        owner.register(name, newModel);
-      })
-      .catch(e => {
-        debugger; //eslint-disable-line
-      });
+    return this.pathHelp.getNewModel(modelType, method, owner);
   },
 
   model(params) {
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index af5d550a84fe..28e5ef4aec79 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -3,7 +3,7 @@
 import Service from '@ember/service';
 
 import { getOwner } from '@ember/application';
-import { expandOpenApiProps } from 'vault/utils/openapi-to-attrs';
+import { expandOpenApiProps, combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export function sanitizePath(path) {
   //remove whitespace + remove trailing and leading slashes
@@ -20,6 +20,28 @@ export default Service.extend({
     });
   },
 
+  getNewModel(modelType, backend, owner) {
+    let name = `model:${modelType}`;
+    let newModel = owner.factoryFor(name).class;
+    debugger; //eslint-disable-line
+    if (newModel.merged || newModel.useOpenAPI === false) {
+      return RSVP.resolve();
+    }
+
+    return this.getProps(modelType, backend).then(props => {
+      if (owner.hasRegistration(name) && !newModel.merged) {
+        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        newModel = newModel.extend(attrs, { newFields });
+      } else {
+        //generate a whole new model
+      }
+
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
+    });
+  },
+
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
@@ -50,7 +72,6 @@ export default Service.extend({
     }
 
     return this.ajax(helpUrl, backend).then(help => {
-      debugger; //eslint-disable-line
       let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
       let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index fd7b54293535..334dd9004802 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -55,6 +55,7 @@ export const combineAttributes = function(oldAttrs, newProps) {
       newFields.push(prop);
     }
   }
+  debugger; //eslint-disable-line
   return { attrs: newAttrs, newFields };
 };
 

From ebfe43ec6635bc2485094bd09ece4a261bdd9c00 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 31 Jan 2019 17:10:45 -0500
Subject: [PATCH 34/84] use getNewModel for credentials, clean up secret-edit

---
 .../cluster/secrets/backend/credentials.js    | 21 +------------------
 .../cluster/secrets/backend/secret-edit.js    |  1 -
 ui/app/services/path-help.js                  |  4 ++--
 3 files changed, 3 insertions(+), 23 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 80fa4ec0c531..5dc93351a8f0 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -2,7 +2,6 @@ import { resolve } from 'rsvp';
 import Route from '@ember/routing/route';
 import { getOwner } from '@ember/application';
 import { inject as service } from '@ember/service';
-import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 const SUPPORTED_DYNAMIC_BACKENDS = ['ssh', 'aws', 'pki'];
 
@@ -25,28 +24,10 @@ export default Route.extend({
 
   beforeModel() {
     const { action } = this.paramsFor(this.routeName);
-    return this.buildModel(action);
-  },
-
-  buildModel(action) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(action);
-    let name = `model:${modelType}`;
     let owner = getOwner(this);
-    return this.pathHelp.getProps(modelType, backend).then(props => {
-      let newModel = owner.factoryFor(name).class;
-      if (owner.hasRegistration(name) && !newModel.merged) {
-        //combine them
-        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
-        debugger; //eslint-disable-line
-        newModel = newModel.extend(attrs, { newFields });
-      } else {
-        //generate a whole new model
-      }
-      newModel.reopenClass({ merged: true });
-      owner.unregister(name);
-      owner.register(name, newModel);
-    });
+    return this.pathHelp.getNewModel(modelType, backend, owner);
   },
 
   model(params) {
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 517e64d7e6b0..f7696b6a76cc 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -5,7 +5,6 @@ import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
 import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
-import { combineAttributes } from 'vault/utils/openapi-to-attrs';
 
 export default Route.extend(UnloadModelRoute, {
   pathHelp: service('path-help'),
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 28e5ef4aec79..887bd51acee1 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -4,6 +4,7 @@ import Service from '@ember/service';
 
 import { getOwner } from '@ember/application';
 import { expandOpenApiProps, combineAttributes } from 'vault/utils/openapi-to-attrs';
+import { resolve } from 'rsvp';
 
 export function sanitizePath(path) {
   //remove whitespace + remove trailing and leading slashes
@@ -23,9 +24,8 @@ export default Service.extend({
   getNewModel(modelType, backend, owner) {
     let name = `model:${modelType}`;
     let newModel = owner.factoryFor(name).class;
-    debugger; //eslint-disable-line
     if (newModel.merged || newModel.useOpenAPI === false) {
-      return RSVP.resolve();
+      return resolve();
     }
 
     return this.getProps(modelType, backend).then(props => {

From 66a17e1d480082a4ec2af3a18ff40b08323719ef Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 31 Jan 2019 15:09:32 -0800
Subject: [PATCH 35/84] add okta auth

---
 ui/app/adapters/auth-config/okta.js | 7 ++++++-
 ui/app/models/auth-config/okta.js   | 8 +++++++-
 ui/app/services/path-help.js        | 2 +-
 ui/app/utils/openapi-to-attrs.js    | 2 +-
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/ui/app/adapters/auth-config/okta.js b/ui/app/adapters/auth-config/okta.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/okta.js
+++ b/ui/app/adapters/auth-config/okta.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/okta.js b/ui/app/models/auth-config/okta.js
index 8796db7c5bf7..5ac1c49913fb 100644
--- a/ui/app/models/auth-config/okta.js
+++ b/ui/app/models/auth-config/okta.js
@@ -2,6 +2,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
@@ -26,8 +27,9 @@ export default AuthConfig.extend({
     helpText:
       "Useful if Vault's built-in MFA mechanisms. Will also cause certain other statuses to be ignored, such as PASSWORD_EXPIRED",
   }),
+
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['orgName'],
       },
@@ -35,6 +37,10 @@ export default AuthConfig.extend({
         Options: ['apiToken', 'baseUrl', 'bypassOktaMfa'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 887bd51acee1..f8a5d2a8c305 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -45,7 +45,7 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    const authMethods = ['auth-config/ldap', 'auth-config/github'];
+    const authMethods = ['auth-config/ldap', 'auth-config/github', 'auth-config/okta'];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`
       : `/v1/${backend}/${path}/example?help=1`;
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 334dd9004802..5d5110b980c9 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -55,7 +55,7 @@ export const combineAttributes = function(oldAttrs, newProps) {
       newFields.push(prop);
     }
   }
-  debugger; //eslint-disable-line
+
   return { attrs: newAttrs, newFields };
 };
 

From e9646049ad221e30babfc40c15479054c75ef175 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 31 Jan 2019 16:50:33 -0800
Subject: [PATCH 36/84] add okta fields to backend

---
 builtin/credential/okta/path_config.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go
index 4e4b6a7d912c..f6756145d095 100644
--- a/builtin/credential/okta/path_config.go
+++ b/builtin/credential/okta/path_config.go
@@ -24,30 +24,38 @@ func pathConfig(b *backend) *framework.Path {
 			"organization": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta organization to authenticate against. Use org_name instead.",
+				Deprecated:  true,
 			},
 			"org_name": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Name of the organization to be used in the Okta API.",
+				DisplayName: "Organization Name",
 			},
 			"token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "(DEPRECATED) Okta admin API token.  Use api_token instead.",
+				Deprecated:  true,
 			},
 			"api_token": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Okta API key.",
+				DisplayName: "API Token",
 			},
 			"base_url": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: `The base domain to use for the Okta API. When not specified in the configuration, "okta.com" is used.`,
+				DisplayName: "Base URL",
 			},
 			"production": &framework.FieldSchema{
 				Type:        framework.TypeBool,
 				Description: `(DEPRECATED) Use base_url.`,
+				Deprecated:  true,
 			},
 			"bypass_okta_mfa": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
+				Type:         framework.TypeBool,
+				Description:  `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
+				DisplayName:  "Bypass Okta MFA",
+				DisplayValue: false,
 			},
 		},
 

From e5bdd21c2bbbee6c4df31ccd565a85494c0addcd Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 31 Jan 2019 16:51:01 -0800
Subject: [PATCH 37/84] add DisplayName to included TokenFields

---
 helper/tokenhelper/tokenhelper.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/helper/tokenhelper/tokenhelper.go b/helper/tokenhelper/tokenhelper.go
index 5e8a24aac16d..a8ecec295fd0 100644
--- a/helper/tokenhelper/tokenhelper.go
+++ b/helper/tokenhelper/tokenhelper.go
@@ -64,41 +64,49 @@ func TokenFields() map[string]*framework.FieldSchema {
 		"bound_cidrs": &framework.FieldSchema{
 			Type:        framework.TypeCommaStringSlice,
 			Description: `Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.`,
+			DisplayName: "Bound CIDRs",
 		},
 
 		"explicit_max_ttl": &framework.FieldSchema{
 			Type:        framework.TypeDurationSecond,
 			Description: tokenExplicitMaxTTLHelp,
+			DisplayName: "Explicit Max TTL",
 		},
 
 		"max_ttl": &framework.FieldSchema{
 			Type:        framework.TypeDurationSecond,
 			Description: "The maximum lifetime of the generated token",
+			DisplayName: "Max TTL",
 		},
 
 		"no_default_policy": &framework.FieldSchema{
 			Type:        framework.TypeBool,
 			Description: "If true, the 'default' policy will not automatically be added to generated tokens",
+			DisplayName: "No Default Policy",
 		},
 
 		"period": &framework.FieldSchema{
 			Type:        framework.TypeDurationSecond,
 			Description: tokenPeriodHelp,
+			DisplayName: "Period",
 		},
 
 		"policies": &framework.FieldSchema{
 			Type:        framework.TypeCommaStringSlice,
 			Description: "Comma-separated list of policies",
+			DisplayName: "Policies",
 		},
 
 		"token_type": &framework.FieldSchema{
 			Type:        framework.TypeString,
 			Description: "The type of token to generate, service or batch",
+			DisplayName: "Token Type",
 		},
 
 		"ttl": &framework.FieldSchema{
 			Type:        framework.TypeDurationSecond,
 			Description: "The initial ttl of the token to generate",
+			DisplayName: "TTL",
 		},
 	}
 }

From b04ffd576a0b2a686091d2be19b129f06e76c22f Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 10:34:00 -0800
Subject: [PATCH 38/84] add radius backend

---
 builtin/credential/radius/path_config.go | 36 ++++++++++++++++--------
 ui/app/adapters/auth-config/radius.js    |  7 ++++-
 ui/app/models/auth-config/radius.js      |  7 ++++-
 ui/app/services/path-help.js             |  2 +-
 4 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/builtin/credential/radius/path_config.go b/builtin/credential/radius/path_config.go
index c99fb9508a8e..4c84c34642db 100644
--- a/builtin/credential/radius/path_config.go
+++ b/builtin/credential/radius/path_config.go
@@ -16,41 +16,53 @@ func pathConfig(b *backend) *framework.Path {
 			"host": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "RADIUS server host",
+				DisplayName: "Host",
 			},
 
 			"port": &framework.FieldSchema{
-				Type:        framework.TypeInt,
-				Default:     1812,
-				Description: "RADIUS server port (default: 1812)",
+				Type:         framework.TypeInt,
+				Default:      1812,
+				Description:  "RADIUS server port (default: 1812)",
+				DisplayName:  "Port",
+				DisplayValue: 1812,
 			},
 			"secret": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Description: "Secret shared with the RADIUS server",
+				DisplayName: "Secret",
 			},
 			"unregistered_user_policies": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "Comma-separated list of policies to grant upon successful RADIUS authentication of an unregisted user (default: emtpy)",
+				DisplayName: "Policies for unregistered users",
 			},
 			"dial_timeout": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     10,
-				Description: "Number of seconds before connect times out (default: 10)",
+				Type:         framework.TypeDurationSecond,
+				Default:      10,
+				Description:  "Number of seconds before connect times out (default: 10)",
+				DisplayName:  "Dial Timeout",
+				DisplayValue: 10,
 			},
 			"read_timeout": &framework.FieldSchema{
-				Type:        framework.TypeDurationSecond,
-				Default:     10,
-				Description: "Number of seconds before response times out (default: 10)",
+				Type:         framework.TypeDurationSecond,
+				Default:      10,
+				Description:  "Number of seconds before response times out (default: 10)",
+				DisplayName:  "Read Timeout",
+				DisplayValue: 10,
 			},
 			"nas_port": &framework.FieldSchema{
-				Type:        framework.TypeInt,
-				Default:     10,
-				Description: "RADIUS NAS port field (default: 10)",
+				Type:         framework.TypeInt,
+				Default:      10,
+				Description:  "RADIUS NAS port field (default: 10)",
+				DisplayName:  "NAS Port",
+				DisplayValue: 10,
 			},
 			"nas_identifier": &framework.FieldSchema{
 				Type:        framework.TypeString,
 				Default:     "",
 				Description: "RADIUS NAS Identifier field (optional)",
+				DisplayName: "NAS Identifier",
 			},
 		},
 
diff --git a/ui/app/adapters/auth-config/radius.js b/ui/app/adapters/auth-config/radius.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/radius.js
+++ b/ui/app/adapters/auth-config/radius.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index d88088a3f408..99d8fc52ab6e 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -1,6 +1,7 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
@@ -32,7 +33,7 @@ export default AuthConfig.extend({
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['host', 'secret'],
       },
@@ -40,6 +41,10 @@ export default AuthConfig.extend({
         'RADIUS Options': ['port', 'nasPort', 'nasIdentifier', 'dialTimeout', 'unregisteredUserPolicies'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index f8a5d2a8c305..59750a3ba411 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -45,7 +45,7 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    const authMethods = ['auth-config/ldap', 'auth-config/github', 'auth-config/okta'];
+    const authMethods = ['auth-config/ldap', 'auth-config/github', 'auth-config/okta', 'auth-config/radius'];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`
       : `/v1/${backend}/${path}/example?help=1`;

From 22b872b6a7abaeaaba090119b73715fbd97ee19a Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 10:51:14 -0800
Subject: [PATCH 39/84] add certs auth backend

---
 builtin/credential/cert/path_config.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/builtin/credential/cert/path_config.go b/builtin/credential/cert/path_config.go
index 514a65b49cf6..c9eed621c5ec 100644
--- a/builtin/credential/cert/path_config.go
+++ b/builtin/credential/cert/path_config.go
@@ -13,9 +13,11 @@ func pathConfig(b *backend) *framework.Path {
 		Pattern: "config",
 		Fields: map[string]*framework.FieldSchema{
 			"disable_binding": &framework.FieldSchema{
-				Type:        framework.TypeBool,
-				Default:     false,
-				Description: `If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.`,
+				Type:         framework.TypeBool,
+				Default:      false,
+				Description:  `If set, during renewal, skips the matching of presented client identity with the client identity used during login. Defaults to false.`,
+				DisplayName:  "Disable Binding",
+				DisplayValue: false,
 			},
 		},
 

From 6b2f6116c31f64692fc6a08d7e06a914d42cbfff Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 12:24:55 -0800
Subject: [PATCH 40/84] add certs auth backend and fix enabling github

---
 builtin/credential/github/path_config.go | 8 --------
 ui/app/services/path-help.js             | 8 +++++++-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go
index 3046edad3374..e777bf5c432a 100644
--- a/builtin/credential/github/path_config.go
+++ b/builtin/credential/github/path_config.go
@@ -38,14 +38,6 @@ API-compatible authentication server.`,
 				Description: `Maximum duration after which authentication will be expired`,
 				DisplayName: "Max TTL",
 			},
-			"ttl": &framework.FieldSchema{
-				Type:        framework.TypeString,
-				Description: `Duration after which authentication will be expired`,
-			},
-			"max_ttl": &framework.FieldSchema{
-				Type:        framework.TypeString,
-				Description: `Maximum duration after which authentication will be expired`,
-			},
 		},
 
 		Callbacks: map[logical.Operation]framework.OperationFunc{
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 59750a3ba411..770fa3bda098 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -45,7 +45,13 @@ export default Service.extend({
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
-    const authMethods = ['auth-config/ldap', 'auth-config/github', 'auth-config/okta', 'auth-config/radius'];
+    const authMethods = [
+      'auth-config/ldap',
+      'auth-config/github',
+      'auth-config/okta',
+      'auth-config/radius',
+      'auth-config/cert',
+    ];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`
       : `/v1/${backend}/${path}/example?help=1`;

From ad43ac4dc145d0f96a6b46ec0c8f0a7c13cbbef8 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 14:52:17 -0800
Subject: [PATCH 41/84] start adding gcp auth backend

---
 ui/app/adapters/auth-config/gcp.js |  7 ++++++-
 ui/app/models/auth-config/gcp.js   | 10 ++++++++--
 ui/app/services/path-help.js       |  1 +
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/ui/app/adapters/auth-config/gcp.js b/ui/app/adapters/auth-config/gcp.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/gcp.js
+++ b/ui/app/adapters/auth-config/gcp.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/gcp.js b/ui/app/models/auth-config/gcp.js
index 9185fb297614..c36c081ed853 100644
--- a/ui/app/models/auth-config/gcp.js
+++ b/ui/app/models/auth-config/gcp.js
@@ -1,12 +1,13 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  // We have to leave this here because the backend doesn't support the file type yet.
   credentials: attr('string', {
     editType: 'file',
   }),
@@ -14,12 +15,17 @@ export default AuthConfig.extend({
   googleCertsEndpoint: attr('string'),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       { default: ['credentials'] },
       {
         'Google Cloud Options': ['googleCertsEndpoint'],
       },
     ];
+    debugger; // eslint-disable-line
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 770fa3bda098..59e1ce4f7be0 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -51,6 +51,7 @@ export default Service.extend({
       'auth-config/okta',
       'auth-config/radius',
       'auth-config/cert',
+      'auth-config/gcp',
     ];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`

From 7acae329c712b6aa9d417474a9261896c168499e Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 14:55:12 -0800
Subject: [PATCH 42/84] start adding azure auth backend

---
 ui/app/adapters/auth-config/azure.js | 7 ++++++-
 ui/app/models/auth-config/azure.js   | 8 ++++++--
 ui/app/services/path-help.js         | 1 +
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ui/app/adapters/auth-config/azure.js b/ui/app/adapters/auth-config/azure.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/azure.js
+++ b/ui/app/adapters/auth-config/azure.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
index 1949d20e8563..a16b94e73b42 100644
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@@ -1,7 +1,7 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
@@ -26,12 +26,16 @@ export default AuthConfig.extend({
   googleCertsEndpoint: attr('string'),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       { default: ['tenantId', 'resource'] },
       {
         'Azure Options': ['clientId', 'clientSecret'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 59e1ce4f7be0..0a5122766220 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -52,6 +52,7 @@ export default Service.extend({
       'auth-config/radius',
       'auth-config/cert',
       'auth-config/gcp',
+      'auth-config/azure',
     ];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`

From 922176d89190721811f03bd6e718de61fa628d2c Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Fri, 1 Feb 2019 14:57:06 -0800
Subject: [PATCH 43/84] start adding kubernetes auth backend

---
 ui/app/adapters/auth-config/kubernetes.js | 7 ++++++-
 ui/app/models/auth-config/gcp.js          | 1 -
 ui/app/models/auth-config/kubernetes.js   | 7 ++++++-
 ui/app/services/path-help.js              | 1 +
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/ui/app/adapters/auth-config/kubernetes.js b/ui/app/adapters/auth-config/kubernetes.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/kubernetes.js
+++ b/ui/app/adapters/auth-config/kubernetes.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/models/auth-config/gcp.js b/ui/app/models/auth-config/gcp.js
index c36c081ed853..82138178f243 100644
--- a/ui/app/models/auth-config/gcp.js
+++ b/ui/app/models/auth-config/gcp.js
@@ -21,7 +21,6 @@ export default AuthConfig.extend({
         'Google Cloud Options': ['googleCertsEndpoint'],
       },
     ];
-    debugger; // eslint-disable-line
     if (this.newFields) {
       groups = combineFieldGroups(groups, this.newFields, []);
     }
diff --git a/ui/app/models/auth-config/kubernetes.js b/ui/app/models/auth-config/kubernetes.js
index 4d8da679a767..5a026718f70b 100644
--- a/ui/app/models/auth-config/kubernetes.js
+++ b/ui/app/models/auth-config/kubernetes.js
@@ -2,6 +2,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
@@ -31,7 +32,7 @@ export default AuthConfig.extend({
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['kubernetesHost', 'kubernetesCaCert'],
       },
@@ -39,6 +40,10 @@ export default AuthConfig.extend({
         'Kubernetes Options': ['tokenReviewerJwt', 'pemKeys'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 0a5122766220..7d52d90e00ca 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -53,6 +53,7 @@ export default Service.extend({
       'auth-config/cert',
       'auth-config/gcp',
       'auth-config/azure',
+      'auth-config/kubernetes',
     ];
     let helpUrl = authMethods.includes(modelType)
       ? `/v1/auth/${backend}/${path}?help=1`

From 6b0c8557f869baa2d8a170e876c197b22157735e Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 4 Feb 2019 12:41:14 -0500
Subject: [PATCH 44/84] clean up eslint issues, fix useOpenApi usage in
 models/pathHelp

---
 ui/app/models/auth-config/azure.js                    |  1 +
 ui/app/models/auth-config/gcp.js                      |  1 +
 ui/app/models/auth-config/github.js                   |  1 +
 ui/app/models/auth-config/kubernetes.js               |  1 +
 ui/app/models/auth-config/ldap.js                     |  1 +
 ui/app/models/auth-config/okta.js                     |  1 +
 ui/app/models/auth-config/radius.js                   |  1 +
 ui/app/models/pki-certificate-sign.js                 |  2 +-
 ui/app/models/pki-certificate.js                      |  1 +
 ui/app/models/role-pki.js                             |  1 +
 ui/app/models/role-ssh.js                             |  1 +
 ui/app/routes/vault/cluster/secrets/backend.js        |  2 --
 .../vault/cluster/secrets/backend/secret-edit.js      |  9 ++++++---
 ui/app/services/path-help.js                          |  2 +-
 ui/app/templates/components/form-field.hbs            |  1 -
 ui/app/transforms/integer.js                          |  2 ++
 ui/app/utils/openapi-to-attrs.js                      | 11 +++--------
 ui/tests/acceptance/ssh-test.js                       |  1 +
 18 files changed, 24 insertions(+), 16 deletions(-)

diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
index a16b94e73b42..6ef8a3f507f0 100644
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@@ -7,6 +7,7 @@ import fieldToAttrs from 'vault/utils/field-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   tenantId: attr('string', {
     label: 'Tenant ID',
     helpText: 'The tenant ID for the Azure Active Directory organization',
diff --git a/ui/app/models/auth-config/gcp.js b/ui/app/models/auth-config/gcp.js
index 82138178f243..4a4b49ab04b6 100644
--- a/ui/app/models/auth-config/gcp.js
+++ b/ui/app/models/auth-config/gcp.js
@@ -7,6 +7,7 @@ import fieldToAttrs from 'vault/utils/field-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   // We have to leave this here because the backend doesn't support the file type yet.
   credentials: attr('string', {
     editType: 'file',
diff --git a/ui/app/models/auth-config/github.js b/ui/app/models/auth-config/github.js
index 76d050b3aa47..df745af14e86 100644
--- a/ui/app/models/auth-config/github.js
+++ b/ui/app/models/auth-config/github.js
@@ -7,6 +7,7 @@ import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   organization: attr('string'),
   baseUrl: attr('string', {
     label: 'Base URL',
diff --git a/ui/app/models/auth-config/kubernetes.js b/ui/app/models/auth-config/kubernetes.js
index 5a026718f70b..af3ebe14109b 100644
--- a/ui/app/models/auth-config/kubernetes.js
+++ b/ui/app/models/auth-config/kubernetes.js
@@ -8,6 +8,7 @@ import fieldToAttrs from 'vault/utils/field-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   kubernetesHost: attr('string', {
     label: 'Kubernetes Host',
     helpText:
diff --git a/ui/app/models/auth-config/ldap.js b/ui/app/models/auth-config/ldap.js
index 4a8ec9b2f8ae..de51d1489bd1 100644
--- a/ui/app/models/auth-config/ldap.js
+++ b/ui/app/models/auth-config/ldap.js
@@ -8,6 +8,7 @@ import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   binddn: attr('string', {
     helpText: 'Used when performing user search. Example: cn=vault,ou=Users,dc=example,dc=com',
   }),
diff --git a/ui/app/models/auth-config/okta.js b/ui/app/models/auth-config/okta.js
index 5ac1c49913fb..c9baf9868273 100644
--- a/ui/app/models/auth-config/okta.js
+++ b/ui/app/models/auth-config/okta.js
@@ -7,6 +7,7 @@ import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   orgName: attr('string', {
     label: 'Organization Name',
     helpText: 'Name of the organization to be used in the Okta API',
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index 99d8fc52ab6e..720d7c1307a6 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -7,6 +7,7 @@ import fieldToAttrs from 'vault/utils/field-to-attrs';
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   host: attr('string'),
 
   port: attr('number', {
diff --git a/ui/app/models/pki-certificate-sign.js b/ui/app/models/pki-certificate-sign.js
index c8e4db45225d..b6f00e340345 100644
--- a/ui/app/models/pki-certificate-sign.js
+++ b/ui/app/models/pki-certificate-sign.js
@@ -10,7 +10,7 @@ export default Certificate.extend({
     readOnly: true,
     defaultValue: false,
   }),
-
+  useOpenAPI: true,
   csr: attr('string', {
     label: 'Certificate Signing Request (CSR)',
     editType: 'textarea',
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 4a9653100a2c..753d5dc9a8e6 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -13,6 +13,7 @@ export default DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
+  useOpenAPI: true,
   //the id prefixed with `cert/` so we can use it as the *secret param for the secret show route
   idForNav: attr('string', {
     readOnly: true,
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index c167ab694539..82284f41c1d3 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -15,6 +15,7 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
+  useOpenAPI: true,
 
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 72d05eb04402..8e9f232b9de1 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -39,6 +39,7 @@ const CA_FIELDS = [
   'keyIdFormat',
 ];
 export default DS.Model.extend({
+  useOpenAPI: true,
   zeroAddress: attr('boolean', {
     readOnly: true,
   }),
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index 70bd9f2abe45..9003842e013f 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -1,6 +1,4 @@
 import { inject as service } from '@ember/service';
-import { getOwner } from '@ember/application';
-import { run } from '@ember/runloop';
 import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index f7696b6a76cc..105992aaf64b 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -1,6 +1,7 @@
 import { set } from '@ember/object';
 import { hash, resolve } from 'rsvp';
 import { inject as service } from '@ember/service';
+import DS from 'ember-data';
 import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
 import { getOwner } from '@ember/application';
@@ -32,7 +33,7 @@ export default Route.extend(UnloadModelRoute, {
 
   templateName: 'vault/cluster/secrets/backend/secretEditLayout',
 
-  beforeModel(params) {
+  beforeModel() {
     // currently there is no recursive delete for folders in vault, so there's no need to 'edit folders'
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
@@ -51,10 +52,12 @@ export default Route.extend(UnloadModelRoute, {
   },
 
   buildModel(secret) {
+    debugger; //eslint-disable-line
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
-    if (modelType in ['secret', 'secret-v2']) {
-      return;
+    debugger; //eslint-disable-line
+    if (['secret', 'secret-v2'].includes(modelType)) {
+      return resolve();
     }
     let owner = getOwner(this);
     return this.pathHelp.getNewModel(modelType, backend, owner);
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 7d52d90e00ca..7fb8c8df37a4 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,7 @@ export default Service.extend({
   getNewModel(modelType, backend, owner) {
     let name = `model:${modelType}`;
     let newModel = owner.factoryFor(name).class;
-    if (newModel.merged || newModel.useOpenAPI === false) {
+    if (newModel.merged || !newModel.useOpenAPI === true) {
       return resolve();
     }
 
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index a77bc452b4d0..0e805ad90ac4 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -28,7 +28,6 @@
   </label>
 {{/unless}}
 {{#if attr.options.possibleValues}}
-  {{log attr}}
   <div class="control is-expanded">
     <div class="select is-fullwidth">
       <select
diff --git a/ui/app/transforms/integer.js b/ui/app/transforms/integer.js
index 883797c4c546..493f6040c23c 100644
--- a/ui/app/transforms/integer.js
+++ b/ui/app/transforms/integer.js
@@ -1,4 +1,6 @@
 import { isEmpty } from '@ember/utils';
+import DS from 'ember-data';
+
 /*
   DS.attr('integer')
 */
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 5d5110b980c9..7139fba9b3d7 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,7 +1,6 @@
 import DS from 'ember-data';
 const { attr } = DS;
 import { assign } from '@ember/polyfills';
-import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -60,17 +59,13 @@ export const combineAttributes = function(oldAttrs, newProps) {
 };
 
 export const combineFields = function(currentFields, newFields, excludedFields) {
-  let allFields = [];
-  for (let group in currentGroups) {
-    let fieldName = Object.keys(groups[group])[0];
-    allFields.concat(groups[group][fieldName]);
-  }
   let otherFields = newFields.filter(field => {
-    !allFields.includes(field) && !excludedFields.includes(field);
+    return !currentFields.includes(field) && !excludedFields.includes(field);
   });
   if (otherFields.length) {
-    groups.default.concat(otherFields);
+    currentFields = currentFields.concat(otherFields);
   }
+  return currentFields;
 };
 
 export const combineFieldGroups = function(currentGroups, newFields, excludedFields) {
diff --git a/ui/tests/acceptance/ssh-test.js b/ui/tests/acceptance/ssh-test.js
index 08a49d1e4eb4..52c3d88dc23f 100644
--- a/ui/tests/acceptance/ssh-test.js
+++ b/ui/tests/acceptance/ssh-test.js
@@ -42,6 +42,7 @@ module('Acceptance | ssh secret backend', function(hooks) {
         await fillIn('[data-test-input="cidrList"]', '1.2.3.4/32');
       },
       async fillInGenerate() {
+        debugger; //eslint-disable-line
         await fillIn('[data-test-input="username"]', 'admin');
         await fillIn('[data-test-input="ip"]', '1.2.3.4');
       },

From 22456bed0f43fd8c47a4706d962b58e94af80e87 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 4 Feb 2019 14:08:49 -0500
Subject: [PATCH 45/84] fix openAPI implementation, check for newFields not
 newFields.length, check for opeAPI flag on the prototype of the model

---
 ui/app/models/pki-certificate-sign.js | 2 +-
 ui/app/models/pki-certificate.js      | 2 +-
 ui/app/models/role-aws.js             | 1 +
 ui/app/models/role-pki.js             | 2 +-
 ui/app/services/path-help.js          | 2 +-
 ui/app/utils/openapi-to-attrs.js      | 2 +-
 6 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ui/app/models/pki-certificate-sign.js b/ui/app/models/pki-certificate-sign.js
index b6f00e340345..8fa57d31eb41 100644
--- a/ui/app/models/pki-certificate-sign.js
+++ b/ui/app/models/pki-certificate-sign.js
@@ -23,7 +23,7 @@ export default Certificate.extend({
         default: ['csr', 'commonName', 'format', 'signVerbatim'],
       },
     ];
-    if (this.newFields.length) {
+    if (this.newFields) {
       groups = combineFieldGroups(groups, this.newFields, []);
     }
     if (this.get('signVerbatim') === false) {
diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 753d5dc9a8e6..76d78c9de8f9 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -46,7 +46,7 @@ export default DS.Model.extend({
       { default: ['commonName', 'format'] },
       { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] },
     ];
-    if (this.newFields.length) {
+    if (this.newFields) {
       groups = combineFieldGroups(groups, this.newFields, []);
     }
     return groups;
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index 06e608e973c1..bd81f2381541 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -29,6 +29,7 @@ const roleAWSModel = DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
+  useOpenAPI: false,
   // credentialTypes are for backwards compatibility.
   // we use this to populate "credentialType" in
   // the serializer. if there is more than one, the
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 82284f41c1d3..252eba00dc7f 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -78,7 +78,7 @@ export default DS.Model.extend({
       },
     ];
     let excludedFields = ['extKeyUsage'];
-    if (this.newFields.length) {
+    if (this.newFields) {
       groups = combineFieldGroups(groups, this.newFields, excludedFields);
     }
     return fieldToAttrs(this, groups);
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 7fb8c8df37a4..0d4508b6fe96 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,7 +24,7 @@ export default Service.extend({
   getNewModel(modelType, backend, owner) {
     let name = `model:${modelType}`;
     let newModel = owner.factoryFor(name).class;
-    if (newModel.merged || !newModel.useOpenAPI === true) {
+    if (newModel.merged || !newModel.prototype.useOpenAPI === true) {
       return resolve();
     }
 
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 7139fba9b3d7..b11c58e8705e 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -54,7 +54,7 @@ export const combineAttributes = function(oldAttrs, newProps) {
       newFields.push(prop);
     }
   }
-
+  debugger; //eslint-disable-line
   return { attrs: newAttrs, newFields };
 };
 

From 4b7dcc0ae3c6380509f3437cdd7d094d7873166c Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 4 Feb 2019 18:13:55 -0500
Subject: [PATCH 46/84] fix stringlist in forms to still include attr.name,
 adjust path-help and auth section to use the correct backend

---
 .../cluster/secrets/backend/secret-edit.js    |  2 --
 .../settings/auth/configure/section.js        |  5 +--
 ui/app/services/path-help.js                  |  2 ++
 ui/app/templates/components/form-field.hbs    |  1 +
 ui/app/templates/components/string-list.hbs   | 32 ++++++++++++-------
 .../secrets/backend/pki/cert-test.js          |  1 +
 .../settings/auth/configure/section-test.js   |  1 +
 .../pages/secrets/backend/pki/edit-role.js    |  2 +-
 .../secrets/backend/pki/generate-cert.js      |  1 +
 9 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 105992aaf64b..3b55f3e70de8 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -52,10 +52,8 @@ export default Route.extend(UnloadModelRoute, {
   },
 
   buildModel(secret) {
-    debugger; //eslint-disable-line
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let modelType = this.modelType(backend, secret);
-    debugger; //eslint-disable-line
     if (['secret', 'secret-v2'].includes(modelType)) {
       return resolve();
     }
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 5e8a56938c37..471fccf2de71 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -34,9 +34,10 @@ export default Route.extend(UnloadModelRoute, {
       return;
     }
     const { method } = this.paramsFor('vault.cluster.settings.auth.configure');
-    let modelType = this.modelType(method, section_name);
+    const backend = this.modelFor('vault.cluster.settings.auth.configure');
+    const modelType = this.modelType(backend.type, section_name);
     let owner = getOwner(this);
-    return this.pathHelp.getNewModel(modelType, method, owner);
+    return this.pathHelp.getNewModel(modelType, backend.type, owner);
   },
 
   model(params) {
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 0d4508b6fe96..5470d5c8f3dd 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -29,6 +29,7 @@ export default Service.extend({
     }
 
     return this.getProps(modelType, backend).then(props => {
+      debugger; // eslint-disable-line
       if (owner.hasRegistration(name) && !newModel.merged) {
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
         newModel = newModel.extend(attrs, { newFields });
@@ -43,6 +44,7 @@ export default Service.extend({
   },
 
   getProps(modelType, backend) {
+    debugger; // eslint-disable-line
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     const authMethods = [
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index 0e805ad90ac4..f2d363158fa7 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -126,6 +126,7 @@
   }}
 {{else if (eq attr.options.editType "stringArray")}}
   {{string-list
+    data-test-input=attr.name
     label=labelString
     warning=attr.options.warning
     helpText=attr.options.helpText
diff --git a/ui/app/templates/components/string-list.hbs b/ui/app/templates/components/string-list.hbs
index 43a7a73b3d1d..79fcde0c6124 100644
--- a/ui/app/templates/components/string-list.hbs
+++ b/ui/app/templates/components/string-list.hbs
@@ -2,17 +2,12 @@
   <label class="title is-5" data-test-string-list-label="true">
     {{label}}
     {{#if helpText}}
-      {{#info-tooltip}}
-        {{helpText}}
-      {{/info-tooltip}}
+      {{#info-tooltip}}{{helpText}}{{/info-tooltip}}
     {{/if}}
   </label>
 {{/if}}
 {{#if warning}}
-  <AlertBanner
-    @type="warning"
-    @message={{warning}}
-  />
+  <AlertBanner @type="warning" @message={{warning}} />
 {{/if}}
 {{#each inputList as |data index|}}
   <div class="field is-grouped" data-test-string-list-row="{{index}}">
@@ -30,14 +25,29 @@
     </div>
     <div class="control">
       {{#if (eq (inc index) inputList.length)}}
-        <button type="button" class="button is-outlined is-primary" {{action "addInput"}} data-test-string-list-button="add">
+        <button
+          type="button"
+          class="button is-outlined is-primary"
+          data-test-string-list-button="add"
+          {{action "addInput"}}
+        >
           Add
         </button>
       {{else}}
-        <button type="button" class="button is-expanded is-icon" {{action "removeInput" index}} data-test-string-list-button="delete" >
-          {{i-con size=22 glyph='trash-a' excludeIconClass=true class="is-large has-text-grey-light"}}
+        <button
+          type="button"
+          class="button is-expanded is-icon"
+          data-test-string-list-button="delete"
+          {{action "removeInput" index}}
+        >
+          {{i-con
+            size=22
+            glyph="trash-a"
+            excludeIconClass=true
+            class="is-large has-text-grey-light"
+          }}
         </button>
       {{/if}}
     </div>
   </div>
-{{/each}}
+{{/each}}
\ No newline at end of file
diff --git a/ui/tests/acceptance/secrets/backend/pki/cert-test.js b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
index cb437044f28e..46e9bbf7905f 100644
--- a/ui/tests/acceptance/secrets/backend/pki/cert-test.js
+++ b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
@@ -47,6 +47,7 @@ elRplAzrMF4=
   };
 
   test('it issues a cert', async function(assert) {
+    debugger; //eslint-disable-line
     await setup(assert);
 
     await generatePage.issueCert('foo');
diff --git a/ui/tests/acceptance/settings/auth/configure/section-test.js b/ui/tests/acceptance/settings/auth/configure/section-test.js
index 0216a21b561f..75654a31fe20 100644
--- a/ui/tests/acceptance/settings/auth/configure/section-test.js
+++ b/ui/tests/acceptance/settings/auth/configure/section-test.js
@@ -49,6 +49,7 @@ module('Acceptance | settings/auth/configure/section', function(hooks) {
       await cli.consoleInput(`write sys/auth/${path} type=${type}`);
       await cli.enter();
       await indexPage.visit({ path });
+      debugger; // eslint-disable-line
       // aws has 4 tabs, the others will have 'Configuration' and 'Method Options' tabs
       let numTabs = type === 'aws' ? 4 : 2;
       assert.equal(page.tabs.length, numTabs, 'shows correct number of tabs');
diff --git a/ui/tests/pages/secrets/backend/pki/edit-role.js b/ui/tests/pages/secrets/backend/pki/edit-role.js
index 23935be3e26a..76b51e24daac 100644
--- a/ui/tests/pages/secrets/backend/pki/edit-role.js
+++ b/ui/tests/pages/secrets/backend/pki/edit-role.js
@@ -9,7 +9,7 @@ export default create({
   toggleOptions: clickable('[data-test-toggle-group="Options"]'),
   name: fillable('[data-test-input="name"]'),
   allowAnyName: clickable('[data-test-input="allowAnyName"]'),
-  allowedDomains: fillable('[data-test-input="allowedDomains"]'),
+  allowedDomains: fillable('[data-test-input="allowedDomains"] input'),
   save: clickable('[data-test-role-create]'),
   deleteBtn: clickable('[data-test-role-delete] button'),
   confirmBtn: clickable('[data-test-confirm-button]'),
diff --git a/ui/tests/pages/secrets/backend/pki/generate-cert.js b/ui/tests/pages/secrets/backend/pki/generate-cert.js
index 38c22e0ff724..7c098b6675c1 100644
--- a/ui/tests/pages/secrets/backend/pki/generate-cert.js
+++ b/ui/tests/pages/secrets/backend/pki/generate-cert.js
@@ -14,6 +14,7 @@ export default create({
   hasCert: isPresent('[data-test-row-value="Certificate"]'),
   fillInField: fillable('[data-test-field]'),
   issueCert: async function(commonName) {
+    debugger; //eslint-disable-line
     await this.commonName(commonName)
       .toggleOptions()
       .fillInField('unit', 'h')

From 37da5c3d293e61b6b580ffe0c27f3f5fadc35ce3 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 5 Feb 2019 13:00:28 -0500
Subject: [PATCH 47/84] fix auth config tests by passing in path instead of
 backend type

---
 ui/app/routes/vault/cluster/settings/auth/configure/section.js | 2 +-
 ui/tests/acceptance/settings/auth/configure/section-test.js    | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 471fccf2de71..86df4e9e48eb 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -37,7 +37,7 @@ export default Route.extend(UnloadModelRoute, {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const modelType = this.modelType(backend.type, section_name);
     let owner = getOwner(this);
-    return this.pathHelp.getNewModel(modelType, backend.type, owner);
+    return this.pathHelp.getNewModel(modelType, method, owner);
   },
 
   model(params) {
diff --git a/ui/tests/acceptance/settings/auth/configure/section-test.js b/ui/tests/acceptance/settings/auth/configure/section-test.js
index 75654a31fe20..0216a21b561f 100644
--- a/ui/tests/acceptance/settings/auth/configure/section-test.js
+++ b/ui/tests/acceptance/settings/auth/configure/section-test.js
@@ -49,7 +49,6 @@ module('Acceptance | settings/auth/configure/section', function(hooks) {
       await cli.consoleInput(`write sys/auth/${path} type=${type}`);
       await cli.enter();
       await indexPage.visit({ path });
-      debugger; // eslint-disable-line
       // aws has 4 tabs, the others will have 'Configuration' and 'Method Options' tabs
       let numTabs = type === 'aws' ? 4 : 2;
       assert.equal(page.tabs.length, numTabs, 'shows correct number of tabs');

From 3a13bb346174ecf713df13abfe9dfd01e1544dc8 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 5 Feb 2019 11:30:49 -0800
Subject: [PATCH 48/84] redirect to config page after enabling an auth method

---
 ui/app/components/mount-backend-form.js                | 10 +---------
 .../controllers/vault/cluster/settings/auth/enable.js  |  6 ++++--
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/ui/app/components/mount-backend-form.js b/ui/app/components/mount-backend-form.js
index fbfb6c6a09dd..293065301707 100644
--- a/ui/app/components/mount-backend-form.js
+++ b/ui/app/components/mount-backend-form.js
@@ -61,18 +61,10 @@ export default Component.extend({
   },
 
   getConfigModelType(methodType) {
-    let mountType = this.get('mountType');
-    // will be something like secret-aws
-    // or auth-azure
-    let key = `${mountType}-${methodType}`;
-    let noConfig = ['auth-approle', 'auth-alicloud'];
-    if (mountType === 'secret' || noConfig.includes(key)) {
-      return;
-    }
     if (methodType === 'aws') {
       return 'auth-config/aws/client';
     }
-    return `auth-config/${methodType}`;
+    return;
   },
 
   changeConfigModel(methodType) {
diff --git a/ui/app/controllers/vault/cluster/settings/auth/enable.js b/ui/app/controllers/vault/cluster/settings/auth/enable.js
index d5dd984c3256..66ece054f489 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/enable.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/enable.js
@@ -4,8 +4,10 @@ import Controller from '@ember/controller';
 export default Controller.extend({
   wizard: service(),
   actions: {
-    onMountSuccess: function(type) {
-      let transition = this.transitionToRoute('vault.cluster.access.methods');
+    onMountSuccess: function(type, path) {
+      // We have to remove the trailing '/' from the path to succcessfully redirect with the right params.
+      const authPath = path.slice(0, -1);
+      let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', authPath);
       return transition.followRedirects().then(() => {
         this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
       });

From d357a564d95df759301c2690b39b19bb752a12f1 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 5 Feb 2019 16:19:21 -0500
Subject: [PATCH 49/84] fix inverse relationship bug

---
 ui/app/models/auth-config.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/app/models/auth-config.js b/ui/app/models/auth-config.js
index 88befe73b6ab..b3b86c4af9d9 100644
--- a/ui/app/models/auth-config.js
+++ b/ui/app/models/auth-config.js
@@ -2,5 +2,5 @@ import DS from 'ember-data';
 const { belongsTo } = DS;
 
 export default DS.Model.extend({
-  backend: belongsTo('auth-method', { readOnly: true, async: false }),
+  backend: belongsTo('auth-method', { inverse: 'authConfigs', readOnly: true, async: false }),
 });

From 6785231169c6deb444e5ae0ea24f5449ec56b455 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 5 Feb 2019 16:22:11 -0500
Subject: [PATCH 50/84] solidify new auth flow

---
 ui/app/components/mount-backend-form.js | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/ui/app/components/mount-backend-form.js b/ui/app/components/mount-backend-form.js
index 293065301707..20fe7e13322c 100644
--- a/ui/app/components/mount-backend-form.js
+++ b/ui/app/components/mount-backend-form.js
@@ -60,14 +60,7 @@ export default Component.extend({
     this.get('mountModel').rollbackAttributes();
   },
 
-  getConfigModelType(methodType) {
-    if (methodType === 'aws') {
-      return 'auth-config/aws/client';
-    }
-    return;
-  },
-
-  changeConfigModel(methodType) {
+  changeConfigModel() {
     let mount = this.get('mountModel');
     if (this.get('mountType') === 'secret') {
       return;
@@ -80,10 +73,7 @@ export default Component.extend({
       currentConfig.rollbackAttributes();
       currentConfig.unloadRecord();
     }
-    let configType = this.getConfigModelType(methodType);
-    if (!configType) return;
-    let config = this.get('store').createRecord(configType);
-    config.set('backend', mount);
+    return;
   },
 
   checkPathChange(type) {
@@ -157,7 +147,7 @@ export default Component.extend({
     onTypeChange(path, value) {
       if (path === 'type') {
         this.get('wizard').set('componentState', value);
-        this.changeConfigModel(value);
+        this.changeConfigModel();
         this.checkPathChange(value);
       }
     },

From 196b97deefcf6ef5ee0e59575470fdfc829f26df Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 5 Feb 2019 17:49:22 -0800
Subject: [PATCH 51/84] fix ssh field label

---
 builtin/logical/ssh/path_roles.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go
index 01aa75630563..529a498ef54e 100644
--- a/builtin/logical/ssh/path_roles.go
+++ b/builtin/logical/ssh/path_roles.go
@@ -108,7 +108,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Optional for Dynamic type] [Optional for OTP type] [Not applicable for CA type]
 				Comma separated list of CIDR blocks for which the role is applicable for.
 				CIDR blocks can belong to more than one role.`,
-				DisplayName: "Admin Username",
+				DisplayName: "CIDR List",
 			},
 			"exclude_cidr_list": &framework.FieldSchema{
 				Type: framework.TypeString,
@@ -127,7 +127,7 @@ func pathRoles(b *backend) *framework.Path {
 				play any role in creation of OTP. For 'otp' type, this is just a way
 				to inform client about the port number to use. Port number will be
 				returned to client by Vault server along with OTP.`,
-				DisplayName: "Port",
+				DisplayName:  "Port",
 				DisplayValue: 22,
 			},
 			"key_type": &framework.FieldSchema{
@@ -136,9 +136,9 @@ func pathRoles(b *backend) *framework.Path {
 				[Required for all types]
 				Type of key used to login to hosts. It can be either 'otp', 'dynamic' or 'ca'.
 				'otp' type requires agent to be installed in remote hosts.`,
-				DisplayName: "Key Type",
+				DisplayName:   "Key Type",
 				AllowedValues: []interface{}{"otp", "ca"},
-				DisplayValue: "ca",
+				DisplayValue:  "ca",
 			},
 			"key_bits": &framework.FieldSchema{
 				Type: framework.TypeInt,
@@ -256,7 +256,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
 				If set, certificates are allowed to be signed for use as a 'user'.
 				`,
-				Default: false,
+				Default:     false,
 				DisplayName: "Allow User Certificates",
 			},
 			"allow_host_certificates": &framework.FieldSchema{
@@ -265,7 +265,7 @@ func pathRoles(b *backend) *framework.Path {
 				[Not applicable for Dynamic type] [Not applicable for OTP type] [Optional for CA type]
 				If set, certificates are allowed to be signed for use as a 'host'.
 				`,
-				Default: false,
+				Default:     false,
 				DisplayName: "Allow Host Certificates",
 			},
 			"allow_bare_domains": &framework.FieldSchema{

From 621039d0066fba9ec077a528c272fbaa81eb0e43 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 5 Feb 2019 17:50:21 -0800
Subject: [PATCH 52/84] remove debugger statements

---
 ui/app/services/path-help.js     | 2 --
 ui/app/utils/openapi-to-attrs.js | 1 -
 ui/tests/acceptance/ssh-test.js  | 1 -
 3 files changed, 4 deletions(-)

diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 5470d5c8f3dd..0d4508b6fe96 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -29,7 +29,6 @@ export default Service.extend({
     }
 
     return this.getProps(modelType, backend).then(props => {
-      debugger; // eslint-disable-line
       if (owner.hasRegistration(name) && !newModel.merged) {
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
         newModel = newModel.extend(attrs, { newFields });
@@ -44,7 +43,6 @@ export default Service.extend({
   },
 
   getProps(modelType, backend) {
-    debugger; // eslint-disable-line
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
     const authMethods = [
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index b11c58e8705e..9695880f817c 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -54,7 +54,6 @@ export const combineAttributes = function(oldAttrs, newProps) {
       newFields.push(prop);
     }
   }
-  debugger; //eslint-disable-line
   return { attrs: newAttrs, newFields };
 };
 
diff --git a/ui/tests/acceptance/ssh-test.js b/ui/tests/acceptance/ssh-test.js
index 52c3d88dc23f..08a49d1e4eb4 100644
--- a/ui/tests/acceptance/ssh-test.js
+++ b/ui/tests/acceptance/ssh-test.js
@@ -42,7 +42,6 @@ module('Acceptance | ssh secret backend', function(hooks) {
         await fillIn('[data-test-input="cidrList"]', '1.2.3.4/32');
       },
       async fillInGenerate() {
-        debugger; //eslint-disable-line
         await fillIn('[data-test-input="username"]', 'admin');
         await fillIn('[data-test-input="ip"]', '1.2.3.4');
       },

From 75e480764e083a0ef55aa5f8727af18960e092ee Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Tue, 5 Feb 2019 17:50:43 -0800
Subject: [PATCH 53/84] fix auth enable test

---
 ui/tests/acceptance/settings/auth/enable-test.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ui/tests/acceptance/settings/auth/enable-test.js b/ui/tests/acceptance/settings/auth/enable-test.js
index 3e24f010bedb..aea0cd267887 100644
--- a/ui/tests/acceptance/settings/auth/enable-test.js
+++ b/ui/tests/acceptance/settings/auth/enable-test.js
@@ -28,9 +28,11 @@ module('Acceptance | settings/auth/enable', function(hooks) {
     });
     assert.equal(
       currentRouteName(),
-      'vault.cluster.access.methods',
-      'redirects to the auth backend list page'
+      'vault.cluster.settings.auth.configure.section',
+      'redirects to the auth config page'
     );
+
+    await listPage.visit();
     assert.ok(listPage.findLinkById(path), 'mount is present in the list');
   });
 });

From 11be1a4e9a3ea03ce835dcfcc1b6ec8842b3bc2d Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 7 Feb 2019 14:16:03 -0500
Subject: [PATCH 54/84] have auth config redirect to list of mounts on
 successful save

---
 ui/app/components/auth-config-form/config.js  | 31 ++++++++++---------
 ui/app/components/mount-backend-form.js       |  6 +---
 .../settings/auth/configure/section.js        | 20 ++++++++++++
 .../vault/cluster/settings/auth/enable.js     |  4 +--
 ui/app/machines/auth-machine.js               |  8 ++---
 ui/app/models/auth-config/gcp.js              |  1 -
 .../components/auth-config-form/config.hbs    | 11 +++++--
 .../components/wizard/auth-config.hbs         | 10 ++++++
 .../components/wizard/auth-enable.hbs         |  6 ++--
 .../settings/auth/configure/section.hbs       |  6 ++--
 .../vault/cluster/settings/auth/enable.hbs    |  2 +-
 11 files changed, 67 insertions(+), 38 deletions(-)
 create mode 100644 ui/app/controllers/vault/cluster/settings/auth/configure/section.js
 create mode 100644 ui/app/templates/components/wizard/auth-config.hbs

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 31fd4ac0b258..18d1b920b141 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -1,6 +1,5 @@
 import { inject as service } from '@ember/service';
 import Component from '@ember/component';
-import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 const AuthConfigBase = Component.extend({
@@ -8,20 +7,22 @@ const AuthConfigBase = Component.extend({
   model: null,
 
   flashMessages: service(),
-
-  saveModel: task(function*() {
-    try {
-      yield this.get('model').save();
-    } catch (err) {
-      // AdapterErrors are handled by the error-message component
-      // in the form
-      if (err instanceof DS.AdapterError === false) {
-        throw err;
-      }
-      return;
-    }
-    this.get('flashMessages').success('The configuration was saved successfully.');
-  }),
+  wizard: service(),
+  saveModel() {},
+  actions: {
+    saveAndRedirect: function() {
+      this.saveModel(this.model)
+        .then(() => {
+          this.flashMessages.success('The configuration was saved successfully.');
+        })
+        .catch(err => {
+          if (err instanceof DS.AdapterError === false) {
+            throw err;
+          }
+          return;
+        });
+    },
+  },
 });
 
 AuthConfigBase.reopenClass({
diff --git a/ui/app/components/mount-backend-form.js b/ui/app/components/mount-backend-form.js
index 20fe7e13322c..c18bec40f72e 100644
--- a/ui/app/components/mount-backend-form.js
+++ b/ui/app/components/mount-backend-form.js
@@ -155,11 +155,7 @@ export default Component.extend({
     toggleShowConfig(value) {
       this.set('showConfig', value);
       if (value === true && this.get('wizard.featureState') === 'idle') {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'CONTINUE',
-          this.get('mountModel').get('type')
-        );
+        this.advanceWizard();
       } else {
         this.get('wizard').transitionFeatureMachine(
           this.get('wizard.featureState'),
diff --git a/ui/app/controllers/vault/cluster/settings/auth/configure/section.js b/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
new file mode 100644
index 000000000000..c6da41165566
--- /dev/null
+++ b/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
@@ -0,0 +1,20 @@
+import Controller from '@ember/controller';
+import { inject as service } from '@ember/service';
+
+export default Controller.extend({
+  wizard: service(),
+  actions: {
+    saveModel: function(model) {
+      return model
+        .save()
+        .then(() => {
+          let transition = this.transitionToRoute('vault.cluster.access.methods');
+          return transition.followRedirects();
+        })
+        .catch(err => {
+          debugger; // eslint-disable-line
+          throw err;
+        });
+    },
+  },
+});
diff --git a/ui/app/controllers/vault/cluster/settings/auth/enable.js b/ui/app/controllers/vault/cluster/settings/auth/enable.js
index 66ece054f489..48890bd1ef56 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/enable.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/enable.js
@@ -8,9 +8,7 @@ export default Controller.extend({
       // We have to remove the trailing '/' from the path to succcessfully redirect with the right params.
       const authPath = path.slice(0, -1);
       let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', authPath);
-      return transition.followRedirects().then(() => {
-        this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
-      });
+      return transition.followRedirects();
     },
     onConfigError: function(modelId) {
       return this.transitionToRoute('vault.cluster.settings.auth.configure', modelId);
diff --git a/ui/app/machines/auth-machine.js b/ui/app/machines/auth-machine.js
index cec39a9896ba..6ee82dd08a62 100644
--- a/ui/app/machines/auth-machine.js
+++ b/ui/app/machines/auth-machine.js
@@ -22,16 +22,16 @@ export default {
         { type: 'render', level: 'step', component: 'wizard/auth-enable' },
       ],
       on: {
-        CONTINUE: 'list',
+        CONTINUE: 'config',
       },
     },
-    list: {
+    config: {
       onEntry: [
-        { type: 'render', level: 'step', component: 'wizard/auth-list' },
         { type: 'render', level: 'feature', component: 'wizard/mounts-wizard' },
+        { type: 'render', level: 'step', component: 'wizard/auth-config' },
       ],
       on: {
-        DETAILS: 'details',
+        CONTINUE: 'details',
       },
     },
     details: {
diff --git a/ui/app/models/auth-config/gcp.js b/ui/app/models/auth-config/gcp.js
index 4a4b49ab04b6..25d91d284812 100644
--- a/ui/app/models/auth-config/gcp.js
+++ b/ui/app/models/auth-config/gcp.js
@@ -25,7 +25,6 @@ export default AuthConfig.extend({
     if (this.newFields) {
       groups = combineFieldGroups(groups, this.newFields, []);
     }
-
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/templates/components/auth-config-form/config.hbs b/ui/app/templates/components/auth-config-form/config.hbs
index 769d98251295..e1ec11b745ac 100644
--- a/ui/app/templates/components/auth-config-form/config.hbs
+++ b/ui/app/templates/components/auth-config-form/config.hbs
@@ -1,4 +1,4 @@
-<form {{action (perform saveModel) on="submit"}}>
+<form {{action "saveAndRedirect" on="submit"}}>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="save" @noun="auth method" />
     {{message-error model=model}}
@@ -11,8 +11,13 @@
     {{/if}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
-    <button type="submit" data-test-save-config=true class="button is-primary {{if saveModel.isRunning 'loading'}}" disabled={{saveModel.isRunning}}>
+    <button
+      type="submit"
+      data-test-save-config="true"
+      class="button is-primary {{if saveModel.isRunning "loading"}}"
+      disabled={{saveModel.isRunning}}
+    >
       Save
     </button>
   </div>
-</form>
+</form>
\ No newline at end of file
diff --git a/ui/app/templates/components/wizard/auth-config.hbs b/ui/app/templates/components/wizard/auth-config.hbs
new file mode 100644
index 000000000000..0ec32b737180
--- /dev/null
+++ b/ui/app/templates/components/wizard/auth-config.hbs
@@ -0,0 +1,10 @@
+<WizardSection
+  @headerText="Configuring Your Auth Method"
+  @docText="Docs: Authentication Methods"
+  @docPath="/docs/auth/index.html"
+  @instructions="Click the 'Save' link to save any extra configuration. Saving without filling anything in will use the defaults."
+>
+  <p>
+    You can update your new auth method configuration here.
+  </p>
+</WizardSection>
\ No newline at end of file
diff --git a/ui/app/templates/components/wizard/auth-enable.hbs b/ui/app/templates/components/wizard/auth-enable.hbs
index df732ecbd1b3..087119bb9eb3 100644
--- a/ui/app/templates/components/wizard/auth-enable.hbs
+++ b/ui/app/templates/components/wizard/auth-enable.hbs
@@ -2,9 +2,9 @@
   @headerText="Entering Auth Method details"
   @docText="Docs: Authentication Methods"
   @docPath="/docs/auth/index.html"
-  @instructions='Customize your new method and click "Enable Method".'
+  @instructions="Name your method and click 'Enable Method'."
 >
   <p>
-    Great! Now you can customize this method with a name and description that makes sense for your team, and fill out any options that are specific to this method.
+    Great! Now you can customize this method with a name and fill out general configuration under "Method Options".
   </p>
-</WizardSection>
+</WizardSection>
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
index 9c2c02d0c60c..9efd3cb0fac0 100644
--- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
@@ -1,5 +1,5 @@
-{{#if (eq model.section "options") }}
+{{#if (eq model.section "options")}}
   {{auth-config-form/options model.model}}
 {{else}}
-  {{auth-config-form/config model.model}}
-{{/if}}
+  {{auth-config-form/config model.model saveModel=(action "saveModel")}}
+{{/if}}
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/enable.hbs b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
index 4f459ae77890..2c020455324d 100644
--- a/ui/app/templates/vault/cluster/settings/auth/enable.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
@@ -1,4 +1,4 @@
 <MountBackendForm
   @onMountSuccess={{action "onMountSuccess"}}
   @onConfigError={{action "onConfigError"}}
-/>
+ />

From af0b0f8425da32fc115e6abec5d68d8ea022eebe Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 7 Feb 2019 15:20:52 -0500
Subject: [PATCH 55/84] redirect when saving method options too

---
 ui/app/components/auth-config-form/config.js  |  2 +-
 ui/app/components/auth-config-form/options.js | 35 ++++++++++---------
 .../settings/auth/configure/section.js        | 14 +++++++-
 .../components/auth-config-form/options.hbs   | 11 ++++--
 .../settings/auth/configure/section.hbs       |  2 +-
 5 files changed, 41 insertions(+), 23 deletions(-)

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 18d1b920b141..2366aeccdec2 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -11,7 +11,7 @@ const AuthConfigBase = Component.extend({
   saveModel() {},
   actions: {
     saveAndRedirect: function() {
-      this.saveModel(this.model)
+      return this.saveModel(this.model)
         .then(() => {
           this.flashMessages.success('The configuration was saved successfully.');
         })
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index 82f850e1e5b1..6f72d79af7ca 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -1,22 +1,23 @@
 import AuthConfigComponent from './config';
-import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 export default AuthConfigComponent.extend({
-  saveModel: task(function*() {
-    const model = this.get('model');
-    let data = model.get('config').serialize();
-    data.description = model.get('description');
-    try {
-      yield model.tune(data);
-    } catch (err) {
-      // AdapterErrors are handled by the error-message component
-      // in the form
-      if (err instanceof DS.AdapterError === false) {
-        throw err;
-      }
-      return;
-    }
-    this.get('flashMessages').success('The configuration options were saved successfully.');
-  }),
+  tuneModel() {},
+  actions: {
+    tuneAndRedirect: function() {
+      debugger; // eslint-disable-line
+      return this.tuneModel(this.model)
+        .then(() => {
+          this.flashMessages.success('The configuration options were saved successfully.');
+        })
+        .catch(err => {
+          // AdapterErrors are handled by the error-message component
+          // in the form
+          if (err instanceof DS.AdapterError === false) {
+            throw err;
+          }
+          return;
+        });
+    },
+  },
 });
diff --git a/ui/app/controllers/vault/cluster/settings/auth/configure/section.js b/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
index c6da41165566..dd7d7f4beb5e 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
@@ -12,7 +12,19 @@ export default Controller.extend({
           return transition.followRedirects();
         })
         .catch(err => {
-          debugger; // eslint-disable-line
+          throw err;
+        });
+    },
+    tuneModel: function(model) {
+      let data = model.config.serialize();
+      data.description = model.description;
+      return model
+        .tune(data)
+        .then(() => {
+          let transition = this.transitionToRoute('vault.cluster.access.methods');
+          return transition.followRedirects();
+        })
+        .catch(err => {
           throw err;
         });
     },
diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs
index 3c7cc9b0bb84..9ec153f5374d 100644
--- a/ui/app/templates/components/auth-config-form/options.hbs
+++ b/ui/app/templates/components/auth-config-form/options.hbs
@@ -1,4 +1,4 @@
-<form {{action (perform saveModel) on="submit"}}>
+<form {{action "tuneAndRedirect" on="submit"}}>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="save" @noun="auth method" />
     {{message-error model=model}}
@@ -7,8 +7,13 @@
     {{/each}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
-    <button type="submit" data-test-save-config=true class="button is-primary {{if saveModel.isRunning 'loading'}}" disabled={{saveModel.isRunning}}>
+    <button
+      type="submit"
+      data-test-save-config="true"
+      class="button is-primary {{if saveModel.isRunning "loading"}}"
+      disabled={{saveModel.isRunning}}
+    >
       Update Options
     </button>
   </div>
-</form>
+</form>
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
index 9efd3cb0fac0..b0bd733e15b3 100644
--- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
@@ -1,5 +1,5 @@
 {{#if (eq model.section "options")}}
-  {{auth-config-form/options model.model}}
+  {{auth-config-form/options model.model tuneModel=(action "tuneModel")}}
 {{else}}
   {{auth-config-form/config model.model saveModel=(action "saveModel")}}
 {{/if}}
\ No newline at end of file

From b0a153e17faa7c27d1c2123a3367ebc6c9647a3f Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 7 Feb 2019 17:15:44 -0500
Subject: [PATCH 56/84] move redirect functonality back into components instead
 of the controllers

---
 ui/app/components/auth-config-form/config.js  | 34 ++++++++--------
 ui/app/components/auth-config-form/options.js | 39 ++++++++++---------
 .../settings/auth/configure/section.js        | 32 ---------------
 .../settings/auth/configure/section.js        | 16 --------
 ui/app/services/wizard.js                     |  1 +
 .../components/auth-config-form/config.hbs    |  2 +-
 .../components/auth-config-form/options.hbs   |  2 +-
 .../settings/auth/configure/section.hbs       |  4 +-
 8 files changed, 44 insertions(+), 86 deletions(-)
 delete mode 100644 ui/app/controllers/vault/cluster/settings/auth/configure/section.js

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 2366aeccdec2..2f79700a7f63 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -1,5 +1,6 @@
 import { inject as service } from '@ember/service';
 import Component from '@ember/component';
+import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 const AuthConfigBase = Component.extend({
@@ -7,22 +8,23 @@ const AuthConfigBase = Component.extend({
   model: null,
 
   flashMessages: service(),
-  wizard: service(),
-  saveModel() {},
-  actions: {
-    saveAndRedirect: function() {
-      return this.saveModel(this.model)
-        .then(() => {
-          this.flashMessages.success('The configuration was saved successfully.');
-        })
-        .catch(err => {
-          if (err instanceof DS.AdapterError === false) {
-            throw err;
-          }
-          return;
-        });
-    },
-  },
+  router: service(),
+  saveModel: task(function*() {
+    yield this.model
+      .save()
+      .then(() => {
+        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+        this.flashMessages.success('The configuration was saved successfully.');
+      })
+      .catch(err => {
+        // AdapterErrors are handled by the error-message component
+        // in the form
+        if (err instanceof DS.AdapterError === false) {
+          throw err;
+        }
+        return;
+      });
+  }),
 });
 
 AuthConfigBase.reopenClass({
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index 6f72d79af7ca..4512ca690c32 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -1,23 +1,26 @@
 import AuthConfigComponent from './config';
+import { inject as service } from '@ember/service';
+import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 export default AuthConfigComponent.extend({
-  tuneModel() {},
-  actions: {
-    tuneAndRedirect: function() {
-      debugger; // eslint-disable-line
-      return this.tuneModel(this.model)
-        .then(() => {
-          this.flashMessages.success('The configuration options were saved successfully.');
-        })
-        .catch(err => {
-          // AdapterErrors are handled by the error-message component
-          // in the form
-          if (err instanceof DS.AdapterError === false) {
-            throw err;
-          }
-          return;
-        });
-    },
-  },
+  router: service(),
+  saveModel: task(function*() {
+    let data = this.model.config.serialize();
+    data.description = this.model.description;
+    yield this.model
+      .tune(data)
+      .then(() => {
+        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+        this.flashMessages.success('The configuration was saved successfully.');
+      })
+      .catch(err => {
+        // AdapterErrors are handled by the error-message component
+        // in the form
+        if (err instanceof DS.AdapterError === false) {
+          throw err;
+        }
+        return;
+      });
+  }),
 });
diff --git a/ui/app/controllers/vault/cluster/settings/auth/configure/section.js b/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
deleted file mode 100644
index dd7d7f4beb5e..000000000000
--- a/ui/app/controllers/vault/cluster/settings/auth/configure/section.js
+++ /dev/null
@@ -1,32 +0,0 @@
-import Controller from '@ember/controller';
-import { inject as service } from '@ember/service';
-
-export default Controller.extend({
-  wizard: service(),
-  actions: {
-    saveModel: function(model) {
-      return model
-        .save()
-        .then(() => {
-          let transition = this.transitionToRoute('vault.cluster.access.methods');
-          return transition.followRedirects();
-        })
-        .catch(err => {
-          throw err;
-        });
-    },
-    tuneModel: function(model) {
-      let data = model.config.serialize();
-      data.description = model.description;
-      return model
-        .tune(data)
-        .then(() => {
-          let transition = this.transitionToRoute('vault.cluster.access.methods');
-          return transition.followRedirects();
-        })
-        .catch(err => {
-          throw err;
-        });
-    },
-  },
-});
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 86df4e9e48eb..8a8bd3926f04 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -8,7 +8,6 @@ import { getOwner } from '@ember/application';
 
 export default Route.extend(UnloadModelRoute, {
   modelPath: 'model.model',
-  wizard: service(),
   pathHelp: service('path-help'),
 
   modelType(backendType, section) {
@@ -44,11 +43,6 @@ export default Route.extend(UnloadModelRoute, {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const { section_name: section } = params;
     if (section === 'options') {
-      this.get('wizard').transitionFeatureMachine(
-        this.get('wizard.featureState'),
-        'EDIT',
-        backend.get('type')
-      );
       return RSVP.hash({
         model: backend,
         section,
@@ -62,11 +56,6 @@ export default Route.extend(UnloadModelRoute, {
     }
     const model = this.store.peekRecord(modelType, backend.id);
     if (model) {
-      this.get('wizard').transitionFeatureMachine(
-        this.get('wizard.featureState'),
-        'EDIT',
-        backend.get('type')
-      );
       return RSVP.hash({
         model,
         section,
@@ -75,11 +64,6 @@ export default Route.extend(UnloadModelRoute, {
     return this.store
       .findRecord(modelType, backend.id)
       .then(config => {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'EDIT',
-          backend.get('type')
-        );
         config.set('backend', backend);
         return RSVP.hash({
           model: config,
diff --git a/ui/app/services/wizard.js b/ui/app/services/wizard.js
index 56e96ceefe7d..4eeaeadd7c9c 100644
--- a/ui/app/services/wizard.js
+++ b/ui/app/services/wizard.js
@@ -232,6 +232,7 @@ export default Service.extend(DEFAULTS, {
     // else we want the URL we land on in didTransition in the
     // application route - we'll notify the application route to
     // update the route
+    debugger; // eslint-disable-line
     if (transitionURL) {
       this.set('expectedURL', transitionURL);
       this.set('expectedRouteName', expectedRouteName);
diff --git a/ui/app/templates/components/auth-config-form/config.hbs b/ui/app/templates/components/auth-config-form/config.hbs
index e1ec11b745ac..4f9d55fd6079 100644
--- a/ui/app/templates/components/auth-config-form/config.hbs
+++ b/ui/app/templates/components/auth-config-form/config.hbs
@@ -1,4 +1,4 @@
-<form {{action "saveAndRedirect" on="submit"}}>
+<form {{action (perform saveModel) on="submit"}}>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="save" @noun="auth method" />
     {{message-error model=model}}
diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs
index 9ec153f5374d..b7630d2856e3 100644
--- a/ui/app/templates/components/auth-config-form/options.hbs
+++ b/ui/app/templates/components/auth-config-form/options.hbs
@@ -1,4 +1,4 @@
-<form {{action "tuneAndRedirect" on="submit"}}>
+<form {{action (perform saveModel) on="submit"}}>
   <div class="box is-sideless is-fullwidth is-marginless">
     <NamespaceReminder @mode="save" @noun="auth method" />
     {{message-error model=model}}
diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
index b0bd733e15b3..d26541cbbb5d 100644
--- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
@@ -1,5 +1,5 @@
 {{#if (eq model.section "options")}}
-  {{auth-config-form/options model.model tuneModel=(action "tuneModel")}}
+  {{auth-config-form/options model.model}}
 {{else}}
-  {{auth-config-form/config model.model saveModel=(action "saveModel")}}
+  {{auth-config-form/config model.model}}
 {{/if}}
\ No newline at end of file

From 1ed2ac7a34d4e042a55f6ac841b6c589e3b1e262 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 7 Feb 2019 18:11:00 -0500
Subject: [PATCH 57/84] transition wizard when saving config

---
 ui/app/components/auth-config-form/config.js  |  4 ++
 ui/app/components/auth-config-form/options.js |  4 ++
 .../settings/auth/configure/section.js        |  2 +-
 ui/app/services/wizard.js                     |  1 -
 .../auth-config-form/options-test.js          | 16 ++++++
 .../integration/components/auth-form-test.js  |  3 -
 .../components/mount-backend-form-test.js     | 55 -------------------
 7 files changed, 25 insertions(+), 60 deletions(-)

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 2f79700a7f63..abc105dbe7b5 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -9,10 +9,14 @@ const AuthConfigBase = Component.extend({
 
   flashMessages: service(),
   router: service(),
+  wizard: service(),
   saveModel: task(function*() {
     yield this.model
       .save()
       .then(() => {
+        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+        }
         this.router.transitionTo('vault.cluster.access.methods').followRedirects();
         this.flashMessages.success('The configuration was saved successfully.');
       })
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index 4512ca690c32..c63d3a6940bb 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -5,12 +5,16 @@ import DS from 'ember-data';
 
 export default AuthConfigComponent.extend({
   router: service(),
+  wizard: service(),
   saveModel: task(function*() {
     let data = this.model.config.serialize();
     data.description = this.model.description;
     yield this.model
       .tune(data)
       .then(() => {
+        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+        }
         this.router.transitionTo('vault.cluster.access.methods').followRedirects();
         this.flashMessages.success('The configuration was saved successfully.');
       })
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 8a8bd3926f04..ad8ee6ef69fd 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -89,7 +89,7 @@ export default Route.extend(UnloadModelRoute, {
   },
 
   actions: {
-    willTransition() {
+    willTransition(transition) {
       if (this.currentModel.model.constructor.modelName !== 'auth-method') {
         this.unloadModel();
         return true;
diff --git a/ui/app/services/wizard.js b/ui/app/services/wizard.js
index 4eeaeadd7c9c..56e96ceefe7d 100644
--- a/ui/app/services/wizard.js
+++ b/ui/app/services/wizard.js
@@ -232,7 +232,6 @@ export default Service.extend(DEFAULTS, {
     // else we want the URL we land on in didTransition in the
     // application route - we'll notify the application route to
     // update the route
-    debugger; // eslint-disable-line
     if (transitionURL) {
       this.set('expectedURL', transitionURL);
       this.set('expectedRouteName', expectedRouteName);
diff --git a/ui/tests/integration/components/auth-config-form/options-test.js b/ui/tests/integration/components/auth-config-form/options-test.js
index 77459e98f4ff..f2200c14e82d 100644
--- a/ui/tests/integration/components/auth-config-form/options-test.js
+++ b/ui/tests/integration/components/auth-config-form/options-test.js
@@ -5,17 +5,33 @@ import { setupRenderingTest } from 'ember-qunit';
 import { render, settled } from '@ember/test-helpers';
 import hbs from 'htmlbars-inline-precompile';
 import sinon from 'sinon';
+import Service from '@ember/service';
 
 import { create } from 'ember-cli-page-object';
 import authConfigForm from 'vault/tests/pages/components/auth-config-form/options';
 
 const component = create(authConfigForm);
+const routerService = Service.extend({
+  transitionTo() {
+    return {
+      followRedirects() {
+        return resolve();
+      },
+    };
+  },
+  replaceWith() {
+    return resolve();
+  },
+});
 
 module('Integration | Component | auth-config-form options', function(hooks) {
   setupRenderingTest(hooks);
 
   hooks.beforeEach(function() {
     this.owner.lookup('service:flash-messages').registerTypes(['success']);
+    this.owner.register('service:router', routerService);
+    this.router = this.owner.lookup('service:router');
+
     component.setContext(this);
   });
 
diff --git a/ui/tests/integration/components/auth-form-test.js b/ui/tests/integration/components/auth-form-test.js
index 5515026bffd0..37d920e828e2 100644
--- a/ui/tests/integration/components/auth-form-test.js
+++ b/ui/tests/integration/components/auth-form-test.js
@@ -38,9 +38,6 @@ const routerService = Service.extend({
       },
     };
   },
-  replaceWith() {
-    return resolve();
-  },
 });
 
 module('Integration | Component | auth form', function(hooks) {
diff --git a/ui/tests/integration/components/mount-backend-form-test.js b/ui/tests/integration/components/mount-backend-form-test.js
index c717a2f512c1..a01798b3a96c 100644
--- a/ui/tests/integration/components/mount-backend-form-test.js
+++ b/ui/tests/integration/components/mount-backend-form-test.js
@@ -71,59 +71,4 @@ module('Integration | Component | mount backend form', function(hooks) {
     assert.ok(enableRequest, 'it calls enable on an auth method');
     assert.ok(spy.calledOnce, 'calls the passed success method');
   });
-
-  test('it calls the correct jwt config', async function(assert) {
-    this.server.post('/v1/sys/auth/jwt', () => {
-      return [204, { 'Content-Type': 'application/json' }];
-    });
-
-    this.server.post('/v1/auth/jwt/config', () => {
-      return [
-        400,
-        { 'Content-Type': 'application/json' },
-        JSON.stringify({ errors: ['there was an error'] }),
-      ];
-    });
-    await render(hbs`<MountBackendForm />`);
-
-    await component.selectType('jwt');
-    await component.next();
-    await component.fillIn('oidcDiscoveryUrl', 'host');
-    component.submit();
-
-    later(() => run.cancelTimers(), 50);
-    await settled();
-    let configRequest = this.server.handledRequests.findBy('url', '/v1/auth/jwt/config');
-    assert.ok(configRequest, 'it calls the config url');
-  });
-
-  test('it calls mount config error', async function(assert) {
-    this.server.post('/v1/sys/auth/bar', () => {
-      return [204, { 'Content-Type': 'application/json' }];
-    });
-    this.server.post('/v1/auth/bar/config', () => {
-      return [
-        400,
-        { 'Content-Type': 'application/json' },
-        JSON.stringify({ errors: ['there was an error'] }),
-      ];
-    });
-    const spy = sinon.spy();
-    const spy2 = sinon.spy();
-    this.set('onMountSuccess', spy);
-    this.set('onConfigError', spy2);
-    await render(hbs`{{mount-backend-form onMountSuccess=onMountSuccess onConfigError=onConfigError}}`);
-
-    await component.selectType('kubernetes');
-    await component.next().path('bar');
-    // kubernetes requires a host + a cert / pem, so only filling the host will error
-    await component.fillIn('kubernetesHost', 'host');
-    component.submit();
-    later(() => run.cancelTimers(), 50);
-    await settled();
-    let enableRequest = this.server.handledRequests.findBy('url', '/v1/sys/auth/bar');
-    assert.ok(enableRequest, 'it calls enable on an auth method');
-    assert.equal(spy.callCount, 0, 'does not call the success method');
-    assert.ok(spy2.calledOnce, 'calls the passed error method');
-  });
 });

From e7ae6a3dd263028d2005e5997f72af92ed773e4b Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 7 Feb 2019 14:54:11 -0800
Subject: [PATCH 58/84] fix ssh list route

---
 .../cluster/secrets/backend/credentials.js    |  7 +++-
 .../vault/cluster/secrets/backend/list.js     | 37 +++++++++++--------
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 5dc93351a8f0..1e11395aba05 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -13,7 +13,10 @@ export default Route.extend({
     return this.modelFor('vault.cluster.secrets.backend');
   },
 
-  modelType(action) {
+  modelType(action, backend) {
+    if (backend === 'ssh') {
+      return 'ssh-otp-credential';
+    }
     let types = {
       sign: 'pki-certificate-sign',
       issue: 'pki-certificate',
@@ -25,7 +28,7 @@ export default Route.extend({
   beforeModel() {
     const { action } = this.paramsFor(this.routeName);
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
-    let modelType = this.modelType(action);
+    let modelType = this.modelType(action, backend);
     let owner = getOwner(this);
     return this.pathHelp.getNewModel(modelType, backend, owner);
   },
diff --git a/ui/app/routes/vault/cluster/secrets/backend/list.js b/ui/app/routes/vault/cluster/secrets/backend/list.js
index 3f1a876fd368..899992d765ee 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/list.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/list.js
@@ -1,7 +1,9 @@
 import { set } from '@ember/object';
 import { hash, all } from 'rsvp';
 import Route from '@ember/routing/route';
+import { getOwner } from '@ember/application';
 import { supportedSecretBackends } from 'vault/helpers/supported-secret-backends';
+import { inject as service } from '@ember/service';
 
 const SUPPORTED_BACKENDS = supportedSecretBackends();
 
@@ -19,24 +21,29 @@ export default Route.extend({
   },
 
   templateName: 'vault/cluster/secrets/backend/list',
+  pathHelp: service('path-help'),
 
   beforeModel() {
-    let { backend } = this.paramsFor('vault.cluster.secrets.backend');
-    let { secret } = this.paramsFor(this.routeName);
-    let backendModel = this.store.peekRecord('secret-engine', backend);
-    let type = backendModel && backendModel.get('engineType');
-    if (!type || !SUPPORTED_BACKENDS.includes(type)) {
-      return this.transitionTo('vault.cluster.secrets');
-    }
-    if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
-      return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
-    }
-    this.store.unloadAll('capabilities');
+    let owner = getOwner(this);
+    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.getModelType(backend, tab);
+    return this.pathHelp.getNewModel(modelType, backend, owner).then(() => {
+      let { secret } = this.paramsFor(this.routeName);
+      let secretEngine = this.store.peekRecord('secret-engine', backend);
+      let type = secretEngine && secretEngine.get('engineType');
+      if (!type || !SUPPORTED_BACKENDS.includes(type)) {
+        return this.transitionTo('vault.cluster.secrets');
+      }
+      if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
+        return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
+      }
+      this.store.unloadAll('capabilities');
+    });
   },
 
   getModelType(backend, tab) {
-    let backendModel = this.store.peekRecord('secret-engine', backend);
-    let type = backendModel.get('engineType');
+    let secretEngine = this.store.peekRecord('secret-engine', backend);
+    let type = secretEngine.get('engineType');
     let types = {
       transit: 'transit-key',
       ssh: 'role-ssh',
@@ -44,8 +51,8 @@ export default Route.extend({
       pki: tab === 'certs' ? 'pki-certificate' : 'role-pki',
       // secret or secret-v2
       cubbyhole: 'secret',
-      kv: backendModel.get('modelTypeForKV'),
-      generic: backendModel.get('modelTypeForKV'),
+      kv: secretEngine.get('modelTypeForKV'),
+      generic: secretEngine.get('modelTypeForKV'),
     };
     return types[type];
   },

From 8c857058772c4b95728f33b474e02ac24e5495a5 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 7 Feb 2019 18:31:05 -0500
Subject: [PATCH 59/84] fix unit tests

---
 ui/tests/unit/machines/auth-machine-test.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ui/tests/unit/machines/auth-machine-test.js b/ui/tests/unit/machines/auth-machine-test.js
index 90b179a03110..d430f78192a2 100644
--- a/ui/tests/unit/machines/auth-machine-test.js
+++ b/ui/tests/unit/machines/auth-machine-test.js
@@ -23,16 +23,16 @@ module('Unit | Machine | auth-machine', function() {
       event: 'CONTINUE',
       params: null,
       expectedResults: {
-        value: 'list',
+        value: 'config',
         actions: [
-          { component: 'wizard/auth-list', level: 'step', type: 'render' },
-          { component: 'wizard/mounts-wizard', level: 'feature', type: 'render' },
+          { type: 'render', level: 'feature', component: 'wizard/mounts-wizard' },
+          { type: 'render', level: 'step', component: 'wizard/auth-config' },
         ],
       },
     },
     {
-      currentState: 'list',
-      event: 'DETAILS',
+      currentState: 'config',
+      event: 'CONTINUE',
       expectedResults: {
         value: 'details',
         actions: [

From 254237f87829d3ae2475c9cb2c6a5b0b48fe4571 Mon Sep 17 00:00:00 2001
From: Noelle Daley <adriannenoelle@gmail.com>
Date: Thu, 7 Feb 2019 17:10:12 -0800
Subject: [PATCH 60/84] fix broken auth section test

---
 ui/tests/acceptance/settings/auth/configure/section-test.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/tests/acceptance/settings/auth/configure/section-test.js b/ui/tests/acceptance/settings/auth/configure/section-test.js
index 0216a21b561f..8ad25718f662 100644
--- a/ui/tests/acceptance/settings/auth/configure/section-test.js
+++ b/ui/tests/acceptance/settings/auth/configure/section-test.js
@@ -33,7 +33,7 @@ module('Acceptance | settings/auth/configure/section', function(hooks) {
     await withFlash(page.save(), () => {
       assert.equal(
         page.flash.latestMessage,
-        `The configuration options were saved successfully.`,
+        `The configuration was saved successfully.`,
         'success flash shows'
       );
     });

From f049bc27de3db149dae05e6b68dc3a665c2684e9 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Fri, 8 Feb 2019 17:44:00 -0500
Subject: [PATCH 61/84] get ssh working

---
 ui/app/models/pki-certificate.js              | 50 ++++++++++++++++---
 ui/app/models/ssh-sign.js                     |  5 +-
 .../cluster/secrets/backend/credentials.js    | 18 ++-----
 .../vault/cluster/secrets/backend/list.js     | 31 ++++++------
 4 files changed, 67 insertions(+), 37 deletions(-)

diff --git a/ui/app/models/pki-certificate.js b/ui/app/models/pki-certificate.js
index 76d78c9de8f9..5bcd2dc94467 100644
--- a/ui/app/models/pki-certificate.js
+++ b/ui/app/models/pki-certificate.js
@@ -3,7 +3,6 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
 import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
-import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
@@ -13,7 +12,6 @@ export default DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
-  useOpenAPI: true,
   //the id prefixed with `cert/` so we can use it as the *secret param for the secret show route
   idForNav: attr('string', {
     readOnly: true,
@@ -32,23 +30,61 @@ export default DS.Model.extend({
   role: attr('object', {
     readOnly: true,
   }),
+
+  revocationTime: attr('number'),
+  commonName: attr('string', {
+    label: 'Common Name',
+  }),
+
+  altNames: attr('string', {
+    label: 'DNS/Email Subject Alternative Names (SANs)',
+  }),
+
+  ipSans: attr('string', {
+    label: 'IP Subject Alternative Names (SANs)',
+  }),
   otherSans: attr({
+    editType: 'stringArray',
+    label: 'Other SANs',
     helpText:
       'The format is the same as OpenSSL: <oid>;<type>:<value> where the only current valid type is UTF8',
   }),
 
+  ttl: attr({
+    label: 'TTL',
+    editType: 'ttl',
+  }),
+
+  format: attr('string', {
+    defaultValue: 'pem',
+    possibleValues: ['pem', 'der', 'pem_bundle'],
+  }),
+
+  excludeCnFromSans: attr('boolean', {
+    label: 'Exclude Common Name from Subject Alternative Names (SANs)',
+    defaultValue: false,
+  }),
+
+  certificate: attr('string'),
+  issuingCa: attr('string', {
+    label: 'Issuing CA',
+  }),
+  caChain: attr('string', {
+    label: 'CA chain',
+  }),
+  privateKey: attr('string'),
+  privateKeyType: attr('string'),
+  serialNumber: attr('string'),
+
   fieldsToAttrs(fieldGroups) {
     return fieldToAttrs(this, fieldGroups);
   },
 
-  fieldDefinition: computed('newFields', function() {
-    let groups = [
+  fieldDefinition: computed(function() {
+    const groups = [
       { default: ['commonName', 'format'] },
       { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] },
     ];
-    if (this.newFields) {
-      groups = combineFieldGroups(groups, this.newFields, []);
-    }
     return groups;
   }),
 
diff --git a/ui/app/models/ssh-sign.js b/ui/app/models/ssh-sign.js
index 6368b9109330..8d8cb76a86ce 100644
--- a/ui/app/models/ssh-sign.js
+++ b/ui/app/models/ssh-sign.js
@@ -18,7 +18,10 @@ export default DS.Model.extend({
   role: attr('object', {
     readOnly: true,
   }),
-  publicKey: attr('string'),
+  publicKey: attr('string', {
+    label: 'Public Key',
+    editType: 'textarea',
+  }),
   ttl: attr({
     label: 'TTL',
     editType: 'ttl',
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 1e11395aba05..958f0cb9ccb3 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -13,22 +13,12 @@ export default Route.extend({
     return this.modelFor('vault.cluster.secrets.backend');
   },
 
-  modelType(action, backend) {
-    if (backend === 'ssh') {
-      return 'ssh-otp-credential';
-    }
-    let types = {
-      sign: 'pki-certificate-sign',
-      issue: 'pki-certificate',
-      signVerbatim: 'pki-certificate',
-    };
-    return types[action];
-  },
-
   beforeModel() {
-    const { action } = this.paramsFor(this.routeName);
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
-    let modelType = this.modelType(action, backend);
+    if (backend != 'ssh') {
+      return;
+    }
+    let modelType = 'ssh-otp-credential';
     let owner = getOwner(this);
     return this.pathHelp.getNewModel(modelType, backend, owner);
   },
diff --git a/ui/app/routes/vault/cluster/secrets/backend/list.js b/ui/app/routes/vault/cluster/secrets/backend/list.js
index 899992d765ee..8869fb30b75c 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/list.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/list.js
@@ -25,25 +25,26 @@ export default Route.extend({
 
   beforeModel() {
     let owner = getOwner(this);
-    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
-    let modelType = this.getModelType(backend, tab);
+    let { secret } = this.paramsFor(this.routeName);
+    let { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let secretEngine = this.store.peekRecord('secret-engine', backend);
+    let type = secretEngine && secretEngine.engineType;
+    if (!type || !SUPPORTED_BACKENDS.includes(type)) {
+      return this.transitionTo('vault.cluster.secrets');
+    }
+    if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
+      return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
+    }
+    let modelType = this.getModelType();
     return this.pathHelp.getNewModel(modelType, backend, owner).then(() => {
-      let { secret } = this.paramsFor(this.routeName);
-      let secretEngine = this.store.peekRecord('secret-engine', backend);
-      let type = secretEngine && secretEngine.get('engineType');
-      if (!type || !SUPPORTED_BACKENDS.includes(type)) {
-        return this.transitionTo('vault.cluster.secrets');
-      }
-      if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
-        return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
-      }
       this.store.unloadAll('capabilities');
     });
   },
 
-  getModelType(backend, tab) {
+  getModelType() {
+    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
     let secretEngine = this.store.peekRecord('secret-engine', backend);
-    let type = secretEngine.get('engineType');
+    let type = secretEngine && secretEngine.engineType;
     let types = {
       transit: 'transit-key',
       ssh: 'role-ssh',
@@ -51,8 +52,8 @@ export default Route.extend({
       pki: tab === 'certs' ? 'pki-certificate' : 'role-pki',
       // secret or secret-v2
       cubbyhole: 'secret',
-      kv: secretEngine.get('modelTypeForKV'),
-      generic: secretEngine.get('modelTypeForKV'),
+      kv: secretEngine.modelTypeForKV,
+      generic: secretEngine.modelTypeForKV,
     };
     return types[type];
   },

From 5e3f6b8b7015298483592fc798f9806dfdfd26f3 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Fri, 8 Feb 2019 17:59:40 -0500
Subject: [PATCH 62/84] actually make ssh tests pass

---
 .../routes/vault/cluster/secrets/backend/list.js  | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/ui/app/routes/vault/cluster/secrets/backend/list.js b/ui/app/routes/vault/cluster/secrets/backend/list.js
index 8869fb30b75c..ea247b7e731d 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/list.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/list.js
@@ -26,25 +26,24 @@ export default Route.extend({
   beforeModel() {
     let owner = getOwner(this);
     let { secret } = this.paramsFor(this.routeName);
-    let { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
     let secretEngine = this.store.peekRecord('secret-engine', backend);
-    let type = secretEngine && secretEngine.engineType;
+    let type = secretEngine && secretEngine.get('engineType');
     if (!type || !SUPPORTED_BACKENDS.includes(type)) {
       return this.transitionTo('vault.cluster.secrets');
     }
     if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
       return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
     }
-    let modelType = this.getModelType();
+    let modelType = this.getModelType(backend, tab);
     return this.pathHelp.getNewModel(modelType, backend, owner).then(() => {
       this.store.unloadAll('capabilities');
     });
   },
 
-  getModelType() {
-    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
+  getModelType(backend, tab) {
     let secretEngine = this.store.peekRecord('secret-engine', backend);
-    let type = secretEngine && secretEngine.engineType;
+    let type = secretEngine.get('engineType');
     let types = {
       transit: 'transit-key',
       ssh: 'role-ssh',
@@ -52,8 +51,8 @@ export default Route.extend({
       pki: tab === 'certs' ? 'pki-certificate' : 'role-pki',
       // secret or secret-v2
       cubbyhole: 'secret',
-      kv: secretEngine.modelTypeForKV,
-      generic: secretEngine.modelTypeForKV,
+      kv: secretEngine.get('modelTypeForKV'),
+      generic: secretEngine.get('modelTypeForKV'),
     };
     return types[type];
   },

From 452cf89d117316e88cf6e982d06a94bc6741606a Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 11 Feb 2019 11:17:57 -0500
Subject: [PATCH 63/84] fix eslint error for unused variable

---
 ui/app/routes/vault/cluster/settings/auth/configure/section.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index ad8ee6ef69fd..8a8bd3926f04 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -89,7 +89,7 @@ export default Route.extend(UnloadModelRoute, {
   },
 
   actions: {
-    willTransition(transition) {
+    willTransition() {
       if (this.currentModel.model.constructor.modelName !== 'auth-method') {
         this.unloadModel();
         return true;

From 07b7ad98cbfcd76adec8887c1fa0952df74689c2 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 11 Feb 2019 14:14:08 -0500
Subject: [PATCH 64/84] pull just frontend commits from openapi-models

---
 ui/app/adapters/auth-config/azure.js          |   7 +-
 ui/app/adapters/auth-config/gcp.js            |   7 +-
 ui/app/adapters/auth-config/github.js         |   7 +-
 ui/app/adapters/auth-config/kubernetes.js     |   7 +-
 ui/app/adapters/auth-config/ldap.js           |   7 +-
 ui/app/adapters/auth-config/okta.js           |   7 +-
 ui/app/adapters/auth-config/radius.js         |   7 +-
 ui/app/adapters/pki-certificate-sign.js       |   4 +
 ui/app/adapters/pki-certificate.js            |   5 +
 ui/app/adapters/secret-engine.js              |  14 ++-
 ui/app/adapters/secret.js                     |   4 +
 ui/app/components/auth-config-form/config.js  |  31 +++--
 ui/app/components/auth-config-form/options.js |  36 +++---
 ui/app/components/mount-backend-form.js       |  30 +----
 .../vault/cluster/settings/auth/enable.js     |  10 +-
 ui/app/machines/auth-machine.js               |   8 +-
 ui/app/models/auth-config.js                  |   2 +-
 ui/app/models/auth-config/azure.js            |   9 +-
 ui/app/models/auth-config/gcp.js              |   9 +-
 ui/app/models/auth-config/github.js           |   8 +-
 ui/app/models/auth-config/kubernetes.js       |   8 +-
 ui/app/models/auth-config/ldap.js             |  56 +--------
 ui/app/models/auth-config/okta.js             |   9 +-
 ui/app/models/auth-config/radius.js           |   8 +-
 ui/app/models/pki-certificate-sign.js         |   9 +-
 ui/app/models/role-aws.js                     |  13 ++-
 ui/app/models/role-pki.js                     | 108 ++----------------
 ui/app/models/role-ssh.js                     |  19 +--
 ui/app/models/ssh-sign.js                     |   5 +-
 .../routes/vault/cluster/secrets/backend.js   |   1 +
 .../cluster/secrets/backend/credentials.js    |  13 +++
 .../vault/cluster/secrets/backend/list.js     |  23 ++--
 .../cluster/secrets/backend/secret-edit.js    |  31 +++--
 .../vault/cluster/secrets/backend/sign.js     |   4 +
 .../settings/auth/configure/section.js        |  31 +++--
 ui/app/services/path-help.js                  |  89 +++++++++++++++
 .../components/auth-config-form/config.hbs    |   9 +-
 .../components/auth-config-form/options.hbs   |   9 +-
 ui/app/templates/components/form-field.hbs    |  22 +++-
 ui/app/templates/components/string-list.hbs   |  32 ++++--
 .../components/wizard/auth-config.hbs         |  10 ++
 .../components/wizard/auth-enable.hbs         |   6 +-
 .../partials/form-field-from-model.hbs        |  97 ++++++++++------
 .../settings/auth/configure/section.hbs       |   4 +-
 .../vault/cluster/settings/auth/enable.hbs    |   2 +-
 ui/app/transforms/integer.js                  |  22 ++++
 ui/app/utils/openapi-to-attrs.js              |  84 ++++++++++++++
 .../secrets/backend/pki/cert-test.js          |   1 +
 .../settings/auth/configure/section-test.js   |   2 +-
 .../acceptance/settings/auth/enable-test.js   |   6 +-
 .../auth-config-form/options-test.js          |  16 +++
 .../integration/components/auth-form-test.js  |   3 -
 .../components/mount-backend-form-test.js     |  55 ---------
 .../pages/secrets/backend/pki/edit-role.js    |   2 +-
 .../secrets/backend/pki/generate-cert.js      |   1 +
 ui/tests/unit/machines/auth-machine-test.js   |  10 +-
 56 files changed, 622 insertions(+), 417 deletions(-)
 create mode 100644 ui/app/services/path-help.js
 create mode 100644 ui/app/templates/components/wizard/auth-config.hbs
 create mode 100644 ui/app/transforms/integer.js
 create mode 100644 ui/app/utils/openapi-to-attrs.js

diff --git a/ui/app/adapters/auth-config/azure.js b/ui/app/adapters/auth-config/azure.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/azure.js
+++ b/ui/app/adapters/auth-config/azure.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/gcp.js b/ui/app/adapters/auth-config/gcp.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/gcp.js
+++ b/ui/app/adapters/auth-config/gcp.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/github.js b/ui/app/adapters/auth-config/github.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/github.js
+++ b/ui/app/adapters/auth-config/github.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/kubernetes.js b/ui/app/adapters/auth-config/kubernetes.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/kubernetes.js
+++ b/ui/app/adapters/auth-config/kubernetes.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/ldap.js b/ui/app/adapters/auth-config/ldap.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/ldap.js
+++ b/ui/app/adapters/auth-config/ldap.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/okta.js b/ui/app/adapters/auth-config/okta.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/okta.js
+++ b/ui/app/adapters/auth-config/okta.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/auth-config/radius.js b/ui/app/adapters/auth-config/radius.js
index 21f5624ac4d0..67b726f2cb1e 100644
--- a/ui/app/adapters/auth-config/radius.js
+++ b/ui/app/adapters/auth-config/radius.js
@@ -1,2 +1,7 @@
 import AuthConfig from './_base';
-export default AuthConfig.extend();
+
+export default AuthConfig.extend({
+  pathForType() {
+    return 'config';
+  },
+});
diff --git a/ui/app/adapters/pki-certificate-sign.js b/ui/app/adapters/pki-certificate-sign.js
index eb5ca26157a4..1acdbfb8192b 100644
--- a/ui/app/adapters/pki-certificate-sign.js
+++ b/ui/app/adapters/pki-certificate-sign.js
@@ -7,4 +7,8 @@ export default Adapter.extend({
     }
     return `/v1/${role.backend}/sign/${role.name}`;
   },
+
+  pathForType() {
+    return 'sign';
+  },
 });
diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index 942d2610b106..7e62f934313a 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -14,6 +14,11 @@ export default Adapter.extend({
     return url;
   },
 
+  pathForType() {
+    debugger; //eslint-disable-line
+    return 'issue';
+  },
+
   optionsForQuery(id) {
     let data = {};
     if (!id) {
diff --git a/ui/app/adapters/secret-engine.js b/ui/app/adapters/secret-engine.js
index 56481655368c..42b998f26905 100644
--- a/ui/app/adapters/secret-engine.js
+++ b/ui/app/adapters/secret-engine.js
@@ -7,16 +7,20 @@ export default ApplicationAdapter.extend({
     return path ? url + '/' + path : url;
   },
 
+  internalURL(path) {
+    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
+    if (path) {
+      url = `${url}/${path}`;
+    }
+    return url;
+  },
+
   pathForType() {
     return 'mounts';
   },
 
   query(store, type, query) {
-    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
-    if (query.path) {
-      url = `${url}/${query.path}`;
-    }
-    return this.ajax(url, 'GET');
+    return this.ajax(this.internalURL(query.path), 'GET');
   },
 
   createRecord(store, type, snapshot) {
diff --git a/ui/app/adapters/secret.js b/ui/app/adapters/secret.js
index d282d08e89d0..59c39a0387ea 100644
--- a/ui/app/adapters/secret.js
+++ b/ui/app/adapters/secret.js
@@ -34,6 +34,10 @@ export default ApplicationAdapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'mounts';
+  },
+
   optionsForQuery(id, action, wrapTTL) {
     let data = {};
     if (action === 'query') {
diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 31fd4ac0b258..abc105dbe7b5 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -8,19 +8,26 @@ const AuthConfigBase = Component.extend({
   model: null,
 
   flashMessages: service(),
-
+  router: service(),
+  wizard: service(),
   saveModel: task(function*() {
-    try {
-      yield this.get('model').save();
-    } catch (err) {
-      // AdapterErrors are handled by the error-message component
-      // in the form
-      if (err instanceof DS.AdapterError === false) {
-        throw err;
-      }
-      return;
-    }
-    this.get('flashMessages').success('The configuration was saved successfully.');
+    yield this.model
+      .save()
+      .then(() => {
+        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+        }
+        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+        this.flashMessages.success('The configuration was saved successfully.');
+      })
+      .catch(err => {
+        // AdapterErrors are handled by the error-message component
+        // in the form
+        if (err instanceof DS.AdapterError === false) {
+          throw err;
+        }
+        return;
+      });
   }),
 });
 
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index 82f850e1e5b1..c63d3a6940bb 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -1,22 +1,30 @@
 import AuthConfigComponent from './config';
+import { inject as service } from '@ember/service';
 import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 export default AuthConfigComponent.extend({
+  router: service(),
+  wizard: service(),
   saveModel: task(function*() {
-    const model = this.get('model');
-    let data = model.get('config').serialize();
-    data.description = model.get('description');
-    try {
-      yield model.tune(data);
-    } catch (err) {
-      // AdapterErrors are handled by the error-message component
-      // in the form
-      if (err instanceof DS.AdapterError === false) {
-        throw err;
-      }
-      return;
-    }
-    this.get('flashMessages').success('The configuration options were saved successfully.');
+    let data = this.model.config.serialize();
+    data.description = this.model.description;
+    yield this.model
+      .tune(data)
+      .then(() => {
+        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+        }
+        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+        this.flashMessages.success('The configuration was saved successfully.');
+      })
+      .catch(err => {
+        // AdapterErrors are handled by the error-message component
+        // in the form
+        if (err instanceof DS.AdapterError === false) {
+          throw err;
+        }
+        return;
+      });
   }),
 });
diff --git a/ui/app/components/mount-backend-form.js b/ui/app/components/mount-backend-form.js
index fbfb6c6a09dd..c18bec40f72e 100644
--- a/ui/app/components/mount-backend-form.js
+++ b/ui/app/components/mount-backend-form.js
@@ -60,22 +60,7 @@ export default Component.extend({
     this.get('mountModel').rollbackAttributes();
   },
 
-  getConfigModelType(methodType) {
-    let mountType = this.get('mountType');
-    // will be something like secret-aws
-    // or auth-azure
-    let key = `${mountType}-${methodType}`;
-    let noConfig = ['auth-approle', 'auth-alicloud'];
-    if (mountType === 'secret' || noConfig.includes(key)) {
-      return;
-    }
-    if (methodType === 'aws') {
-      return 'auth-config/aws/client';
-    }
-    return `auth-config/${methodType}`;
-  },
-
-  changeConfigModel(methodType) {
+  changeConfigModel() {
     let mount = this.get('mountModel');
     if (this.get('mountType') === 'secret') {
       return;
@@ -88,10 +73,7 @@ export default Component.extend({
       currentConfig.rollbackAttributes();
       currentConfig.unloadRecord();
     }
-    let configType = this.getConfigModelType(methodType);
-    if (!configType) return;
-    let config = this.get('store').createRecord(configType);
-    config.set('backend', mount);
+    return;
   },
 
   checkPathChange(type) {
@@ -165,7 +147,7 @@ export default Component.extend({
     onTypeChange(path, value) {
       if (path === 'type') {
         this.get('wizard').set('componentState', value);
-        this.changeConfigModel(value);
+        this.changeConfigModel();
         this.checkPathChange(value);
       }
     },
@@ -173,11 +155,7 @@ export default Component.extend({
     toggleShowConfig(value) {
       this.set('showConfig', value);
       if (value === true && this.get('wizard.featureState') === 'idle') {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'CONTINUE',
-          this.get('mountModel').get('type')
-        );
+        this.advanceWizard();
       } else {
         this.get('wizard').transitionFeatureMachine(
           this.get('wizard.featureState'),
diff --git a/ui/app/controllers/vault/cluster/settings/auth/enable.js b/ui/app/controllers/vault/cluster/settings/auth/enable.js
index d5dd984c3256..48890bd1ef56 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/enable.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/enable.js
@@ -4,11 +4,11 @@ import Controller from '@ember/controller';
 export default Controller.extend({
   wizard: service(),
   actions: {
-    onMountSuccess: function(type) {
-      let transition = this.transitionToRoute('vault.cluster.access.methods');
-      return transition.followRedirects().then(() => {
-        this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
-      });
+    onMountSuccess: function(type, path) {
+      // We have to remove the trailing '/' from the path to succcessfully redirect with the right params.
+      const authPath = path.slice(0, -1);
+      let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', authPath);
+      return transition.followRedirects();
     },
     onConfigError: function(modelId) {
       return this.transitionToRoute('vault.cluster.settings.auth.configure', modelId);
diff --git a/ui/app/machines/auth-machine.js b/ui/app/machines/auth-machine.js
index cec39a9896ba..6ee82dd08a62 100644
--- a/ui/app/machines/auth-machine.js
+++ b/ui/app/machines/auth-machine.js
@@ -22,16 +22,16 @@ export default {
         { type: 'render', level: 'step', component: 'wizard/auth-enable' },
       ],
       on: {
-        CONTINUE: 'list',
+        CONTINUE: 'config',
       },
     },
-    list: {
+    config: {
       onEntry: [
-        { type: 'render', level: 'step', component: 'wizard/auth-list' },
         { type: 'render', level: 'feature', component: 'wizard/mounts-wizard' },
+        { type: 'render', level: 'step', component: 'wizard/auth-config' },
       ],
       on: {
-        DETAILS: 'details',
+        CONTINUE: 'details',
       },
     },
     details: {
diff --git a/ui/app/models/auth-config.js b/ui/app/models/auth-config.js
index 88befe73b6ab..b3b86c4af9d9 100644
--- a/ui/app/models/auth-config.js
+++ b/ui/app/models/auth-config.js
@@ -2,5 +2,5 @@ import DS from 'ember-data';
 const { belongsTo } = DS;
 
 export default DS.Model.extend({
-  backend: belongsTo('auth-method', { readOnly: true, async: false }),
+  backend: belongsTo('auth-method', { inverse: 'authConfigs', readOnly: true, async: false }),
 });
diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
index 1949d20e8563..6ef8a3f507f0 100644
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@@ -1,12 +1,13 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   tenantId: attr('string', {
     label: 'Tenant ID',
     helpText: 'The tenant ID for the Azure Active Directory organization',
@@ -26,12 +27,16 @@ export default AuthConfig.extend({
   googleCertsEndpoint: attr('string'),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       { default: ['tenantId', 'resource'] },
       {
         'Azure Options': ['clientId', 'clientSecret'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/auth-config/gcp.js b/ui/app/models/auth-config/gcp.js
index 9185fb297614..25d91d284812 100644
--- a/ui/app/models/auth-config/gcp.js
+++ b/ui/app/models/auth-config/gcp.js
@@ -1,12 +1,14 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
+  // We have to leave this here because the backend doesn't support the file type yet.
   credentials: attr('string', {
     editType: 'file',
   }),
@@ -14,12 +16,15 @@ export default AuthConfig.extend({
   googleCertsEndpoint: attr('string'),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       { default: ['credentials'] },
       {
         'Google Cloud Options': ['googleCertsEndpoint'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/auth-config/github.js b/ui/app/models/auth-config/github.js
index 0c54653836d6..df745af14e86 100644
--- a/ui/app/models/auth-config/github.js
+++ b/ui/app/models/auth-config/github.js
@@ -1,24 +1,28 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
-
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   organization: attr('string'),
   baseUrl: attr('string', {
     label: 'Base URL',
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       { default: ['organization'] },
       {
         'GitHub Options': ['baseUrl'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
 
     return fieldToAttrs(this, groups);
   }),
diff --git a/ui/app/models/auth-config/kubernetes.js b/ui/app/models/auth-config/kubernetes.js
index 4d8da679a767..af3ebe14109b 100644
--- a/ui/app/models/auth-config/kubernetes.js
+++ b/ui/app/models/auth-config/kubernetes.js
@@ -2,11 +2,13 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   kubernetesHost: attr('string', {
     label: 'Kubernetes Host',
     helpText:
@@ -31,7 +33,7 @@ export default AuthConfig.extend({
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['kubernetesHost', 'kubernetesCaCert'],
       },
@@ -39,6 +41,10 @@ export default AuthConfig.extend({
         'Kubernetes Options': ['tokenReviewerJwt', 'pemKeys'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/auth-config/ldap.js b/ui/app/models/auth-config/ldap.js
index 9bb4a14491e3..de51d1489bd1 100644
--- a/ui/app/models/auth-config/ldap.js
+++ b/ui/app/models/auth-config/ldap.js
@@ -3,97 +3,50 @@ import DS from 'ember-data';
 
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
-  url: attr('string', {
-    label: 'URL',
-  }),
-  starttls: attr('boolean', {
-    defaultValue: false,
-    label: 'Issue StartTLS command after establishing an unencrypted connection',
-  }),
-  tlsMinVersion: attr('string', {
-    label: 'Minimum TLS Version',
-    defaultValue: 'tls12',
-    possibleValues: ['tls10', 'tls11', 'tls12'],
-  }),
-
-  tlsMaxVersion: attr('string', {
-    label: 'Maximum TLS Version',
-    defaultValue: 'tls12',
-    possibleValues: ['tls10', 'tls11', 'tls12'],
-  }),
-  insecureTls: attr('boolean', {
-    defaultValue: false,
-    label: 'Skip LDAP server SSL certificate verification',
-  }),
-  certificate: attr('string', {
-    label: 'CA certificate to verify LDAP server certificate',
-    editType: 'file',
-  }),
-
+  useOpenAPI: true,
   binddn: attr('string', {
-    label: 'Name of Object to bind (binddn)',
     helpText: 'Used when performing user search. Example: cn=vault,ou=Users,dc=example,dc=com',
   }),
   bindpass: attr('string', {
-    label: 'Password',
     helpText: 'Used along with binddn when performing user search',
     sensitive: true,
   }),
-
   userdn: attr('string', {
-    label: 'User DN',
     helpText: 'Base DN under which to perform user search. Example: ou=Users,dc=example,dc=com',
   }),
   userattr: attr('string', {
-    label: 'User Attribute',
-    defaultValue: 'cn',
     helpText:
       'Attribute on user attribute object matching the username passed when authenticating. Examples: sAMAccountName, cn, uid',
   }),
-  discoverdn: attr('boolean', {
-    defaultValue: false,
-    label: 'Use anonymous bind to discover the bind DN of a user',
-  }),
-  denyNullBind: attr('boolean', {
-    defaultValue: true,
-    label: 'Prevent users from bypassing authentication when providing an empty password',
-  }),
   upndomain: attr('string', {
-    label: 'User Principal (UPN) Domain',
     helpText:
       'The userPrincipalDomain used to construct the UPN string for the authenticating user. The constructed UPN will appear as [username]@UPNDomain. Example: example.com, which will cause vault to bind as username@example.com.',
   }),
 
   groupfilter: attr('string', {
-    label: 'Group Filter',
     helpText:
       'Go template used when constructing the group membership query. The template can access the following context variables: [UserDN, Username]. The default is (|(memberUid={{.Username}})(member={{.UserDN}})(uniqueMember={{.UserDN}})), which is compatible with several common directory schemas. To support nested group resolution for Active Directory, instead use the following query: (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))',
   }),
   groupdn: attr('string', {
-    label: 'Group DN',
     helpText:
       'LDAP search base for group membership search. This can be the root containing either groups or users. Example: ou=Groups,dc=example,dc=com',
   }),
   groupattr: attr('string', {
-    label: 'Group Attribute',
-    defaultValue: 'cn',
-
     helpText:
       'LDAP attribute to follow on objects returned by groupfilter in order to enumerate user group membership. Examples: for groupfilter queries returning group objects, use: cn. For queries returning user objects, use: memberOf. The default is cn.',
   }),
   useTokenGroups: attr('boolean', {
-    defaultValue: false,
-    label: 'Use Token Groups',
     helpText:
       'Use the Active Directory tokenGroups constructed attribute to find the group memberships. This returns all security groups for the user, including nested groups. In an Active Directory environment with a large number of groups this method offers increased performance. Selecting this will cause Group DN, Attribute, and Filter to be ignored.',
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['url'],
       },
@@ -117,6 +70,9 @@ export default AuthConfig.extend({
         'Customize Group Membership Search': ['groupfilter', 'groupattr', 'groupdn', 'useTokenGroups'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/auth-config/okta.js b/ui/app/models/auth-config/okta.js
index 8796db7c5bf7..c9baf9868273 100644
--- a/ui/app/models/auth-config/okta.js
+++ b/ui/app/models/auth-config/okta.js
@@ -2,10 +2,12 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import AuthConfig from '../auth-config';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   orgName: attr('string', {
     label: 'Organization Name',
     helpText: 'Name of the organization to be used in the Okta API',
@@ -26,8 +28,9 @@ export default AuthConfig.extend({
     helpText:
       "Useful if Vault's built-in MFA mechanisms. Will also cause certain other statuses to be ignored, such as PASSWORD_EXPIRED",
   }),
+
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['orgName'],
       },
@@ -35,6 +38,10 @@ export default AuthConfig.extend({
         Options: ['apiToken', 'baseUrl', 'bypassOktaMfa'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index d88088a3f408..720d7c1307a6 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -1,11 +1,13 @@
 import { computed } from '@ember/object';
 import DS from 'ember-data';
 import AuthConfig from '../auth-config';
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
 
 const { attr } = DS;
 
 export default AuthConfig.extend({
+  useOpenAPI: true,
   host: attr('string'),
 
   port: attr('number', {
@@ -32,7 +34,7 @@ export default AuthConfig.extend({
   }),
 
   fieldGroups: computed(function() {
-    const groups = [
+    let groups = [
       {
         default: ['host', 'secret'],
       },
@@ -40,6 +42,10 @@ export default AuthConfig.extend({
         'RADIUS Options': ['port', 'nasPort', 'nasIdentifier', 'dialTimeout', 'unregisteredUserPolicies'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
+
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/pki-certificate-sign.js b/ui/app/models/pki-certificate-sign.js
index 58bf2c35be76..8fa57d31eb41 100644
--- a/ui/app/models/pki-certificate-sign.js
+++ b/ui/app/models/pki-certificate-sign.js
@@ -2,7 +2,7 @@ import { copy } from 'ember-copy';
 import { computed } from '@ember/object';
 import DS from 'ember-data';
 import Certificate from './pki-certificate';
-
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default Certificate.extend({
@@ -10,7 +10,7 @@ export default Certificate.extend({
     readOnly: true,
     defaultValue: false,
   }),
-
+  useOpenAPI: true,
   csr: attr('string', {
     label: 'Certificate Signing Request (CSR)',
     editType: 'textarea',
@@ -18,11 +18,14 @@ export default Certificate.extend({
 
   fieldGroups: computed('signVerbatim', function() {
     const options = { Options: ['altNames', 'ipSans', 'ttl', 'excludeCnFromSans', 'otherSans'] };
-    const groups = [
+    let groups = [
       {
         default: ['csr', 'commonName', 'format', 'signVerbatim'],
       },
     ];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, []);
+    }
     if (this.get('signVerbatim') === false) {
       groups.push(options);
     }
diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index a5be5a82d7e4..bd81f2381541 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -20,7 +20,7 @@ const CREDENTIAL_TYPES = [
     displayName: 'Federation Token',
   },
 ];
-export default DS.Model.extend({
+const roleAWSModel = DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
@@ -29,6 +29,7 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
+  useOpenAPI: false,
   // credentialTypes are for backwards compatibility.
   // we use this to populate "credentialType" in
   // the serializer. if there is more than one, the
@@ -52,17 +53,15 @@ export default DS.Model.extend({
     editType: 'json',
   }),
   fields: computed('credentialType', function() {
-    let keys;
-    let credentialType = this.get('credentialType');
+    let credentialType = this.credentialType;
     let keysForType = {
       iam_user: ['name', 'credentialType', 'policyArns', 'policyDocument'],
       assumed_role: ['name', 'credentialType', 'roleArns', 'policyDocument'],
       federation_token: ['name', 'credentialType', 'policyDocument'],
     };
-    keys = keysForType[credentialType];
-    return expandAttributeMeta(this, keys);
-  }),
 
+    return expandAttributeMeta(this, keysForType[credentialType]);
+  }),
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
   canEdit: alias('updatePath.canUpdate'),
@@ -71,3 +70,5 @@ export default DS.Model.extend({
   generatePath: lazyCapabilities(apiPath`${'backend'}/creds/${'id'}`, 'backend', 'id'),
   canGenerate: alias('generatePath.canUpdate'),
 });
+roleAWSModel.reopenClass({ useOpenAPI: false });
+export default roleAWSModel;
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 77fe609d7df6..252eba00dc7f 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -3,7 +3,7 @@ import { computed } from '@ember/object';
 import DS from 'ember-data';
 import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
 import fieldToAttrs from 'vault/utils/field-to-attrs';
-
+import { combineFieldGroups } from 'vault/utils/openapi-to-attrs';
 const { attr } = DS;
 
 export default DS.Model.extend({
@@ -15,100 +15,7 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['rsa', 'ec'],
-  }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
-  allowLocalhost: attr('boolean', {}),
-  allowedDomains: attr('string', {}),
-  allowBareDomains: attr('boolean', {}),
-  allowSubdomains: attr('boolean', {}),
-  allowGlobDomains: attr('boolean', {}),
-  allowAnyName: attr('boolean', {}),
-  enforceHostnames: attr('boolean', {}),
-  allowIpSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Allow clients to request IP Subject Alternative Names (SANs)',
-  }),
-  allowedOtherSans: attr({
-    editType: 'stringArray',
-    label: 'Allowed Other SANs',
-  }),
-  serverFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  clientFlag: attr('boolean', {
-    defaultValue: true,
-  }),
-  codeSigningFlag: attr('boolean', {}),
-  emailProtectionFlag: attr('boolean', {}),
-  keyBits: attr('number', {
-    defaultValue: 2048,
-  }),
-  keyUsage: attr('string', {
-    defaultValue: 'DigitalSignature,KeyAgreement,KeyEncipherment',
-    editType: 'stringArray',
-  }),
-  extKeyUsageOids: attr({
-    label: 'Custom extended key usage OIDs',
-    editType: 'stringArray',
-  }),
-  requireCn: attr('boolean', {
-    label: 'Require common name',
-    defaultValue: true,
-  }),
-  useCsrCommonName: attr('boolean', {
-    label: 'Use CSR common name',
-    defaultValue: true,
-  }),
-  useCsrSans: attr('boolean', {
-    defaultValue: true,
-    label: 'Use CSR subject alternative names (SANs)',
-  }),
-  ou: attr({
-    label: 'OU (OrganizationalUnit)',
-    editType: 'stringArray',
-  }),
-  organization: attr({
-    editType: 'stringArray',
-  }),
-  country: attr({
-    editType: 'stringArray',
-  }),
-  locality: attr({
-    editType: 'stringArray',
-    label: 'Locality/City',
-  }),
-  province: attr({
-    editType: 'stringArray',
-    label: 'Province/State',
-  }),
-  streetAddress: attr({
-    editType: 'stringArray',
-  }),
-  postalCode: attr({
-    editType: 'stringArray',
-  }),
-  generateLease: attr('boolean', {}),
-  noStore: attr('boolean', {}),
-  policyIdentifiers: attr({
-    editType: 'stringArray',
-  }),
-  basicConstraintsValidForNonCA: attr('boolean', {
-    label: 'Mark Basic Constraints valid when issuing non-CA certificates.',
-  }),
-  notBeforeDuration: attr({
-    label: 'Not Before Duration',
-    editType: 'ttl',
-    defaultValue: '30s',
-  }),
+  useOpenAPI: true,
 
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
@@ -124,8 +31,8 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed(function() {
-    const groups = [
+  fieldGroups: computed('backend', 'merged', function() {
+    let groups = [
       { default: ['name', 'keyType'] },
       {
         Options: [
@@ -167,10 +74,13 @@ export default DS.Model.extend({
         ],
       },
       {
-        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCA', 'policyIdentifiers'],
+        Advanced: ['generateLease', 'noStore', 'basicConstraintsValidForNonCa', 'policyIdentifiers'],
       },
     ];
-
+    let excludedFields = ['extKeyUsage'];
+    if (this.newFields) {
+      groups = combineFieldGroups(groups, this.newFields, excludedFields);
+    }
     return fieldToAttrs(this, groups);
   }),
 });
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 1bb553ab5d6c..8e9f232b9de1 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -39,6 +39,7 @@ const CA_FIELDS = [
   'keyIdFormat',
 ];
 export default DS.Model.extend({
+  useOpenAPI: true,
   zeroAddress: attr('boolean', {
     readOnly: true,
   }),
@@ -46,13 +47,10 @@ export default DS.Model.extend({
     readOnly: true,
   }),
   name: attr('string', {
-    label: 'Role name',
+    label: 'Role Name',
     fieldValue: 'id',
     readOnly: true,
   }),
-  keyType: attr('string', {
-    possibleValues: ['ca', 'otp'],
-  }),
   adminUser: attr('string', {
     helpText: 'Username of the admin user at the remote host',
   }),
@@ -68,25 +66,14 @@ export default DS.Model.extend({
       'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
   }),
   cidrList: attr('string', {
-    label: 'CIDR list',
     helpText: 'List of CIDR blocks for which this role is applicable',
   }),
   excludeCidrList: attr('string', {
-    label: 'Exclude CIDR list',
     helpText: 'List of CIDR blocks that are not accepted by this role',
   }),
   port: attr('number', {
-    defaultValue: 22,
     helpText: 'Port number for the SSH connection (default is `22`)',
   }),
-  ttl: attr({
-    label: 'TTL',
-    editType: 'ttl',
-  }),
-  maxTtl: attr({
-    label: 'Max TTL',
-    editType: 'ttl',
-  }),
   allowedCriticalOptions: attr('string', {
     helpText: 'List of critical options that certificates have when signed',
   }),
@@ -114,11 +101,9 @@ export default DS.Model.extend({
       'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
   }),
   allowUserKeyIds: attr('boolean', {
-    label: 'Allow user key IDs',
     helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
   }),
   keyIdFormat: attr('string', {
-    label: 'Key ID format',
     helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
   }),
 
diff --git a/ui/app/models/ssh-sign.js b/ui/app/models/ssh-sign.js
index 6368b9109330..8d8cb76a86ce 100644
--- a/ui/app/models/ssh-sign.js
+++ b/ui/app/models/ssh-sign.js
@@ -18,7 +18,10 @@ export default DS.Model.extend({
   role: attr('object', {
     readOnly: true,
   }),
-  publicKey: attr('string'),
+  publicKey: attr('string', {
+    label: 'Public Key',
+    editType: 'textarea',
+  }),
   ttl: attr({
     label: 'TTL',
     editType: 'ttl',
diff --git a/ui/app/routes/vault/cluster/secrets/backend.js b/ui/app/routes/vault/cluster/secrets/backend.js
index b7964a59b186..9003842e013f 100644
--- a/ui/app/routes/vault/cluster/secrets/backend.js
+++ b/ui/app/routes/vault/cluster/secrets/backend.js
@@ -2,6 +2,7 @@ import { inject as service } from '@ember/service';
 import Route from '@ember/routing/route';
 export default Route.extend({
   flashMessages: service(),
+  oldModel: null,
   model(params) {
     let { backend } = params;
     return this.store
diff --git a/ui/app/routes/vault/cluster/secrets/backend/credentials.js b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
index 655577ca90c0..958f0cb9ccb3 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/credentials.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/credentials.js
@@ -1,15 +1,28 @@
 import { resolve } from 'rsvp';
 import Route from '@ember/routing/route';
+import { getOwner } from '@ember/application';
+import { inject as service } from '@ember/service';
 
 const SUPPORTED_DYNAMIC_BACKENDS = ['ssh', 'aws', 'pki'];
 
 export default Route.extend({
   templateName: 'vault/cluster/secrets/backend/credentials',
+  pathHelp: service('path-help'),
 
   backendModel() {
     return this.modelFor('vault.cluster.secrets.backend');
   },
 
+  beforeModel() {
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    if (backend != 'ssh') {
+      return;
+    }
+    let modelType = 'ssh-otp-credential';
+    let owner = getOwner(this);
+    return this.pathHelp.getNewModel(modelType, backend, owner);
+  },
+
   model(params) {
     let role = params.secret;
     let backendModel = this.backendModel();
diff --git a/ui/app/routes/vault/cluster/secrets/backend/list.js b/ui/app/routes/vault/cluster/secrets/backend/list.js
index 3f1a876fd368..ea247b7e731d 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/list.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/list.js
@@ -1,7 +1,9 @@
 import { set } from '@ember/object';
 import { hash, all } from 'rsvp';
 import Route from '@ember/routing/route';
+import { getOwner } from '@ember/application';
 import { supportedSecretBackends } from 'vault/helpers/supported-secret-backends';
+import { inject as service } from '@ember/service';
 
 const SUPPORTED_BACKENDS = supportedSecretBackends();
 
@@ -19,24 +21,29 @@ export default Route.extend({
   },
 
   templateName: 'vault/cluster/secrets/backend/list',
+  pathHelp: service('path-help'),
 
   beforeModel() {
-    let { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let owner = getOwner(this);
     let { secret } = this.paramsFor(this.routeName);
-    let backendModel = this.store.peekRecord('secret-engine', backend);
-    let type = backendModel && backendModel.get('engineType');
+    let { backend, tab } = this.paramsFor('vault.cluster.secrets.backend');
+    let secretEngine = this.store.peekRecord('secret-engine', backend);
+    let type = secretEngine && secretEngine.get('engineType');
     if (!type || !SUPPORTED_BACKENDS.includes(type)) {
       return this.transitionTo('vault.cluster.secrets');
     }
     if (this.routeName === 'vault.cluster.secrets.backend.list' && !secret.endsWith('/')) {
       return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
     }
-    this.store.unloadAll('capabilities');
+    let modelType = this.getModelType(backend, tab);
+    return this.pathHelp.getNewModel(modelType, backend, owner).then(() => {
+      this.store.unloadAll('capabilities');
+    });
   },
 
   getModelType(backend, tab) {
-    let backendModel = this.store.peekRecord('secret-engine', backend);
-    let type = backendModel.get('engineType');
+    let secretEngine = this.store.peekRecord('secret-engine', backend);
+    let type = secretEngine.get('engineType');
     let types = {
       transit: 'transit-key',
       ssh: 'role-ssh',
@@ -44,8 +51,8 @@ export default Route.extend({
       pki: tab === 'certs' ? 'pki-certificate' : 'role-pki',
       // secret or secret-v2
       cubbyhole: 'secret',
-      kv: backendModel.get('modelTypeForKV'),
-      generic: backendModel.get('modelTypeForKV'),
+      kv: secretEngine.get('modelTypeForKV'),
+      generic: secretEngine.get('modelTypeForKV'),
     };
     return types[type];
   },
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 943ad2a54a0a..3b55f3e70de8 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -1,11 +1,14 @@
 import { set } from '@ember/object';
 import { hash, resolve } from 'rsvp';
+import { inject as service } from '@ember/service';
+import DS from 'ember-data';
 import Route from '@ember/routing/route';
 import utils from 'vault/lib/key-utils';
+import { getOwner } from '@ember/application';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
-import DS from 'ember-data';
 
 export default Route.extend(UnloadModelRoute, {
+  pathHelp: service('path-help'),
   capabilities(secret) {
     const { backend } = this.paramsFor('vault.cluster.secrets.backend');
     let backendModel = this.modelFor('vault.cluster.secrets.backend');
@@ -35,15 +38,27 @@ export default Route.extend(UnloadModelRoute, {
     // perhaps in the future we could recurse _for_ users, but for now, just kick them
     // back to the list
     const { secret } = this.paramsFor(this.routeName);
-    const parentKey = utils.parentKeyForKey(secret);
-    const mode = this.routeName.split('.').pop();
-    if (mode === 'edit' && utils.keyIsFolder(secret)) {
-      if (parentKey) {
-        return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
-      } else {
-        return this.transitionTo('vault.cluster.secrets.backend.list-root');
+    return this.buildModel(secret).then(() => {
+      const parentKey = utils.parentKeyForKey(secret);
+      const mode = this.routeName.split('.').pop();
+      if (mode === 'edit' && utils.keyIsFolder(secret)) {
+        if (parentKey) {
+          return this.transitionTo('vault.cluster.secrets.backend.list', parentKey);
+        } else {
+          return this.transitionTo('vault.cluster.secrets.backend.list-root');
+        }
       }
+    });
+  },
+
+  buildModel(secret) {
+    const { backend } = this.paramsFor('vault.cluster.secrets.backend');
+    let modelType = this.modelType(backend, secret);
+    if (['secret', 'secret-v2'].includes(modelType)) {
+      return resolve();
     }
+    let owner = getOwner(this);
+    return this.pathHelp.getNewModel(modelType, backend, owner);
   },
 
   modelType(backend, secret) {
diff --git a/ui/app/routes/vault/cluster/secrets/backend/sign.js b/ui/app/routes/vault/cluster/secrets/backend/sign.js
index 8c33298b01fc..c187a089d183 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/sign.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/sign.js
@@ -14,6 +14,10 @@ export default Route.extend(UnloadModel, {
     };
   },
 
+  pathForType() {
+    return 'sign';
+  },
+
   model(params) {
     const role = params.secret;
     const backendModel = this.backendModel();
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index cc7c358d0992..8a8bd3926f04 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -4,10 +4,12 @@ import Route from '@ember/routing/route';
 import RSVP from 'rsvp';
 import DS from 'ember-data';
 import UnloadModelRoute from 'vault/mixins/unload-model-route';
+import { getOwner } from '@ember/application';
 
 export default Route.extend(UnloadModelRoute, {
   modelPath: 'model.model',
-  wizard: service(),
+  pathHelp: service('path-help'),
+
   modelType(backendType, section) {
     const MODELS = {
       'aws-client': 'auth-config/aws/client',
@@ -25,15 +27,22 @@ export default Route.extend(UnloadModelRoute, {
     return MODELS[`${backendType}-${section}`];
   },
 
+  beforeModel() {
+    const { section_name } = this.paramsFor(this.routeName);
+    if (section_name === 'options') {
+      return;
+    }
+    const { method } = this.paramsFor('vault.cluster.settings.auth.configure');
+    const backend = this.modelFor('vault.cluster.settings.auth.configure');
+    const modelType = this.modelType(backend.type, section_name);
+    let owner = getOwner(this);
+    return this.pathHelp.getNewModel(modelType, method, owner);
+  },
+
   model(params) {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const { section_name: section } = params;
     if (section === 'options') {
-      this.get('wizard').transitionFeatureMachine(
-        this.get('wizard.featureState'),
-        'EDIT',
-        backend.get('type')
-      );
       return RSVP.hash({
         model: backend,
         section,
@@ -47,11 +56,6 @@ export default Route.extend(UnloadModelRoute, {
     }
     const model = this.store.peekRecord(modelType, backend.id);
     if (model) {
-      this.get('wizard').transitionFeatureMachine(
-        this.get('wizard.featureState'),
-        'EDIT',
-        backend.get('type')
-      );
       return RSVP.hash({
         model,
         section,
@@ -60,11 +64,6 @@ export default Route.extend(UnloadModelRoute, {
     return this.store
       .findRecord(modelType, backend.id)
       .then(config => {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'EDIT',
-          backend.get('type')
-        );
         config.set('backend', backend);
         return RSVP.hash({
           model: config,
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
new file mode 100644
index 000000000000..0d4508b6fe96
--- /dev/null
+++ b/ui/app/services/path-help.js
@@ -0,0 +1,89 @@
+// Low level service that allows users to input paths to make requests to vault
+// this service provides the UI synecdote to the cli commands read, write, delete, and list
+import Service from '@ember/service';
+
+import { getOwner } from '@ember/application';
+import { expandOpenApiProps, combineAttributes } from 'vault/utils/openapi-to-attrs';
+import { resolve } from 'rsvp';
+
+export function sanitizePath(path) {
+  //remove whitespace + remove trailing and leading slashes
+  return path.trim().replace(/^\/+|\/+$/g, '');
+}
+
+export default Service.extend({
+  attrs: null,
+  ajax(url, options = {}) {
+    let appAdapter = getOwner(this).lookup(`adapter:application`);
+    let { data } = options;
+    return appAdapter.ajax(url, 'GET', {
+      data,
+    });
+  },
+
+  getNewModel(modelType, backend, owner) {
+    let name = `model:${modelType}`;
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || !newModel.prototype.useOpenAPI === true) {
+      return resolve();
+    }
+
+    return this.getProps(modelType, backend).then(props => {
+      if (owner.hasRegistration(name) && !newModel.merged) {
+        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        newModel = newModel.extend(attrs, { newFields });
+      } else {
+        //generate a whole new model
+      }
+
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
+    });
+  },
+
+  getProps(modelType, backend) {
+    let adapter = getOwner(this).lookup(`adapter:${modelType}`);
+    let path = adapter.pathForType();
+    const authMethods = [
+      'auth-config/ldap',
+      'auth-config/github',
+      'auth-config/okta',
+      'auth-config/radius',
+      'auth-config/cert',
+      'auth-config/gcp',
+      'auth-config/azure',
+      'auth-config/kubernetes',
+    ];
+    let helpUrl = authMethods.includes(modelType)
+      ? `/v1/auth/${backend}/${path}?help=1`
+      : `/v1/${backend}/${path}/example?help=1`;
+    let wildcard;
+    switch (path) {
+      case 'roles':
+        if (modelType === 'role-ssh') {
+          wildcard = 'role';
+        } else {
+          wildcard = 'name';
+        }
+        break;
+      case 'mounts':
+        if (modelType === 'secret') {
+          wildcard = 'path';
+        } else {
+          wildcard = 'config';
+        }
+        break;
+      case 'sign':
+      case 'issue':
+        wildcard = 'role';
+        break;
+    }
+
+    return this.ajax(helpUrl, backend).then(help => {
+      let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
+      let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
+      return expandOpenApiProps(props);
+    });
+  },
+});
diff --git a/ui/app/templates/components/auth-config-form/config.hbs b/ui/app/templates/components/auth-config-form/config.hbs
index 769d98251295..4f9d55fd6079 100644
--- a/ui/app/templates/components/auth-config-form/config.hbs
+++ b/ui/app/templates/components/auth-config-form/config.hbs
@@ -11,8 +11,13 @@
     {{/if}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
-    <button type="submit" data-test-save-config=true class="button is-primary {{if saveModel.isRunning 'loading'}}" disabled={{saveModel.isRunning}}>
+    <button
+      type="submit"
+      data-test-save-config="true"
+      class="button is-primary {{if saveModel.isRunning "loading"}}"
+      disabled={{saveModel.isRunning}}
+    >
       Save
     </button>
   </div>
-</form>
+</form>
\ No newline at end of file
diff --git a/ui/app/templates/components/auth-config-form/options.hbs b/ui/app/templates/components/auth-config-form/options.hbs
index 3c7cc9b0bb84..b7630d2856e3 100644
--- a/ui/app/templates/components/auth-config-form/options.hbs
+++ b/ui/app/templates/components/auth-config-form/options.hbs
@@ -7,8 +7,13 @@
     {{/each}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
-    <button type="submit" data-test-save-config=true class="button is-primary {{if saveModel.isRunning 'loading'}}" disabled={{saveModel.isRunning}}>
+    <button
+      type="submit"
+      data-test-save-config="true"
+      class="button is-primary {{if saveModel.isRunning "loading"}}"
+      disabled={{saveModel.isRunning}}
+    >
       Update Options
     </button>
   </div>
-</form>
+</form>
\ No newline at end of file
diff --git a/ui/app/templates/components/form-field.hbs b/ui/app/templates/components/form-field.hbs
index c84e51cb77e6..f2d363158fa7 100644
--- a/ui/app/templates/components/form-field.hbs
+++ b/ui/app/templates/components/form-field.hbs
@@ -1,7 +1,19 @@
 {{#unless
   (or
-    (and attr.options.editType (not-eq attr.options.editType "textarea"))
     (eq attr.type "boolean")
+    (contains
+      attr.options.editType
+      (array
+        "boolean"
+        "searchSelect"
+        "mountAccessor"
+        "kv"
+        "file"
+        "ttl"
+        "stringArray"
+        "json"
+      )
+    )
   )
 }}
   <label for="{{attr.name}}" class="is-label">
@@ -114,6 +126,7 @@
   }}
 {{else if (eq attr.options.editType "stringArray")}}
   {{string-list
+    data-test-input=attr.name
     label=labelString
     warning=attr.options.warning
     helpText=attr.options.helpText
@@ -124,9 +137,10 @@
   <MaskedInput
     @value={{or (get model valuePath) attr.options.defaultValue}}
     @placeholder=""
-    @allowCopy=true
-  />
-{{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+    @allowCopy="true"
+   />
+
+{{else if (or (eq attr.type "number") (eq attr.type "string"))}}
   <div class="control">
     {{#if (eq attr.options.editType "textarea")}}
       <textarea
diff --git a/ui/app/templates/components/string-list.hbs b/ui/app/templates/components/string-list.hbs
index 43a7a73b3d1d..79fcde0c6124 100644
--- a/ui/app/templates/components/string-list.hbs
+++ b/ui/app/templates/components/string-list.hbs
@@ -2,17 +2,12 @@
   <label class="title is-5" data-test-string-list-label="true">
     {{label}}
     {{#if helpText}}
-      {{#info-tooltip}}
-        {{helpText}}
-      {{/info-tooltip}}
+      {{#info-tooltip}}{{helpText}}{{/info-tooltip}}
     {{/if}}
   </label>
 {{/if}}
 {{#if warning}}
-  <AlertBanner
-    @type="warning"
-    @message={{warning}}
-  />
+  <AlertBanner @type="warning" @message={{warning}} />
 {{/if}}
 {{#each inputList as |data index|}}
   <div class="field is-grouped" data-test-string-list-row="{{index}}">
@@ -30,14 +25,29 @@
     </div>
     <div class="control">
       {{#if (eq (inc index) inputList.length)}}
-        <button type="button" class="button is-outlined is-primary" {{action "addInput"}} data-test-string-list-button="add">
+        <button
+          type="button"
+          class="button is-outlined is-primary"
+          data-test-string-list-button="add"
+          {{action "addInput"}}
+        >
           Add
         </button>
       {{else}}
-        <button type="button" class="button is-expanded is-icon" {{action "removeInput" index}} data-test-string-list-button="delete" >
-          {{i-con size=22 glyph='trash-a' excludeIconClass=true class="is-large has-text-grey-light"}}
+        <button
+          type="button"
+          class="button is-expanded is-icon"
+          data-test-string-list-button="delete"
+          {{action "removeInput" index}}
+        >
+          {{i-con
+            size=22
+            glyph="trash-a"
+            excludeIconClass=true
+            class="is-large has-text-grey-light"
+          }}
         </button>
       {{/if}}
     </div>
   </div>
-{{/each}}
+{{/each}}
\ No newline at end of file
diff --git a/ui/app/templates/components/wizard/auth-config.hbs b/ui/app/templates/components/wizard/auth-config.hbs
new file mode 100644
index 000000000000..0ec32b737180
--- /dev/null
+++ b/ui/app/templates/components/wizard/auth-config.hbs
@@ -0,0 +1,10 @@
+<WizardSection
+  @headerText="Configuring Your Auth Method"
+  @docText="Docs: Authentication Methods"
+  @docPath="/docs/auth/index.html"
+  @instructions="Click the 'Save' link to save any extra configuration. Saving without filling anything in will use the defaults."
+>
+  <p>
+    You can update your new auth method configuration here.
+  </p>
+</WizardSection>
\ No newline at end of file
diff --git a/ui/app/templates/components/wizard/auth-enable.hbs b/ui/app/templates/components/wizard/auth-enable.hbs
index df732ecbd1b3..087119bb9eb3 100644
--- a/ui/app/templates/components/wizard/auth-enable.hbs
+++ b/ui/app/templates/components/wizard/auth-enable.hbs
@@ -2,9 +2,9 @@
   @headerText="Entering Auth Method details"
   @docText="Docs: Authentication Methods"
   @docPath="/docs/auth/index.html"
-  @instructions='Customize your new method and click "Enable Method".'
+  @instructions="Name your method and click 'Enable Method'."
 >
   <p>
-    Great! Now you can customize this method with a name and description that makes sense for your team, and fill out any options that are specific to this method.
+    Great! Now you can customize this method with a name and fill out general configuration under "Method Options".
   </p>
-</WizardSection>
+</WizardSection>
\ No newline at end of file
diff --git a/ui/app/templates/partials/form-field-from-model.hbs b/ui/app/templates/partials/form-field-from-model.hbs
index 43acae746a43..ca7e49df25ab 100644
--- a/ui/app/templates/partials/form-field-from-model.hbs
+++ b/ui/app/templates/partials/form-field-from-model.hbs
@@ -1,23 +1,38 @@
 <div class="field">
-  {{#unless (or attr.options.editType (eq attr.type 'boolean'))}}
+  {{#unless
+    (or
+      (contains
+        attr.options.editType
+        (array
+          "boolean"
+          "searchSelect"
+          "mountAccessor"
+          "kv"
+          "file"
+          "ttl"
+          "stringArray"
+          "json"
+        )
+      )
+      (eq attr.type "boolean")
+    )
+  }}
     <label for="{{attr.name}}" class="is-label">
       {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
       {{#if attr.options.helpText}}
-        {{#info-tooltip}}
-          {{attr.options.helpText}}
-        {{/info-tooltip}}
+        {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
       {{/if}}
     </label>
   {{/unless}}
   {{#if attr.options.possibleValues}}
-    <div class="control is-expanded" >
+    <div class="control is-expanded">
       <div class="select is-fullwidth">
         <select
           name="{{attr.name}}"
           id="{{attr.name}}"
           onchange={{action (mut (get model attr.name)) value="target.value"}}
           data-test-input={{attr.name}}
-          >
+        >
           {{#each attr.options.possibleValues as |val|}}
             <option selected={{eq (get model attr.name) val}} value={{val}}>
               {{val}}
@@ -26,34 +41,48 @@
         </select>
       </div>
     </div>
-  {{else if (eq attr.options.editType 'ttl')}}
-    {{ttl-picker initialValue=(or (get model attr.name) attr.options.defaultValue) labelText=(if attr.options.label attr.options.label (humanize (dasherize attr.name))) setDefaultValue=false onChange=(action (mut (get model attr.name)))}}
-  {{else if (or (eq attr.type 'number') (eq attr.type 'string'))}}
+  {{else if (eq attr.options.editType "ttl")}}
+    {{ttl-picker
+      initialValue=(or (get model attr.name) attr.options.defaultValue)
+      labelText=(if
+        attr.options.label attr.options.label (humanize (dasherize attr.name))
+      )
+      setDefaultValue=false
+      onChange=(action (mut (get model attr.name)))
+    }}
+  {{else if (or (eq attr.type "number") (eq attr.type "string"))}}
     <div class="control">
-      {{input id=attr.name value=(get model (or attr.options.fieldValue attr.name)) class="input" data-test-input=attr.name}}
+      {{input
+        id=attr.name
+        value=(get model (or attr.options.fieldValue attr.name))
+        class="input"
+        data-test-input=attr.name
+      }}
     </div>
-  {{else if (eq attr.type 'boolean')}}
+  {{else if (eq attr.type "boolean")}}
     <div class="b-checkbox">
-      <input type="checkbox"
-       id="{{attr.name}}"
-       class="styled"
-         checked={{get model attr.name}}
-         onchange={{action (mut (get model attr.name)) value="target.checked"}}
-         data-test-input={{attr.name}}
-        />
-        <label for="{{attr.name}}" class="is-label">
-          {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
-          {{#if attr.options.helpText}}
-            {{#info-tooltip}}
-              {{attr.options.helpText}}
-            {{/info-tooltip}}
-          {{/if}}
-        </label>
-      </div>
-    {{else if (eq attr.type 'object')}}
-      {{json-editor
-        value=(if (get model attr.name) (stringify (get model attr.name)) emptyData)
-        valueUpdated=(action "codemirrorUpdated" attr.name)
-      }}
-    {{/if}}
-  </div>
+      <input
+        type="checkbox"
+        id="{{attr.name}}"
+        class="styled"
+        checked={{get model attr.name}}
+        onchange={{action (mut (get model attr.name)) value="target.checked"}}
+        data-test-input={{attr.name}}
+       />
+
+      <label for="{{attr.name}}" class="is-label">
+        {{capitalize (or attr.options.label (humanize (dasherize attr.name)))}}
+        {{#if attr.options.helpText}}
+          {{#info-tooltip}}{{attr.options.helpText}}{{/info-tooltip}}
+        {{/if}}
+      </label>
+    </div>
+  {{else if (eq attr.type "object")}}
+    {{json-editor
+      value=(if
+        (get model attr.name) (stringify (get model attr.name)) emptyData
+      )
+      valueUpdated=(action "codemirrorUpdated" attr.name)
+    }}
+  {{/if}}
+</div>
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
index 9c2c02d0c60c..d26541cbbb5d 100644
--- a/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/configure/section.hbs
@@ -1,5 +1,5 @@
-{{#if (eq model.section "options") }}
+{{#if (eq model.section "options")}}
   {{auth-config-form/options model.model}}
 {{else}}
   {{auth-config-form/config model.model}}
-{{/if}}
+{{/if}}
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/enable.hbs b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
index 4f459ae77890..2c020455324d 100644
--- a/ui/app/templates/vault/cluster/settings/auth/enable.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
@@ -1,4 +1,4 @@
 <MountBackendForm
   @onMountSuccess={{action "onMountSuccess"}}
   @onConfigError={{action "onConfigError"}}
-/>
+ />
diff --git a/ui/app/transforms/integer.js b/ui/app/transforms/integer.js
new file mode 100644
index 000000000000..493f6040c23c
--- /dev/null
+++ b/ui/app/transforms/integer.js
@@ -0,0 +1,22 @@
+import { isEmpty } from '@ember/utils';
+import DS from 'ember-data';
+
+/*
+  DS.attr('integer')
+*/
+export default DS.Transform.extend({
+  deserialize: function(value) {
+    if (isEmpty(value)) {
+      return null;
+    } else {
+      return value;
+    }
+  },
+  serialize: function(value) {
+    if (isEmpty(value)) {
+      return null;
+    } else {
+      return value;
+    }
+  },
+});
diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
new file mode 100644
index 000000000000..9695880f817c
--- /dev/null
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -0,0 +1,84 @@
+import DS from 'ember-data';
+const { attr } = DS;
+import { assign } from '@ember/polyfills';
+
+export const expandOpenApiProps = function(props) {
+  let attrs = {};
+  // expand all attributes
+  for (let prop in props) {
+    let details = props[prop];
+    if (details.deprecated === true) {
+      continue;
+    }
+    if (details.type === 'integer') {
+      details.type = 'number';
+    }
+    let editType = details.type;
+    if (details.format === 'seconds') {
+      editType = 'ttl';
+    } else if (details.items) {
+      editType = details.items.type + details.type.capitalize();
+    }
+    attrs[prop.camelize()] = {
+      editType: editType,
+      type: details.type,
+    };
+    if (details['x-vault-displayName']) {
+      attrs[prop.camelize()].label = details['x-vault-displayName'];
+    }
+    if (details['enum']) {
+      attrs[prop.camelize()].possibleValues = details['enum'];
+    }
+    if (details['x-vault-displayValue']) {
+      attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
+    }
+  }
+  return attrs;
+};
+
+export const combineAttributes = function(oldAttrs, newProps) {
+  let newAttrs = {};
+  let newFields = [];
+  oldAttrs.forEach(function(value, name) {
+    if (newProps[name]) {
+      newAttrs[name] = attr(newProps[name].type, assign({}, newProps[name], value.options));
+    } else {
+      newAttrs[name] = attr(value.type, value.options);
+    }
+  });
+  for (let prop in newProps) {
+    if (newAttrs[prop]) {
+      continue;
+    } else {
+      newAttrs[prop] = attr(newProps[prop].type, newProps[prop]);
+      newFields.push(prop);
+    }
+  }
+  return { attrs: newAttrs, newFields };
+};
+
+export const combineFields = function(currentFields, newFields, excludedFields) {
+  let otherFields = newFields.filter(field => {
+    return !currentFields.includes(field) && !excludedFields.includes(field);
+  });
+  if (otherFields.length) {
+    currentFields = currentFields.concat(otherFields);
+  }
+  return currentFields;
+};
+
+export const combineFieldGroups = function(currentGroups, newFields, excludedFields) {
+  let allFields = [];
+  for (let group of currentGroups) {
+    let fieldName = Object.keys(group)[0];
+    allFields = allFields.concat(group[fieldName]);
+  }
+  let otherFields = newFields.filter(field => {
+    return !allFields.includes(field) && !excludedFields.includes(field);
+  });
+  if (otherFields.length) {
+    currentGroups[0].default = currentGroups[0].default.concat(otherFields);
+  }
+
+  return currentGroups;
+};
diff --git a/ui/tests/acceptance/secrets/backend/pki/cert-test.js b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
index cb437044f28e..46e9bbf7905f 100644
--- a/ui/tests/acceptance/secrets/backend/pki/cert-test.js
+++ b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
@@ -47,6 +47,7 @@ elRplAzrMF4=
   };
 
   test('it issues a cert', async function(assert) {
+    debugger; //eslint-disable-line
     await setup(assert);
 
     await generatePage.issueCert('foo');
diff --git a/ui/tests/acceptance/settings/auth/configure/section-test.js b/ui/tests/acceptance/settings/auth/configure/section-test.js
index 0216a21b561f..8ad25718f662 100644
--- a/ui/tests/acceptance/settings/auth/configure/section-test.js
+++ b/ui/tests/acceptance/settings/auth/configure/section-test.js
@@ -33,7 +33,7 @@ module('Acceptance | settings/auth/configure/section', function(hooks) {
     await withFlash(page.save(), () => {
       assert.equal(
         page.flash.latestMessage,
-        `The configuration options were saved successfully.`,
+        `The configuration was saved successfully.`,
         'success flash shows'
       );
     });
diff --git a/ui/tests/acceptance/settings/auth/enable-test.js b/ui/tests/acceptance/settings/auth/enable-test.js
index 3e24f010bedb..aea0cd267887 100644
--- a/ui/tests/acceptance/settings/auth/enable-test.js
+++ b/ui/tests/acceptance/settings/auth/enable-test.js
@@ -28,9 +28,11 @@ module('Acceptance | settings/auth/enable', function(hooks) {
     });
     assert.equal(
       currentRouteName(),
-      'vault.cluster.access.methods',
-      'redirects to the auth backend list page'
+      'vault.cluster.settings.auth.configure.section',
+      'redirects to the auth config page'
     );
+
+    await listPage.visit();
     assert.ok(listPage.findLinkById(path), 'mount is present in the list');
   });
 });
diff --git a/ui/tests/integration/components/auth-config-form/options-test.js b/ui/tests/integration/components/auth-config-form/options-test.js
index 77459e98f4ff..f2200c14e82d 100644
--- a/ui/tests/integration/components/auth-config-form/options-test.js
+++ b/ui/tests/integration/components/auth-config-form/options-test.js
@@ -5,17 +5,33 @@ import { setupRenderingTest } from 'ember-qunit';
 import { render, settled } from '@ember/test-helpers';
 import hbs from 'htmlbars-inline-precompile';
 import sinon from 'sinon';
+import Service from '@ember/service';
 
 import { create } from 'ember-cli-page-object';
 import authConfigForm from 'vault/tests/pages/components/auth-config-form/options';
 
 const component = create(authConfigForm);
+const routerService = Service.extend({
+  transitionTo() {
+    return {
+      followRedirects() {
+        return resolve();
+      },
+    };
+  },
+  replaceWith() {
+    return resolve();
+  },
+});
 
 module('Integration | Component | auth-config-form options', function(hooks) {
   setupRenderingTest(hooks);
 
   hooks.beforeEach(function() {
     this.owner.lookup('service:flash-messages').registerTypes(['success']);
+    this.owner.register('service:router', routerService);
+    this.router = this.owner.lookup('service:router');
+
     component.setContext(this);
   });
 
diff --git a/ui/tests/integration/components/auth-form-test.js b/ui/tests/integration/components/auth-form-test.js
index 5515026bffd0..37d920e828e2 100644
--- a/ui/tests/integration/components/auth-form-test.js
+++ b/ui/tests/integration/components/auth-form-test.js
@@ -38,9 +38,6 @@ const routerService = Service.extend({
       },
     };
   },
-  replaceWith() {
-    return resolve();
-  },
 });
 
 module('Integration | Component | auth form', function(hooks) {
diff --git a/ui/tests/integration/components/mount-backend-form-test.js b/ui/tests/integration/components/mount-backend-form-test.js
index c717a2f512c1..a01798b3a96c 100644
--- a/ui/tests/integration/components/mount-backend-form-test.js
+++ b/ui/tests/integration/components/mount-backend-form-test.js
@@ -71,59 +71,4 @@ module('Integration | Component | mount backend form', function(hooks) {
     assert.ok(enableRequest, 'it calls enable on an auth method');
     assert.ok(spy.calledOnce, 'calls the passed success method');
   });
-
-  test('it calls the correct jwt config', async function(assert) {
-    this.server.post('/v1/sys/auth/jwt', () => {
-      return [204, { 'Content-Type': 'application/json' }];
-    });
-
-    this.server.post('/v1/auth/jwt/config', () => {
-      return [
-        400,
-        { 'Content-Type': 'application/json' },
-        JSON.stringify({ errors: ['there was an error'] }),
-      ];
-    });
-    await render(hbs`<MountBackendForm />`);
-
-    await component.selectType('jwt');
-    await component.next();
-    await component.fillIn('oidcDiscoveryUrl', 'host');
-    component.submit();
-
-    later(() => run.cancelTimers(), 50);
-    await settled();
-    let configRequest = this.server.handledRequests.findBy('url', '/v1/auth/jwt/config');
-    assert.ok(configRequest, 'it calls the config url');
-  });
-
-  test('it calls mount config error', async function(assert) {
-    this.server.post('/v1/sys/auth/bar', () => {
-      return [204, { 'Content-Type': 'application/json' }];
-    });
-    this.server.post('/v1/auth/bar/config', () => {
-      return [
-        400,
-        { 'Content-Type': 'application/json' },
-        JSON.stringify({ errors: ['there was an error'] }),
-      ];
-    });
-    const spy = sinon.spy();
-    const spy2 = sinon.spy();
-    this.set('onMountSuccess', spy);
-    this.set('onConfigError', spy2);
-    await render(hbs`{{mount-backend-form onMountSuccess=onMountSuccess onConfigError=onConfigError}}`);
-
-    await component.selectType('kubernetes');
-    await component.next().path('bar');
-    // kubernetes requires a host + a cert / pem, so only filling the host will error
-    await component.fillIn('kubernetesHost', 'host');
-    component.submit();
-    later(() => run.cancelTimers(), 50);
-    await settled();
-    let enableRequest = this.server.handledRequests.findBy('url', '/v1/sys/auth/bar');
-    assert.ok(enableRequest, 'it calls enable on an auth method');
-    assert.equal(spy.callCount, 0, 'does not call the success method');
-    assert.ok(spy2.calledOnce, 'calls the passed error method');
-  });
 });
diff --git a/ui/tests/pages/secrets/backend/pki/edit-role.js b/ui/tests/pages/secrets/backend/pki/edit-role.js
index 23935be3e26a..76b51e24daac 100644
--- a/ui/tests/pages/secrets/backend/pki/edit-role.js
+++ b/ui/tests/pages/secrets/backend/pki/edit-role.js
@@ -9,7 +9,7 @@ export default create({
   toggleOptions: clickable('[data-test-toggle-group="Options"]'),
   name: fillable('[data-test-input="name"]'),
   allowAnyName: clickable('[data-test-input="allowAnyName"]'),
-  allowedDomains: fillable('[data-test-input="allowedDomains"]'),
+  allowedDomains: fillable('[data-test-input="allowedDomains"] input'),
   save: clickable('[data-test-role-create]'),
   deleteBtn: clickable('[data-test-role-delete] button'),
   confirmBtn: clickable('[data-test-confirm-button]'),
diff --git a/ui/tests/pages/secrets/backend/pki/generate-cert.js b/ui/tests/pages/secrets/backend/pki/generate-cert.js
index 38c22e0ff724..7c098b6675c1 100644
--- a/ui/tests/pages/secrets/backend/pki/generate-cert.js
+++ b/ui/tests/pages/secrets/backend/pki/generate-cert.js
@@ -14,6 +14,7 @@ export default create({
   hasCert: isPresent('[data-test-row-value="Certificate"]'),
   fillInField: fillable('[data-test-field]'),
   issueCert: async function(commonName) {
+    debugger; //eslint-disable-line
     await this.commonName(commonName)
       .toggleOptions()
       .fillInField('unit', 'h')
diff --git a/ui/tests/unit/machines/auth-machine-test.js b/ui/tests/unit/machines/auth-machine-test.js
index 90b179a03110..d430f78192a2 100644
--- a/ui/tests/unit/machines/auth-machine-test.js
+++ b/ui/tests/unit/machines/auth-machine-test.js
@@ -23,16 +23,16 @@ module('Unit | Machine | auth-machine', function() {
       event: 'CONTINUE',
       params: null,
       expectedResults: {
-        value: 'list',
+        value: 'config',
         actions: [
-          { component: 'wizard/auth-list', level: 'step', type: 'render' },
-          { component: 'wizard/mounts-wizard', level: 'feature', type: 'render' },
+          { type: 'render', level: 'feature', component: 'wizard/mounts-wizard' },
+          { type: 'render', level: 'step', component: 'wizard/auth-config' },
         ],
       },
     },
     {
-      currentState: 'list',
-      event: 'DETAILS',
+      currentState: 'config',
+      event: 'CONTINUE',
       expectedResults: {
         value: 'details',
         actions: [

From 18fa66aaa78262569e0dbf8a1483906757a405df Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Mon, 11 Feb 2019 14:55:54 -0500
Subject: [PATCH 65/84] remove debugger statement

---
 ui/app/adapters/pki-certificate.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ui/app/adapters/pki-certificate.js b/ui/app/adapters/pki-certificate.js
index 7e62f934313a..bed8bfa4b2f1 100644
--- a/ui/app/adapters/pki-certificate.js
+++ b/ui/app/adapters/pki-certificate.js
@@ -15,7 +15,6 @@ export default Adapter.extend({
   },
 
   pathForType() {
-    debugger; //eslint-disable-line
     return 'issue';
   },
 

From 5ed871014fbda34484438e33cedf17d8b062405d Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Tue, 12 Feb 2019 08:53:40 -0500
Subject: [PATCH 66/84] Pull in updated plugins

---
 .../vault-plugin-auth-azure/Gopkg.lock        | 16 ++++-
 .../vault-plugin-auth-azure/path_config.go    |  5 ++
 .../plugin/path_config.go                     |  3 +
 .../vault-plugin-auth-jwt/path_config.go      | 17 ++++++
 .../vault-plugin-auth-jwt/path_login.go       |  3 +-
 .../vault-plugin-auth-kubernetes/Gopkg.lock   | 16 ++++-
 .../path_config.go                            |  5 ++
 .../clients/sts.go                            |  4 +-
 .../path_creds.go                             | 21 +++++--
 .../vault-plugin-secrets-gcpkms/README.md     |  6 ++
 vendor/vendor.json                            | 58 +++++++++----------
 11 files changed, 112 insertions(+), 42 deletions(-)

diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock
index a8eb992af37c..b73a81c63b35 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock
@@ -216,7 +216,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:450803219e484669ba680c777ecac629dac92abde2bc83009beaa630f5368e71"
+  digest = "1:606c7307ae83d1adc0901aa8909b700489d7f1294533344453436a8dbff0091b"
   name = "github.com/hashicorp/vault"
   packages = [
     "api",
@@ -226,6 +226,7 @@
     "helper/errutil",
     "helper/hclutil",
     "helper/jsonutil",
+    "helper/license",
     "helper/locksutil",
     "helper/logging",
     "helper/mlock",
@@ -245,7 +246,7 @@
     "version",
   ]
   pruneopts = "UT"
-  revision = "8655d167084028d627f687ddc25d0c71307eb5be"
+  revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470"
 
 [[projects]]
   branch = "master"
@@ -287,6 +288,17 @@
   revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
   version = "v1.0.0"
 
+[[projects]]
+  digest = "1:c7a5e79396b6eb570159df7a1d487ce5775bf43b7907976fbef6de544ea160ad"
+  name = "github.com/pierrec/lz4"
+  packages = [
+    ".",
+    "internal/xxh32",
+  ]
+  pruneopts = "UT"
+  revision = "473cd7ce01a1113208073166464b98819526150e"
+  version = "v2.0.8"
+
 [[projects]]
   branch = "master"
   digest = "1:bd9efe4e0b0f768302a1e2f0c22458149278de533e521206e5ddc71848c269a0"
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-azure/path_config.go
index 8b18cc90650a..4e5fad3890df 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/path_config.go
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/path_config.go
@@ -16,26 +16,31 @@ func pathConfig(b *azureAuthBackend) *framework.Path {
 				Description: `The tenant id for the Azure Active Directory.  This is sometimes
 				referred to as Directory ID in AD.  This value can also be provided with the 
 				AZURE_TENANT_ID environment variable.`,
+				DisplayName: "Tenant ID",
 			},
 			"resource": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The resource URL for the vault application in Azure Active Directory.
 				This value can also be provided with the AZURE_AD_RESOURCE environment variable.`,
+				DisplayName: "Resource",
 			},
 			"environment": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The Azure environment name. If not provided, AzurePublicCloud is used.
 				This value can also be provided with the AZURE_ENVIRONMENT environment variable.`,
+				DisplayName: "Environment",
 			},
 			"client_id": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The OAuth2 client id to connection to Azure.
 				This value can also be provided with the AZURE_CLIENT_ID environment variable.`,
+				DisplayName: "Client ID",
 			},
 			"client_secret": &framework.FieldSchema{
 				Type: framework.TypeString,
 				Description: `The OAuth2 client secret to connection to Azure.
 				This value can also be provided with the AZURE_CLIENT_SECRET environment variable.`,
+				DisplayName: "Client Secret",
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go
index 3476a64134e3..da4d32f310ba 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 
 	"encoding/json"
+
 	"github.com/hashicorp/go-gcp-common/gcputil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@@ -20,11 +21,13 @@ func pathConfig(b *GcpAuthBackend) *framework.Path {
 				Description: `
 Google credentials JSON that Vault will use to verify users against GCP APIs.
 If not specified, will use application default credentials`,
+				DisplayName: "Credentials",
 			},
 			"google_certs_endpoint": {
 				Type: framework.TypeString,
 				Description: `
 Deprecated. This field does nothing and be removed in a future release`,
+				Deprecated: true,
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_config.go
index 5019cbd603de..2f13db15f936 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_config.go
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_config.go
@@ -4,6 +4,7 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"context"
@@ -33,6 +34,10 @@ func pathConfig(b *jwtAuthBackend) *framework.Path {
 				Type:        framework.TypeCommaStringSlice,
 				Description: `A list of PEM-encoded public keys to use to authenticate signatures locally. Cannot be used with "oidc_discovery_url".`,
 			},
+			"jwt_supported_algs": {
+				Type:        framework.TypeCommaStringSlice,
+				Description: `A list of supported signing algorithms. Defaults to RS256.`,
+			},
 			"bound_issuer": {
 				Type:        framework.TypeString,
 				Description: "The value against which to match the 'iss' claim in a JWT. Optional.",
@@ -99,6 +104,7 @@ func (b *jwtAuthBackend) pathConfigRead(ctx context.Context, req *logical.Reques
 			"oidc_discovery_url":     config.OIDCDiscoveryURL,
 			"oidc_discovery_ca_pem":  config.OIDCDiscoveryCAPEM,
 			"jwt_validation_pubkeys": config.JWTValidationPubKeys,
+			"jwt_supported_algs":     config.JWTSupportedAlgs,
 			"bound_issuer":           config.BoundIssuer,
 		},
 	}
@@ -111,6 +117,7 @@ func (b *jwtAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Reque
 		OIDCDiscoveryURL:     d.Get("oidc_discovery_url").(string),
 		OIDCDiscoveryCAPEM:   d.Get("oidc_discovery_ca_pem").(string),
 		JWTValidationPubKeys: d.Get("jwt_validation_pubkeys").([]string),
+		JWTSupportedAlgs:     d.Get("jwt_supported_algs").([]string),
 		BoundIssuer:          d.Get("bound_issuer").(string),
 	}
 
@@ -133,6 +140,15 @@ func (b *jwtAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Reque
 			}
 		}
 
+	case len(config.JWTSupportedAlgs) != 0:
+		for _, a := range config.JWTSupportedAlgs {
+			switch a {
+			case oidc.RS256, oidc.RS384, oidc.RS512, oidc.ES256, oidc.ES384, oidc.ES512, oidc.PS256, oidc.PS384, oidc.PS512:
+			default:
+				return logical.ErrorResponse(fmt.Sprintf("Invalid supported algorithm: %s", a)), nil
+			}
+		}
+
 	default:
 		return nil, errors.New("unknown condition")
 	}
@@ -182,6 +198,7 @@ type jwtConfig struct {
 	OIDCDiscoveryURL     string   `json:"oidc_discovery_url"`
 	OIDCDiscoveryCAPEM   string   `json:"oidc_discovery_ca_pem"`
 	JWTValidationPubKeys []string `json:"jwt_validation_pubkeys"`
+	JWTSupportedAlgs     []string `json:"jwt_supported_algs"`
 	BoundIssuer          string   `json:"bound_issuer"`
 
 	ParsedJWTPubKeys []interface{} `json:"-"`
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go
index 868fe9d094e4..0b515ab5f376 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go
@@ -136,7 +136,8 @@ func (b *jwtAuthBackend) pathLogin(ctx context.Context, req *logical.Request, d
 		}
 
 		verifier := provider.Verifier(&oidc.Config{
-			SkipClientIDCheck: true,
+			SkipClientIDCheck:    true,
+			SupportedSigningAlgs: config.JWTSupportedAlgs,
 		})
 
 		idToken, err := verifier.Verify(ctx, token)
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock
index 1d1007232e85..f6ee0566a5d4 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock
@@ -203,7 +203,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:d00de8725219a569ffbb5dd1042e4ced1f3b5ccee2b07218371f71026cc7609a"
+  digest = "1:7be65468c591c5e836ec7ff70b6e7665452a6e700d5f0d5bb9edec8aa57b58e2"
   name = "github.com/hashicorp/vault"
   packages = [
     "api",
@@ -214,6 +214,7 @@
     "helper/errutil",
     "helper/hclutil",
     "helper/jsonutil",
+    "helper/license",
     "helper/locksutil",
     "helper/logging",
     "helper/mlock",
@@ -233,7 +234,7 @@
     "version",
   ]
   pruneopts = "UT"
-  revision = "add60e6dc7ff7b94487f3b5b680d00d7c05fe621"
+  revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470"
 
 [[projects]]
   branch = "master"
@@ -275,6 +276,17 @@
   revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39"
   version = "v1.0.0"
 
+[[projects]]
+  digest = "1:c7a5e79396b6eb570159df7a1d487ce5775bf43b7907976fbef6de544ea160ad"
+  name = "github.com/pierrec/lz4"
+  packages = [
+    ".",
+    "internal/xxh32",
+  ]
+  pruneopts = "UT"
+  revision = "473cd7ce01a1113208073166464b98819526150e"
+  version = "v2.0.8"
+
 [[projects]]
   digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84"
   name = "github.com/ryanuber/go-glob"
diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go
index f10d4b4c7fb3..01f6de36c806 100644
--- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go
+++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go
@@ -22,16 +22,20 @@ func pathConfig(b *kubeAuthBackend) *framework.Path {
 			"kubernetes_host": {
 				Type:        framework.TypeString,
 				Description: "Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server.",
+				DisplayName: "Kubernetes Host",
 			},
+
 			"kubernetes_ca_cert": {
 				Type:        framework.TypeString,
 				Description: "PEM encoded CA cert for use by the TLS client used to talk with the API.",
+				DisplayName: "Kubernetes CA Certificate",
 			},
 			"token_reviewer_jwt": {
 				Type: framework.TypeString,
 				Description: `A service account JWT used to access the
 TokenReview API to validate other JWTs during login. If not set
 the JWT used for login will be used to access the API.`,
+				DisplayName: "Token Reviewer JWT",
 			},
 			"pem_keys": {
 				Type: framework.TypeCommaStringSlice,
@@ -39,6 +43,7 @@ the JWT used for login will be used to access the API.`,
 used to verify the signatures of kubernetes service account
 JWTs. If a certificate is given, its public key will be
 extracted. Not every installation of Kuberentes exposes these keys.`,
+				DisplayName: "Service account verification keys",
 			},
 		},
 		Callbacks: map[logical.Operation]framework.OperationFunc{
diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/clients/sts.go b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/clients/sts.go
index 5771417ac93b..210e2566e7ec 100644
--- a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/clients/sts.go
+++ b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/clients/sts.go
@@ -23,9 +23,9 @@ type STSClient struct {
 	client *sts.Client
 }
 
-func (c *STSClient) AssumeRole(userName, roleARN string) (*sts.AssumeRoleResponse, error) {
+func (c *STSClient) AssumeRole(roleSessionName, roleARN string) (*sts.AssumeRoleResponse, error) {
 	assumeRoleReq := sts.CreateAssumeRoleRequest()
 	assumeRoleReq.RoleArn = roleARN
-	assumeRoleReq.RoleSessionName = userName
+	assumeRoleReq.RoleSessionName = roleSessionName
 	return c.client.AssumeRole(assumeRoleReq)
 }
diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/path_creds.go b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/path_creds.go
index e901a8c8cca1..a2d7330948a7 100644
--- a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/path_creds.go
+++ b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/path_creds.go
@@ -60,7 +60,7 @@ func (b *backend) operationCredsRead(ctx context.Context, req *logical.Request,
 		if err != nil {
 			return nil, err
 		}
-		assumeRoleResp, err := client.AssumeRole(generateUsername(req.DisplayName, roleName), role.RoleARN)
+		assumeRoleResp, err := client.AssumeRole(generateRoleSessionName(req.DisplayName, roleName), role.RoleARN)
 		if err != nil {
 			return nil, err
 		}
@@ -243,15 +243,24 @@ func (b *backend) operationCredsRead(ctx context.Context, req *logical.Request,
 
 // The max length of a username per AliCloud is 64.
 func generateUsername(displayName, roleName string) string {
-	username := fmt.Sprintf("%s-%s-", displayName, roleName)
+	return generateName(displayName, roleName, 64)
+}
+
+// The max length of a role session name per AliCloud is 32.
+func generateRoleSessionName(displayName, roleName string) string {
+	return generateName(displayName, roleName, 32)
+}
+
+func generateName(displayName, roleName string, maxLength int) string {
+	name := fmt.Sprintf("%s-%s-", displayName, roleName)
 
-	// The time and random number take up to 15 more in length, so if the username
+	// The time and random number take up to 15 more in length, so if the name
 	// is too long we need to trim it.
-	if len(username) > 49 {
-		username = username[:49]
+	if len(name) > maxLength-15 {
+		name = name[:maxLength-15]
 	}
 	r := rand.New(rand.NewSource(time.Now().UnixNano()))
-	return fmt.Sprintf("%s%d-%d", username, time.Now().Unix(), r.Intn(10000))
+	return fmt.Sprintf("%s%d-%d", name, time.Now().Unix(), r.Intn(10000))
 }
 
 const pathCredsHelpSyn = `
diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/README.md b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/README.md
index f32c2cddb0bb..1924eb99156d 100644
--- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/README.md
+++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/README.md
@@ -84,6 +84,12 @@ instructions are only useful if you want to develop against the plugin.**
     $ vault secrets enable -path=gcpkms -plugin=vault-plugin-secrets-gcpkms plugin
     ```
 
+### Documentation
+
+The documentation for the plugin lives in the [main Vault
+repository](/hashicorp/vault) in the `website/` folder. Please make any
+documentation updates as separate Pull Requests against that repo.
+
 ### Tests
 
 This plugin has both unit tests and acceptance tests. To run the acceptance
diff --git a/vendor/vendor.json b/vendor/vendor.json
index f6ddcf764d2d..4b43ec9b71cd 100644
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@@ -1391,10 +1391,10 @@
 			"revisionTime": "2018-11-09T18:06:36Z"
 		},
 		{
-			"checksumSHA1": "Jj3mz58lSv0dsuXd6bVxGV4759w=",
+			"checksumSHA1": "UgLfwpXoRLpMOF0rzaj+cRcTtdo=",
 			"path": "github.com/hashicorp/vault-plugin-auth-azure",
-			"revision": "4c0b46069a2293d5a6ca7506c8d3e0c4a92f3dbc",
-			"revisionTime": "2018-12-07T23:25:28Z"
+			"revision": "0af1d040b5b329f41904cadcd96be55179468880",
+			"revisionTime": "2019-02-01T22:26:32Z"
 		},
 		{
 			"checksumSHA1": "4Z/niOo76EcP8KpLdSL5GdDcy78=",
@@ -1403,52 +1403,52 @@
 			"revisionTime": "2018-08-16T20:11:31Z"
 		},
 		{
-			"checksumSHA1": "llLHR3FVdqtuFgjIoL9GNN8zKKI=",
+			"checksumSHA1": "Nd9aBfL80t7N8B9VVsNBgihA5f4=",
 			"path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin",
-			"revision": "4d63bbfe6fcf0363a2ea2c273846e88b95d85089",
-			"revisionTime": "2018-12-10T20:01:33Z"
+			"revision": "7d4c2101e7d0b61ec9fb0dc3c75d79920c6369c5",
+			"revisionTime": "2019-02-01T21:54:14Z"
 		},
 		{
-			"checksumSHA1": "tt3FtyjXgdBI9Mb43UL4LtOZmAk=",
+			"checksumSHA1": "6B+p22t7wBR52hepGYd3t1JnDME=",
 			"path": "github.com/hashicorp/vault-plugin-auth-jwt",
-			"revision": "f428c77917331c1b87dae2dd37016bd1dd4c55da",
-			"revisionTime": "2018-10-31T19:59:42Z"
+			"revision": "a608a5ad1c249797e266cb8fcb4eac336aa72bef",
+			"revisionTime": "2019-01-28T23:42:21Z"
 		},
 		{
-			"checksumSHA1": "Ldg2jQeyPrpAupyQq4lRVN+jfFY=",
+			"checksumSHA1": "NfVgV3CmKXGRsXk1sYVgMMRZ5Zc=",
 			"path": "github.com/hashicorp/vault-plugin-auth-kubernetes",
-			"revision": "091d9e5d5fabce920533eff31ad778778992a671",
-			"revisionTime": "2018-11-30T16:25:33Z"
+			"revision": "db96aa4ab438cbc1cf544cec758d0d16ca4e9681",
+			"revisionTime": "2019-02-01T22:22:09Z"
 		},
 		{
 			"checksumSHA1": "PmhyvCKVlEMEP6JO31ozW+CBIiE=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
 			"checksumSHA1": "GOxdFElG31lXWgKFG9aqpDcG47M=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/client",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
 			"checksumSHA1": "RaH2xTkjaToCk+RoPhap7I66ibo=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/util",
-			"revision": "540c0b6f1f113a1c6bdaa130a35ee8530c072b5a",
-			"revisionTime": "2018-11-09T18:28:34Z"
+			"revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8",
+			"revisionTime": "2019-01-31T22:24:16Z"
 		},
 		{
-			"checksumSHA1": "VLXyxS5dEoiWTSFmpMJIz+Pwtmw=",
+			"checksumSHA1": "l0xVOHA0/SIjNfrmBRbrFvMVOaw=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-alicloud",
-			"revision": "2aee79cc5cbf1bbca654dbc594f809cafc19cd8d",
-			"revisionTime": "2018-11-09T18:14:53Z"
+			"revision": "b0abe36195cb171e673a9f6425df977eff1ef825",
+			"revisionTime": "2019-01-31T21:18:12Z"
 		},
 		{
-			"checksumSHA1": "dqduixICi6NeyLNRCDdw62t1LFU=",
+			"checksumSHA1": "e96mN6plz/ApctpjvU2kiCumOl0=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-alicloud/clients",
-			"revision": "2aee79cc5cbf1bbca654dbc594f809cafc19cd8d",
-			"revisionTime": "2018-11-09T18:14:53Z"
+			"revision": "b0abe36195cb171e673a9f6425df977eff1ef825",
+			"revisionTime": "2019-01-31T21:18:12Z"
 		},
 		{
 			"checksumSHA1": "rgeBhrdLyF2orH3QA/H66ZSSbuo=",
@@ -1475,16 +1475,16 @@
 			"revisionTime": "2018-09-21T17:32:00Z"
 		},
 		{
-			"checksumSHA1": "TbPoZQkYZ7Bukdw6U+/GejbaZAs=",
+			"checksumSHA1": "StwRTX92gyH7iHkyZk4df+dLISM=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-gcpkms",
-			"revision": "6cd991800a6d7af69b1950ec4cbf402d021a099d",
-			"revisionTime": "2018-12-12T18:25:53Z"
+			"revision": "d6b25b0b4a39132ec3c02f19631b6a9bdadef042",
+			"revisionTime": "2019-01-16T16:49:38Z"
 		},
 		{
 			"checksumSHA1": "yhUUqN5rbEXnfI8WfGUofXToD+o=",
 			"path": "github.com/hashicorp/vault-plugin-secrets-kv",
-			"revision": "9dbe04db0e34c9c3c75bedcdb16d8ff78f0c54bd",
-			"revisionTime": "2018-12-19T17:59:33Z"
+			"revision": "edbfe287c5d9277cecf2c91c79ffcc34f19d2049",
+			"revisionTime": "2019-01-15T20:37:47Z"
 		},
 		{
 			"checksumSHA1": "ldkAQ1CpiAaQ9sti0qIch+UyRsI=",

From f25424679bfad0d7deac09a82ef05bea32dbc288 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Tue, 12 Feb 2019 08:55:58 -0500
Subject: [PATCH 67/84] Bump versions for release

---
 CHANGELOG.md               | 2 +-
 terraform/aws/variables.tf | 2 +-
 version/version_base.go    | 2 +-
 website/config.rb          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index de92860cc1de..7e77715ad9ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-## Next
+## 1.0.3 (February 12th, 2019)
 
 CHANGES:
 
diff --git a/terraform/aws/variables.tf b/terraform/aws/variables.tf
index 64ffc78b6215..ece9cc78df3d 100644
--- a/terraform/aws/variables.tf
+++ b/terraform/aws/variables.tf
@@ -3,7 +3,7 @@
 //-------------------------------------------------------------------
 
 variable "download-url" {
-    default = "https://releases.hashicorp.com/vault/1.0.2/vault_1.0.2_linux_amd64.zip"
+    default = "https://releases.hashicorp.com/vault/1.0.3/vault_1.0.3_linux_amd64.zip"
     description = "URL to download Vault"
 }
 
diff --git a/version/version_base.go b/version/version_base.go
index 9fe8ab27fc54..1b566a634337 100644
--- a/version/version_base.go
+++ b/version/version_base.go
@@ -2,7 +2,7 @@ package version
 
 func init() {
 	// The main version number that is being run at the moment.
-	Version = "1.0.2"
+	Version = "1.0.3"
 
 	// A pre-release marker for the version. If this is "" (empty string)
 	// then it means that it is a final release. Otherwise, this is a pre-release
diff --git a/website/config.rb b/website/config.rb
index 697dbc206fde..bdc8a4a9a7c3 100644
--- a/website/config.rb
+++ b/website/config.rb
@@ -6,7 +6,7 @@
 
 activate :hashicorp do |h|
   h.name         = "vault"
-  h.version      = "1.0.2"
+  h.version      = "1.0.3"
   h.github_slug  = "hashicorp/vault"
   h.website_root = "website"
   h.releases_enabled = true

From 85909e3373aa743c34a6a0ab59131f61fd9e8e43 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Tue, 12 Feb 2019 09:05:52 -0500
Subject: [PATCH 68/84] Cut version 1.0.3


From 04d05896c026a66507ad9bd18f2d7eb20ebf58da Mon Sep 17 00:00:00 2001
From: Brian Kassouf <briankassouf@users.noreply.github.com>
Date: Tue, 12 Feb 2019 10:52:23 -0800
Subject: [PATCH 69/84] changelog++

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7e77715ad9ec..decf7d06f56f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,11 @@ CHANGES:
    entity either by name or by id [GH-6105]
  * The Vault UI's navigation and onboarding wizard now only displays items that
    are permitted in a users' policy [GH-5980, GH-6094]
+ * An issue was fixed that caused recovery keys to not work on secondary 
+   clusters when using a different unseal mechanism/key than the primary. This 
+   would be hit if the cluster was rekeyed or initalized after 1.0. We recomend
+   rekeying the recovery keys on the primary cluster if you meet the above 
+   requirements.
 
 FEATURES:
 
@@ -47,6 +52,8 @@ BUG FIXES:
    a performance standby very quickly, before an associated entity has been
    replicated. If the entity is not found in this scenario, the request will
    forward to the active node.
+ * replication: Fix issue where recovery keys would not work on secondary 
+   clusters if using a different unseal mechanism than the primary.
  * replication: Fix a "failed to register lease" error when using performance
    standbys
  * storage/postgresql: The `Get` method will now return an Entry object with

From 144e2001112f16bba3546d55abd20e8e534ba4ab Mon Sep 17 00:00:00 2001
From: Brian Kassouf <briankassouf@users.noreply.github.com>
Date: Tue, 12 Feb 2019 11:15:21 -0800
Subject: [PATCH 70/84] changelog++

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index decf7d06f56f..4dcb052e45e7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,7 +11,7 @@ CHANGES:
    are permitted in a users' policy [GH-5980, GH-6094]
  * An issue was fixed that caused recovery keys to not work on secondary 
    clusters when using a different unseal mechanism/key than the primary. This 
-   would be hit if the cluster was rekeyed or initalized after 1.0. We recomend
+   would be hit if the cluster was rekeyed or initialized after 1.0. We recommend
    rekeying the recovery keys on the primary cluster if you meet the above 
    requirements.
 

From 2cc38dd25e34420f498e0f7ab53a95a084372db0 Mon Sep 17 00:00:00 2001
From: vishalnayak <vishalnayakv@gmail.com>
Date: Tue, 12 Feb 2019 14:27:17 -0500
Subject: [PATCH 71/84] Update transit docs

---
 website/source/docs/secrets/transit/index.html.md | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/website/source/docs/secrets/transit/index.html.md b/website/source/docs/secrets/transit/index.html.md
index 7bf6998fe7f5..881bac6253f2 100644
--- a/website/source/docs/secrets/transit/index.html.md
+++ b/website/source/docs/secrets/transit/index.html.md
@@ -32,13 +32,14 @@ disabled to accommodate auditing requirements.
 
 ## Working Set Management
 
-This secrets engine does not currently delete keys. Keys that are out of the
-working set (earlier than a key's specified `min_decryption_version` are
-instead archived. This is a performance consideration to keep key loading fast,
-as well as a security consideration: by disallowing decryption of old versions
-of keys, found ciphertext corresponding to obsolete (but sensitive) data can
-not be decrypted by most users, but in an emergency the
-`min_decryption_version` can be moved back to allow for legitimate decryption.
+The Transit engine supports versioning of keys. Key versions that are earlier
+than a key's specified `min_decryption_version` gets archived, and the rest of
+the key versions belong to the working set. This is a performance consideration
+to keep key loading fast, as well as a security consideration: by disallowing
+decryption of old versions of keys, found ciphertext corresponding to obsolete
+(but sensitive) data can not be decrypted by most users, but in an emergency
+the `min_decryption_version` can be moved back to allow for legitimate
+decryption.
 
 Currently this archive is stored in a single storage entry. With some storage
 backends, notably those using Raft or Paxos for HA capabilities, frequent

From 94106d57528360aec1c9e1bcb5efe8e7e4f95393 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Tue, 12 Feb 2019 14:43:05 -0500
Subject: [PATCH 72/84] add tests for openapi util

---
 ui/tests/unit/utils/openapi-to-attrs-test.js | 136 +++++++++++++++++++
 1 file changed, 136 insertions(+)
 create mode 100644 ui/tests/unit/utils/openapi-to-attrs-test.js

diff --git a/ui/tests/unit/utils/openapi-to-attrs-test.js b/ui/tests/unit/utils/openapi-to-attrs-test.js
new file mode 100644
index 000000000000..2a3293115492
--- /dev/null
+++ b/ui/tests/unit/utils/openapi-to-attrs-test.js
@@ -0,0 +1,136 @@
+import { expandOpenApiProps, combineAttributes, combineFieldGroups } from 'vault/utils/openapi-to-attrs';
+import { module, test } from 'qunit';
+import DS from 'ember-data';
+const { attr } = DS;
+
+module('Unit | Util | OpenAPI Data Utilities', function() {
+  const OPENAPI_RESPONSE_PROPS = {
+    ttl: {
+      type: 'string',
+      format: 'seconds',
+      'x-vault-displayName': 'TTL',
+    },
+    'awesome-people': {
+      type: 'array',
+      items: {
+        type: 'string',
+      },
+    },
+  };
+  const EXPANDED_PROPS = {
+    ttl: {
+      editType: 'ttl',
+      type: 'string',
+      label: 'TTL',
+    },
+    awesomePeople: {
+      editType: 'stringArray',
+      type: 'array',
+    },
+  };
+
+  const EXISTING_MODEL_ATTRS = [
+    {
+      key: 'name',
+      value: {
+        isAttribute: true,
+        name: 'name',
+        options: {
+          editType: 'string',
+          label: 'Role name',
+        },
+      },
+    },
+    {
+      key: 'awesomePeople',
+      value: {
+        isAttribute: true,
+        name: 'awesomePeople',
+        options: {
+          label: 'People Who Are Awesome',
+        },
+      },
+    },
+  ];
+
+  const COMBINED_ATTRS = {
+    name: attr('string', {
+      editType: 'string',
+      type: 'string',
+      label: 'Role name',
+    }),
+    ttl: attr('string', {
+      editType: 'ttl',
+      type: 'string',
+      label: 'TTL',
+    }),
+    awesomePeople: attr({
+      label: 'People Who Are Awesome',
+      editType: 'stringArray',
+      type: 'array',
+    }),
+  };
+
+  const NEW_FIELDS = ['one', 'two', 'three'];
+
+  test('it creates objects from OpenAPI schema props', function(assert) {
+    const generatedProps = expandOpenApiProps(OPENAPI_RESPONSE_PROPS);
+    for (let propName in EXPANDED_PROPS) {
+      assert.deepEqual(EXPANDED_PROPS[propName], generatedProps[propName], `correctly expands ${propName}`);
+    }
+  });
+
+  test('it combines OpenAPI props with existing model attrs', function(assert) {
+    const combined = combineAttributes(EXISTING_MODEL_ATTRS, EXPANDED_PROPS);
+    for (let propName in EXISTING_MODEL_ATTRS) {
+      assert.deepEqual(COMBINED_ATTRS[propName], combined[propName]);
+    }
+  });
+
+  test('it adds new fields from OpenAPI to fieldGroups except for exclusions', function(assert) {
+    let modelFieldGroups = [
+      { default: ['name', 'awesomePeople'] },
+      {
+        Options: ['ttl'],
+      },
+    ];
+    const excludedFields = ['two'];
+    const expectedGroups = [
+      { default: ['name', 'awesomePeople', 'one', 'three'] },
+      {
+        Options: ['ttl'],
+      },
+    ];
+    const newFieldGroups = combineFieldGroups(modelFieldGroups, NEW_FIELDS, excludedFields);
+    for (let groupName in modelFieldGroups) {
+      assert.deepEqual(
+        newFieldGroups[groupName],
+        expectedGroups[groupName],
+        'it incorporates all new fields except for those excluded'
+      );
+    }
+  });
+  test('it adds all new fields from OpenAPI to fieldGroups when excludedFields is empty', function(assert) {
+    let modelFieldGroups = [
+      { default: ['name', 'awesomePeople'] },
+      {
+        Options: ['ttl'],
+      },
+    ];
+    const excludedFields = [];
+    const expectedGroups = [
+      { default: ['name', 'awesomePeople', 'one', 'two', 'three'] },
+      {
+        Options: ['ttl'],
+      },
+    ];
+    const nonExcludedFieldGroups = combineFieldGroups(modelFieldGroups, NEW_FIELDS, excludedFields);
+    for (let groupName in modelFieldGroups) {
+      assert.deepEqual(
+        nonExcludedFieldGroups[groupName],
+        expectedGroups[groupName],
+        'it incorporates all new fields'
+      );
+    }
+  });
+});

From 632189dfb1cf157467454a6258565c3a454a4a2b Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 12:03:07 -0500
Subject: [PATCH 73/84] remove unnecessary lines per Matthew's review

---
 ui/app/models/auth-config/azure.js            |  4 ++
 ui/app/services/path-help.js                  | 51 ++++++++++---------
 ui/app/transforms/integer.js                  | 22 --------
 .../secrets/backend/pki/cert-test.js          |  1 -
 .../secrets/backend/pki/generate-cert.js      |  1 -
 5 files changed, 32 insertions(+), 47 deletions(-)
 delete mode 100644 ui/app/transforms/integer.js

diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
index 6ef8a3f507f0..22c13eb30e14 100644
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@@ -8,6 +8,10 @@ const { attr } = DS;
 
 export default AuthConfig.extend({
   useOpenAPI: true,
+  pathInfo: {
+    pathPrefix: 'v1/auth',
+    path: 'auth-config/azure',
+  },
   tenantId: attr('string', {
     label: 'Tenant ID',
     helpText: 'The tenant ID for the Azure Active Directory organization',
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 0d4508b6fe96..3ad0b7a4c9d4 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -1,5 +1,8 @@
-// Low level service that allows users to input paths to make requests to vault
-// this service provides the UI synecdote to the cli commands read, write, delete, and list
+/*
+  This service is used to pull an OpenAPI document describing the
+  shape of data at a specific path to hydrate a model with attrs it
+  has less (or no) information about.
+*/
 import Service from '@ember/service';
 
 import { getOwner } from '@ember/application';
@@ -21,27 +24,8 @@ export default Service.extend({
     });
   },
 
-  getNewModel(modelType, backend, owner) {
-    let name = `model:${modelType}`;
-    let newModel = owner.factoryFor(name).class;
-    if (newModel.merged || !newModel.prototype.useOpenAPI === true) {
-      return resolve();
-    }
-
-    return this.getProps(modelType, backend).then(props => {
-      if (owner.hasRegistration(name) && !newModel.merged) {
-        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
-        newModel = newModel.extend(attrs, { newFields });
-      } else {
-        //generate a whole new model
-      }
-
-      newModel.reopenClass({ merged: true });
-      owner.unregister(name);
-      owner.register(name, newModel);
-    });
-  },
-
+  //Determines path health endpoint and makes a call to grab the
+  //OpenAPI document
   getProps(modelType, backend) {
     let adapter = getOwner(this).lookup(`adapter:${modelType}`);
     let path = adapter.pathForType();
@@ -86,4 +70,25 @@ export default Service.extend({
       return expandOpenApiProps(props);
     });
   },
+
+  getNewModel(modelType, backend, owner) {
+    let name = `model:${modelType}`;
+    let newModel = owner.factoryFor(name).class;
+    if (newModel.merged || newModel.prototype.useOpenAPI !== true) {
+      return resolve();
+    }
+
+    return this.getProps(modelType, backend).then(props => {
+      if (owner.hasRegistration(name) && !newModel.merged) {
+        let { attrs, newFields } = combineAttributes(newModel.attributes, props);
+        newModel = newModel.extend(attrs, { newFields });
+      } else {
+        //generate a whole new model
+      }
+
+      newModel.reopenClass({ merged: true });
+      owner.unregister(name);
+      owner.register(name, newModel);
+    });
+  },
 });
diff --git a/ui/app/transforms/integer.js b/ui/app/transforms/integer.js
deleted file mode 100644
index 493f6040c23c..000000000000
--- a/ui/app/transforms/integer.js
+++ /dev/null
@@ -1,22 +0,0 @@
-import { isEmpty } from '@ember/utils';
-import DS from 'ember-data';
-
-/*
-  DS.attr('integer')
-*/
-export default DS.Transform.extend({
-  deserialize: function(value) {
-    if (isEmpty(value)) {
-      return null;
-    } else {
-      return value;
-    }
-  },
-  serialize: function(value) {
-    if (isEmpty(value)) {
-      return null;
-    } else {
-      return value;
-    }
-  },
-});
diff --git a/ui/tests/acceptance/secrets/backend/pki/cert-test.js b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
index 46e9bbf7905f..cb437044f28e 100644
--- a/ui/tests/acceptance/secrets/backend/pki/cert-test.js
+++ b/ui/tests/acceptance/secrets/backend/pki/cert-test.js
@@ -47,7 +47,6 @@ elRplAzrMF4=
   };
 
   test('it issues a cert', async function(assert) {
-    debugger; //eslint-disable-line
     await setup(assert);
 
     await generatePage.issueCert('foo');
diff --git a/ui/tests/pages/secrets/backend/pki/generate-cert.js b/ui/tests/pages/secrets/backend/pki/generate-cert.js
index 7c098b6675c1..38c22e0ff724 100644
--- a/ui/tests/pages/secrets/backend/pki/generate-cert.js
+++ b/ui/tests/pages/secrets/backend/pki/generate-cert.js
@@ -14,7 +14,6 @@ export default create({
   hasCert: isPresent('[data-test-row-value="Certificate"]'),
   fillInField: fillable('[data-test-field]'),
   issueCert: async function(commonName) {
-    debugger; //eslint-disable-line
     await this.commonName(commonName)
       .toggleOptions()
       .fillInField('unit', 'h')

From ca1b124ce090da1c47752b4bad16ff2c2dae7e9a Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 18:01:40 -0500
Subject: [PATCH 74/84] move openAPI path information into the model so the
 service doesn't need to know anything about it

---
 ui/app/adapters/auth-config/azure.js          |  6 +--
 ui/app/adapters/auth-config/gcp.js            |  6 +--
 ui/app/adapters/auth-config/github.js         |  6 +--
 ui/app/adapters/auth-config/kubernetes.js     |  6 +--
 ui/app/adapters/auth-config/ldap.js           |  6 +--
 ui/app/adapters/auth-config/okta.js           |  6 +--
 ui/app/adapters/auth-config/radius.js         |  6 +--
 ui/app/models/auth-config.js                  |  6 +++
 ui/app/models/auth-config/azure.js            |  4 --
 ui/app/models/auth-config/kubernetes.js       |  4 --
 ui/app/models/auth-config/okta.js             |  4 --
 ui/app/models/auth-config/radius.js           | 22 --------
 ui/app/models/role-pki.js                     |  7 ++-
 ui/app/models/role-ssh.js                     | 10 ++++
 .../vault/cluster/secrets/backend/list.js     |  2 +-
 .../cluster/secrets/backend/secret-edit.js    |  2 +-
 .../settings/auth/configure/section.js        |  2 +-
 ui/app/services/path-help.js                  | 52 +++----------------
 18 files changed, 40 insertions(+), 117 deletions(-)

diff --git a/ui/app/adapters/auth-config/azure.js b/ui/app/adapters/auth-config/azure.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/azure.js
+++ b/ui/app/adapters/auth-config/azure.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/gcp.js b/ui/app/adapters/auth-config/gcp.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/gcp.js
+++ b/ui/app/adapters/auth-config/gcp.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/github.js b/ui/app/adapters/auth-config/github.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/github.js
+++ b/ui/app/adapters/auth-config/github.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/kubernetes.js b/ui/app/adapters/auth-config/kubernetes.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/kubernetes.js
+++ b/ui/app/adapters/auth-config/kubernetes.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/ldap.js b/ui/app/adapters/auth-config/ldap.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/ldap.js
+++ b/ui/app/adapters/auth-config/ldap.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/okta.js b/ui/app/adapters/auth-config/okta.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/okta.js
+++ b/ui/app/adapters/auth-config/okta.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/adapters/auth-config/radius.js b/ui/app/adapters/auth-config/radius.js
index 67b726f2cb1e..e43cb2ea860f 100644
--- a/ui/app/adapters/auth-config/radius.js
+++ b/ui/app/adapters/auth-config/radius.js
@@ -1,7 +1,3 @@
 import AuthConfig from './_base';
 
-export default AuthConfig.extend({
-  pathForType() {
-    return 'config';
-  },
-});
+export default AuthConfig.extend();
diff --git a/ui/app/models/auth-config.js b/ui/app/models/auth-config.js
index b3b86c4af9d9..4f9cb0235534 100644
--- a/ui/app/models/auth-config.js
+++ b/ui/app/models/auth-config.js
@@ -3,4 +3,10 @@ const { belongsTo } = DS;
 
 export default DS.Model.extend({
   backend: belongsTo('auth-method', { inverse: 'authConfigs', readOnly: true, async: false }),
+  getOpenApiInfo: function(backend) {
+    return {
+      helpUrl: `/v1/auth/${backend}/config?help=1`,
+      path: `/config`,
+    };
+  },
 });
diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
index 22c13eb30e14..6ef8a3f507f0 100644
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@@ -8,10 +8,6 @@ const { attr } = DS;
 
 export default AuthConfig.extend({
   useOpenAPI: true,
-  pathInfo: {
-    pathPrefix: 'v1/auth',
-    path: 'auth-config/azure',
-  },
   tenantId: attr('string', {
     label: 'Tenant ID',
     helpText: 'The tenant ID for the Azure Active Directory organization',
diff --git a/ui/app/models/auth-config/kubernetes.js b/ui/app/models/auth-config/kubernetes.js
index af3ebe14109b..8eb0b0913e4a 100644
--- a/ui/app/models/auth-config/kubernetes.js
+++ b/ui/app/models/auth-config/kubernetes.js
@@ -10,25 +10,21 @@ const { attr } = DS;
 export default AuthConfig.extend({
   useOpenAPI: true,
   kubernetesHost: attr('string', {
-    label: 'Kubernetes Host',
     helpText:
       'Host must be a host string, a host:port pair, or a URL to the base of the Kubernetes API server',
   }),
 
   kubernetesCaCert: attr('string', {
-    label: 'Kubernetes CA Certificate',
     editType: 'file',
     helpText: 'PEM encoded CA cert for use by the TLS client used to talk with the Kubernetes API',
   }),
 
   tokenReviewerJwt: attr('string', {
-    label: 'Token Reviewer JWT',
     helpText:
       'A service account JWT used to access the TokenReview API to validate other JWTs during login. If not set the JWT used for login will be used to access the API',
   }),
 
   pemKeys: attr({
-    label: 'Service account verification keys',
     editType: 'stringArray',
   }),
 
diff --git a/ui/app/models/auth-config/okta.js b/ui/app/models/auth-config/okta.js
index c9baf9868273..ae76e70777b1 100644
--- a/ui/app/models/auth-config/okta.js
+++ b/ui/app/models/auth-config/okta.js
@@ -9,22 +9,18 @@ const { attr } = DS;
 export default AuthConfig.extend({
   useOpenAPI: true,
   orgName: attr('string', {
-    label: 'Organization Name',
     helpText: 'Name of the organization to be used in the Okta API',
   }),
   apiToken: attr('string', {
-    label: 'API Token',
     helpText:
       'Okta API token. This is required to query Okta for user group membership. If this is not supplied only locally configured groups will be enabled.',
   }),
   baseUrl: attr('string', {
-    label: 'Base URL',
     helpText:
       'If set, will be used as the base domain for API requests. Examples are okta.com, oktapreview.com, and okta-emea.com',
   }),
   bypassOktaMfa: attr('boolean', {
     defaultValue: false,
-    label: 'Bypass Okta MFA',
     helpText:
       "Useful if Vault's built-in MFA mechanisms. Will also cause certain other statuses to be ignored, such as PASSWORD_EXPIRED",
   }),
diff --git a/ui/app/models/auth-config/radius.js b/ui/app/models/auth-config/radius.js
index 720d7c1307a6..7479c5a8b743 100644
--- a/ui/app/models/auth-config/radius.js
+++ b/ui/app/models/auth-config/radius.js
@@ -9,30 +9,8 @@ const { attr } = DS;
 export default AuthConfig.extend({
   useOpenAPI: true,
   host: attr('string'),
-
-  port: attr('number', {
-    defaultValue: 1812,
-  }),
-
   secret: attr('string'),
 
-  unregisteredUserPolicies: attr('string', {
-    label: 'Policies for unregistered users',
-  }),
-
-  dialTimeout: attr('number', {
-    defaultValue: 10,
-  }),
-
-  nasPort: attr('number', {
-    defaultValue: 10,
-    label: 'NAS Port',
-  }),
-
-  nasIdentifier: attr('string', {
-    label: 'NAS Identifier',
-  }),
-
   fieldGroups: computed(function() {
     let groups = [
       {
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 252eba00dc7f..6ea9e2c9e109 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -16,7 +16,12 @@ export default DS.Model.extend({
     readOnly: true,
   }),
   useOpenAPI: true,
-
+  getOpenApiInfo: function(backend) {
+    return {
+      helpUrl: `/v1/${backend}/roles/example?help=1`,
+      path: `/roles/{name}`,
+    };
+  },
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
   canEdit: alias('updatePath.canUpdate'),
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 8e9f232b9de1..71f2c00826b8 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -38,8 +38,15 @@ const CA_FIELDS = [
   'allowUserKeyIds',
   'keyIdFormat',
 ];
+
 export default DS.Model.extend({
   useOpenAPI: true,
+  getOpenApiInfo: function(backend) {
+    return {
+      helpUrl: `/v1/${backend}/roles/example?help=1`,
+      path: `/roles/{role}`,
+    };
+  },
   zeroAddress: attr('boolean', {
     readOnly: true,
   }),
@@ -51,6 +58,9 @@ export default DS.Model.extend({
     fieldValue: 'id',
     readOnly: true,
   }),
+  keyType: attr('string', {
+    possibleValues: ['ca', 'otp'],
+  }),
   adminUser: attr('string', {
     helpText: 'Username of the admin user at the remote host',
   }),
diff --git a/ui/app/routes/vault/cluster/secrets/backend/list.js b/ui/app/routes/vault/cluster/secrets/backend/list.js
index ea247b7e731d..cdf5e6ac1f86 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/list.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/list.js
@@ -36,7 +36,7 @@ export default Route.extend({
       return this.replaceWith('vault.cluster.secrets.backend.list', secret + '/');
     }
     let modelType = this.getModelType(backend, tab);
-    return this.pathHelp.getNewModel(modelType, backend, owner).then(() => {
+    return this.pathHelp.getNewModel(modelType, owner, backend).then(() => {
       this.store.unloadAll('capabilities');
     });
   },
diff --git a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
index 3b55f3e70de8..f87573a5dee1 100644
--- a/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
+++ b/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js
@@ -58,7 +58,7 @@ export default Route.extend(UnloadModelRoute, {
       return resolve();
     }
     let owner = getOwner(this);
-    return this.pathHelp.getNewModel(modelType, backend, owner);
+    return this.pathHelp.getNewModel(modelType, owner, backend);
   },
 
   modelType(backend, secret) {
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index 8a8bd3926f04..6ee745bebf45 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -36,7 +36,7 @@ export default Route.extend(UnloadModelRoute, {
     const backend = this.modelFor('vault.cluster.settings.auth.configure');
     const modelType = this.modelType(backend.type, section_name);
     let owner = getOwner(this);
-    return this.pathHelp.getNewModel(modelType, method, owner);
+    return this.pathHelp.getNewModel(modelType, owner, method);
   },
 
   model(params) {
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 3ad0b7a4c9d4..6e3234c7d80a 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -24,61 +24,25 @@ export default Service.extend({
     });
   },
 
-  //Determines path health endpoint and makes a call to grab the
-  //OpenAPI document
-  getProps(modelType, backend) {
-    let adapter = getOwner(this).lookup(`adapter:${modelType}`);
-    let path = adapter.pathForType();
-    const authMethods = [
-      'auth-config/ldap',
-      'auth-config/github',
-      'auth-config/okta',
-      'auth-config/radius',
-      'auth-config/cert',
-      'auth-config/gcp',
-      'auth-config/azure',
-      'auth-config/kubernetes',
-    ];
-    let helpUrl = authMethods.includes(modelType)
-      ? `/v1/auth/${backend}/${path}?help=1`
-      : `/v1/${backend}/${path}/example?help=1`;
-    let wildcard;
-    switch (path) {
-      case 'roles':
-        if (modelType === 'role-ssh') {
-          wildcard = 'role';
-        } else {
-          wildcard = 'name';
-        }
-        break;
-      case 'mounts':
-        if (modelType === 'secret') {
-          wildcard = 'path';
-        } else {
-          wildcard = 'config';
-        }
-        break;
-      case 'sign':
-      case 'issue':
-        wildcard = 'role';
-        break;
-    }
-
+  //Makes a call to grab the OpenAPI document.
+  //Returns relevant information from OpenAPI
+  //as determined by the expandOpenApiProps util
+  getProps(helpUrl, path, backend) {
     return this.ajax(helpUrl, backend).then(help => {
-      let fullPath = wildcard ? `/${path}/{${wildcard}}` : `/${path}`;
-      let props = help.openapi.paths[fullPath].post.requestBody.content['application/json'].schema.properties;
+      let props = help.openapi.paths[path].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
     });
   },
 
-  getNewModel(modelType, backend, owner) {
+  getNewModel(modelType, owner, backend) {
     let name = `model:${modelType}`;
     let newModel = owner.factoryFor(name).class;
     if (newModel.merged || newModel.prototype.useOpenAPI !== true) {
       return resolve();
     }
+    let { helpUrl, path } = newModel.prototype.getOpenApiInfo(backend);
 
-    return this.getProps(modelType, backend).then(props => {
+    return this.getProps(helpUrl, path, backend).then(props => {
       if (owner.hasRegistration(name) && !newModel.merged) {
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
         newModel = newModel.extend(attrs, { newFields });

From 3584c3eb6594cef7582ff57a64d967e05ee3e865 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 18:27:58 -0500
Subject: [PATCH 75/84] remove all config from mount backend form

---
 ui/app/components/mount-backend-form.js       |  96 +++---------
 .../vault/cluster/settings/auth/enable.js     |   8 +-
 .../components/mount-backend-form.hbs         | 148 +++++++++++-------
 .../vault/cluster/settings/auth/enable.hbs    |   5 +-
 4 files changed, 109 insertions(+), 148 deletions(-)

diff --git a/ui/app/components/mount-backend-form.js b/ui/app/components/mount-backend-form.js
index c18bec40f72e..80cb02502873 100644
--- a/ui/app/components/mount-backend-form.js
+++ b/ui/app/components/mount-backend-form.js
@@ -21,7 +21,6 @@ export default Component.extend({
    *
    */
   onMountSuccess() {},
-  onConfigError() {},
   /*
    * @param String
    * @public
@@ -41,18 +40,18 @@ export default Component.extend({
    */
   mountModel: null,
 
-  showConfig: false,
+  showEnable: false,
 
   init() {
     this._super(...arguments);
-    const type = this.get('mountType');
+    const type = this.mountType;
     const modelType = type === 'secret' ? 'secret-engine' : 'auth-method';
-    const model = this.get('store').createRecord(modelType);
+    const model = this.store.createRecord(modelType);
     this.set('mountModel', model);
   },
 
   mountTypes: computed('mountType', function() {
-    return this.get('mountType') === 'secret' ? ENGINES : METHODS;
+    return this.mountType === 'secret' ? ENGINES : METHODS;
   }),
 
   willDestroy() {
@@ -60,26 +59,10 @@ export default Component.extend({
     this.get('mountModel').rollbackAttributes();
   },
 
-  changeConfigModel() {
-    let mount = this.get('mountModel');
-    if (this.get('mountType') === 'secret') {
-      return;
-    }
-    let configRef = mount.hasMany('authConfigs').value();
-    let currentConfig = configRef && configRef.get('firstObject');
-    if (currentConfig) {
-      // rollbackAttributes here will remove the the config model from the store
-      // because `isNew` will be true
-      currentConfig.rollbackAttributes();
-      currentConfig.unloadRecord();
-    }
-    return;
-  },
-
   checkPathChange(type) {
-    let mount = this.get('mountModel');
-    let currentPath = mount.get('path');
-    let list = this.get('mountTypes');
+    let mount = this.mountModel;
+    let currentPath = mount.path;
+    let list = this.mountTypes;
     // if the current path matches a type (meaning the user hasn't altered it),
     // change it here to match the new type
     let isUnchanged = list.findBy('type', currentPath);
@@ -89,7 +72,7 @@ export default Component.extend({
   },
 
   mountBackend: task(function*() {
-    const mountModel = this.get('mountModel');
+    const mountModel = this.mountModel;
     const { type, path } = mountModel.getProperties('type', 'path');
     try {
       yield mountModel.save();
@@ -98,70 +81,27 @@ export default Component.extend({
       return;
     }
 
-    let mountType = this.get('mountType');
+    let mountType = this.mountType;
     mountType = mountType === 'secret' ? `${mountType}s engine` : `${mountType} method`;
-    this.get('flashMessages').success(`Successfully mounted the ${type} ${mountType} at ${path}.`);
-    if (this.get('mountType') === 'secret') {
-      yield this.get('onMountSuccess')(type, path);
-      return;
-    }
-    yield this.get('saveConfig').perform(mountModel);
-  }).drop(),
-
-  advanceWizard() {
-    this.get('wizard').transitionFeatureMachine(
-      this.get('wizard.featureState'),
-      'CONTINUE',
-      this.get('mountModel').get('type')
-    );
-  },
-  saveConfig: task(function*(mountModel) {
-    const configRef = mountModel.hasMany('authConfigs').value();
-    const { type, path } = mountModel.getProperties('type', 'path');
-    if (!configRef) {
-      this.advanceWizard();
-      yield this.get('onMountSuccess')(type, path);
-      return;
-    }
-    const config = configRef.get('firstObject');
-    try {
-      if (config && Object.keys(config.changedAttributes()).length) {
-        yield config.save();
-        this.advanceWizard();
-        this.get('flashMessages').success(
-          `The config for ${type} ${this.get('mountType')} method at ${path} was saved successfully.`
-        );
-      }
-      yield this.get('onMountSuccess')(type, path);
-    } catch (err) {
-      this.get('flashMessages').danger(
-        `There was an error saving the configuration for ${type} ${this.get(
-          'mountType'
-        )} method at ${path}. ${err.errors.join(' ')}`
-      );
-      yield this.get('onConfigError')(mountModel.id);
-    }
+    this.flashMessages.success(`Successfully mounted the ${type} ${mountType} at ${path}.`);
+    yield this.onMountSuccess(type, path);
+    return;
   }).drop(),
 
   actions: {
     onTypeChange(path, value) {
       if (path === 'type') {
-        this.get('wizard').set('componentState', value);
-        this.changeConfigModel();
+        this.wizard.set('componentState', value);
         this.checkPathChange(value);
       }
     },
 
-    toggleShowConfig(value) {
-      this.set('showConfig', value);
-      if (value === true && this.get('wizard.featureState') === 'idle') {
-        this.advanceWizard();
+    toggleShowEnable(value) {
+      this.set('showEnable', value);
+      if (value === true && this.wizard.featureState === 'idle') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE', this.mountModel.type);
       } else {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'RESET',
-          this.get('mountModel').get('type')
-        );
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'RESET', this.mountModel.type);
       }
     },
   },
diff --git a/ui/app/controllers/vault/cluster/settings/auth/enable.js b/ui/app/controllers/vault/cluster/settings/auth/enable.js
index 48890bd1ef56..4fe59971b0d3 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/enable.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/enable.js
@@ -5,13 +5,9 @@ export default Controller.extend({
   wizard: service(),
   actions: {
     onMountSuccess: function(type, path) {
-      // We have to remove the trailing '/' from the path to succcessfully redirect with the right params.
-      const authPath = path.slice(0, -1);
-      let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', authPath);
+      this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
+      let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', path);
       return transition.followRedirects();
     },
-    onConfigError: function(modelId) {
-      return this.transitionToRoute('vault.cluster.settings.auth.configure', modelId);
-    },
   },
 });
diff --git a/ui/app/templates/components/mount-backend-form.hbs b/ui/app/templates/components/mount-backend-form.hbs
index 82361af0f51c..090acb49621b 100644
--- a/ui/app/templates/components/mount-backend-form.hbs
+++ b/ui/app/templates/components/mount-backend-form.hbs
@@ -1,96 +1,124 @@
 <PageHeader as |p|>
   <p.levelLeft>
-    <h1 class="title is-3" data-test-mount-form-header=true>
+    <h1 class="title is-3" data-test-mount-form-header="true">
       {{#if showConfig}}
-        {{#with (find-by 'type' mountModel.type mountTypes) as |typeInfo|}}
-          <ICon @size=24 @glyph={{concat "enable/" (or typeInfo.glyph typeInfo.type)}} @class="has-text-grey-light" />
+        {{#with (find-by "type" mountModel.type mountTypes) as |typeInfo|}}
+          <ICon
+            @size="24"
+            @glyph={{concat "enable/" (or typeInfo.glyph typeInfo.type)}}
+            @class="has-text-grey-light"
+           />
+
           {{#if (eq mountType "auth")}}
-            Enable {{typeInfo.displayName}} authentication method
+            Enable{{typeInfo.displayName}}authentication method
           {{else}}
-            Enable {{typeInfo.displayName}} secrets engine
+            Enable{{typeInfo.displayName}}secrets engine
           {{/if}}
         {{/with}}
+      {{else if (eq mountType "auth")}}
+        Enable an authentication method
       {{else}}
-        {{#if (eq mountType "auth")}}
-          Enable an authentication method
-        {{else}}
-          Enable a secrets engine
-        {{/if}}
+        Enable a secrets engine
       {{/if}}
     </h1>
   </p.levelLeft>
 </PageHeader>
 <form {{action (perform mountBackend) on="submit"}}>
   <div class="box is-sideless is-fullwidth is-marginless">
-    <NamespaceReminder @mode="enable" @noun={{if (eq mountType "auth") "auth method" "secret engine"}} />
+    <NamespaceReminder
+      @mode="enable"
+      @noun={{if (eq mountType "auth") "auth method" "secret engine"}}
+     />
+
     {{message-error model=mountModel}}
-    {{#if showConfig}}
-      {{form-field-groups model=mountModel onChange=(action "onTypeChange") renderGroup="default"}}
-      {{#if mountModel.authConfigs.firstObject}}
-        {{form-field-groups model=mountModel.authConfigs.firstObject}}
-      {{/if}}
-      {{form-field-groups model=mountModel onChange=(action "onTypeChange") renderGroup="Method Options"}}
+    {{#if showEnable}}
+      {{form-field-groups
+        model=mountModel
+        onChange=(action "onTypeChange")
+        renderGroup="default"
+      }}
+      {{form-field-groups
+        model=mountModel
+        onChange=(action "onTypeChange")
+        renderGroup="Method Options"
+      }}
     {{else}}
       {{#each (array "generic" "cloud" "infra") as |category|}}
         <h3 class="title box-radio-header">
           {{capitalize category}}
         </h3>
         <div class="box-radio-container">
-        {{#each (filter-by "category" category mountTypes) as |type|}}
-          <label
-            for={{type.type}}
-            class="box-radio{{if (eq mountModel.type type.type) " is-selected"}}"
-            data-test-mount-type-radio
-            data-test-mount-type={{type.type}}
-          >
-            <ICon @size=36 @excludeIconClass={{true}} @glyph={{concat "enable/" (or type.glyph type.type)}} @class="has-text-grey-light" />
-            {{type.displayName}}
-            <RadioButton
-              @value={{type.type}}
-              @radioClass="radio"
-              @groupValue={{mountModel.type}}
-              @changed={{queue (action (mut mountModel.type)) (action "onTypeChange" "type")}}
-              @name="mount-type"
-              @radioId={{type.type}}
-            />
-            <label for={{type.type}}></label>
-          </label>
-        {{/each}}
+          {{#each (filter-by "category" category mountTypes) as |type|}}
+            <label
+              for={{type.type}}
+              class="box-radio
+                {{if (eq mountModel.type type.type) " is-selected"}}"
+              data-test-mount-type-radio
+              data-test-mount-type={{type.type}}
+            >
+              <ICon
+                @size="36"
+                @excludeIconClass={{true}}
+                @glyph={{concat "enable/" (or type.glyph type.type)}}
+                @class="has-text-grey-light"
+               />
+
+              {{type.displayName}}
+              <RadioButton
+                @value={{type.type}}
+                @radioClass="radio"
+                @groupValue={{mountModel.type}}
+                @changed={{queue
+                  (action (mut mountModel.type))
+                  (action "onTypeChange" "type")
+                }}
+                @name="mount-type"
+                @radioId={{type.type}}
+               />
+
+              <label for={{type.type}}></label>
+            </label>
+          {{/each}}
         </div>
       {{/each}}
     {{/if}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
-    {{#if showConfig}}
-    <div class="control">
-      <button type="submit" data-test-mount-submit=true class="button is-primary {{if mountBackend.isRunning 'loading'}}" disabled={{mountBackend.isRunning}}>
-        {{#if (eq mountType "auth")}}
-          Enable Method
-        {{else}}
-          Enable Engine
-        {{/if}}
-      </button>
-    </div>
-    <div class="control">
-      <button
-        data-test-mount-back
-        type="button"
-        class="button"
-        onclick={{action "toggleShowConfig" false}}
-       >
-         Back
-      </button>
-    </div>
+    {{#if showEnable}}
+      <div class="control">
+        <button
+          type="submit"
+          data-test-mount-submit="true"
+          class="button is-primary {{if mountBackend.isRunning "loading"}}"
+          disabled={{mountBackend.isRunning}}
+        >
+          {{#if (eq mountType "auth")}}
+            Enable Method
+          {{else}}
+            Enable Engine
+          {{/if}}
+        </button>
+      </div>
+      <div class="control">
+        <button
+          data-test-mount-back
+          type="button"
+          class="button"
+          onclick={{action "toggleShowEnable" false}}
+        >
+          Back
+        </button>
+      </div>
     {{else}}
       <button
         data-test-mount-next
         type="button"
         class="button is-primary"
-        onclick={{action "toggleShowConfig" true}}
+        onclick={{action "toggleShowEnable" true}}
         disabled={{not mountModel.type}}
-        >
+      >
         Next
       </button>
     {{/if}}
   </div>
-</form>
+</form>
\ No newline at end of file
diff --git a/ui/app/templates/vault/cluster/settings/auth/enable.hbs b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
index 2c020455324d..086bf983f8b8 100644
--- a/ui/app/templates/vault/cluster/settings/auth/enable.hbs
+++ b/ui/app/templates/vault/cluster/settings/auth/enable.hbs
@@ -1,4 +1 @@
-<MountBackendForm
-  @onMountSuccess={{action "onMountSuccess"}}
-  @onConfigError={{action "onConfigError"}}
- />
+<MountBackendForm @onMountSuccess={{action "onMountSuccess"}} />
\ No newline at end of file

From 17850298c3b532df65539ed7459bc2f87819f0fc Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 18:45:15 -0500
Subject: [PATCH 76/84] use try/catch in tasks instead of promises

---
 ui/app/components/auth-config-form/config.js  | 32 +++++++++----------
 ui/app/components/auth-config-form/options.js | 32 +++++++++----------
 .../vault/cluster/settings/auth/enable.js     |  2 +-
 3 files changed, 31 insertions(+), 35 deletions(-)

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index abc105dbe7b5..8270470553ca 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -11,23 +11,21 @@ const AuthConfigBase = Component.extend({
   router: service(),
   wizard: service(),
   saveModel: task(function*() {
-    yield this.model
-      .save()
-      .then(() => {
-        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
-          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
-        }
-        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
-        this.flashMessages.success('The configuration was saved successfully.');
-      })
-      .catch(err => {
-        // AdapterErrors are handled by the error-message component
-        // in the form
-        if (err instanceof DS.AdapterError === false) {
-          throw err;
-        }
-        return;
-      });
+    try {
+      yield this.model.save();
+      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+      }
+      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+      this.flashMessages.success('The configuration was saved successfully.');
+    } catch (err) {
+      // AdapterErrors are handled by the error-message component
+      // in the form
+      if (err instanceof DS.AdapterError === false) {
+        throw err;
+      }
+      return;
+    }
   }),
 });
 
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index c63d3a6940bb..e62163502e58 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -9,22 +9,20 @@ export default AuthConfigComponent.extend({
   saveModel: task(function*() {
     let data = this.model.config.serialize();
     data.description = this.model.description;
-    yield this.model
-      .tune(data)
-      .then(() => {
-        if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
-          this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
-        }
-        this.router.transitionTo('vault.cluster.access.methods').followRedirects();
-        this.flashMessages.success('The configuration was saved successfully.');
-      })
-      .catch(err => {
-        // AdapterErrors are handled by the error-message component
-        // in the form
-        if (err instanceof DS.AdapterError === false) {
-          throw err;
-        }
-        return;
-      });
+    try {
+      yield this.model.tune(data);
+      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+      }
+      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+      this.flashMessages.success('The configuration was saved successfully.');
+    } catch (err) {
+      // AdapterErrors are handled by the error-message component
+      // in the form
+      if (err instanceof DS.AdapterError === false) {
+        throw err;
+      }
+      return;
+    }
   }),
 });
diff --git a/ui/app/controllers/vault/cluster/settings/auth/enable.js b/ui/app/controllers/vault/cluster/settings/auth/enable.js
index 4fe59971b0d3..9d3153678f6a 100644
--- a/ui/app/controllers/vault/cluster/settings/auth/enable.js
+++ b/ui/app/controllers/vault/cluster/settings/auth/enable.js
@@ -5,7 +5,7 @@ export default Controller.extend({
   wizard: service(),
   actions: {
     onMountSuccess: function(type, path) {
-      this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
+      this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE', type);
       let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', path);
       return transition.followRedirects();
     },

From f55e11800090bf21e47b408ec15275edad76a3e3 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 18:51:31 -0500
Subject: [PATCH 77/84] clean up roles

---
 ui/app/models/role-aws.js | 4 +---
 ui/app/models/role-pki.js | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/ui/app/models/role-aws.js b/ui/app/models/role-aws.js
index bd81f2381541..6f740dbc5bc2 100644
--- a/ui/app/models/role-aws.js
+++ b/ui/app/models/role-aws.js
@@ -20,7 +20,7 @@ const CREDENTIAL_TYPES = [
     displayName: 'Federation Token',
   },
 ];
-const roleAWSModel = DS.Model.extend({
+export default DS.Model.extend({
   backend: attr('string', {
     readOnly: true,
   }),
@@ -70,5 +70,3 @@ const roleAWSModel = DS.Model.extend({
   generatePath: lazyCapabilities(apiPath`${'backend'}/creds/${'id'}`, 'backend', 'id'),
   canGenerate: alias('generatePath.canUpdate'),
 });
-roleAWSModel.reopenClass({ useOpenAPI: false });
-export default roleAWSModel;
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index 6ea9e2c9e109..a8e92cce2d75 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -36,7 +36,7 @@ export default DS.Model.extend({
   signVerbatimPath: lazyCapabilities(apiPath`${'backend'}/sign-verbatim/${'id'}`, 'backend', 'id'),
   canSignVerbatim: alias('signVerbatimPath.canUpdate'),
 
-  fieldGroups: computed('backend', 'merged', function() {
+  fieldGroups: computed(function() {
     let groups = [
       { default: ['name', 'keyType'] },
       {

From 38333de73d87c400a290b64fd4ef218223b9d0c3 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Wed, 13 Feb 2019 19:15:26 -0500
Subject: [PATCH 78/84] update openapi helper to use default as a fallback for
 defaultValue

---
 ui/app/utils/openapi-to-attrs.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index 9695880f817c..a96dc94154e9 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -1,6 +1,7 @@
 import DS from 'ember-data';
 const { attr } = DS;
 import { assign } from '@ember/polyfills';
+import { isEmpty } from '@ember/utils';
 
 export const expandOpenApiProps = function(props) {
   let attrs = {};
@@ -31,6 +32,11 @@ export const expandOpenApiProps = function(props) {
     }
     if (details['x-vault-displayValue']) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
+    } else {
+      if (!isEmpty(details['default'])) {
+        debugger; // eslint-disable-line
+        attrs[prop.camelize()].defaultValue = details['default'];
+      }
     }
   }
   return attrs;

From 656a63e9408727cdc4eff2ddad987260d95be69f Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 09:55:13 -0500
Subject: [PATCH 79/84] remove debugger

---
 ui/app/utils/openapi-to-attrs.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ui/app/utils/openapi-to-attrs.js b/ui/app/utils/openapi-to-attrs.js
index a96dc94154e9..e31b3f31bc49 100644
--- a/ui/app/utils/openapi-to-attrs.js
+++ b/ui/app/utils/openapi-to-attrs.js
@@ -34,7 +34,6 @@ export const expandOpenApiProps = function(props) {
       attrs[prop.camelize()].defaultValue = details['x-vault-displayValue'];
     } else {
       if (!isEmpty(details['default'])) {
-        debugger; // eslint-disable-line
         attrs[prop.camelize()].defaultValue = details['default'];
       }
     }

From 7311280adccc3ce4006bbe8d09721304a7048c8c Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 10:48:03 -0500
Subject: [PATCH 80/84] move routing and wizard stuff out of try/catch block
 for saving auth config

---
 ui/app/components/auth-config-form/config.js  | 10 +++++-----
 ui/app/components/auth-config-form/options.js | 10 +++++-----
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/ui/app/components/auth-config-form/config.js b/ui/app/components/auth-config-form/config.js
index 8270470553ca..d601ebbf1115 100644
--- a/ui/app/components/auth-config-form/config.js
+++ b/ui/app/components/auth-config-form/config.js
@@ -13,11 +13,6 @@ const AuthConfigBase = Component.extend({
   saveModel: task(function*() {
     try {
       yield this.model.save();
-      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
-        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
-      }
-      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
-      this.flashMessages.success('The configuration was saved successfully.');
     } catch (err) {
       // AdapterErrors are handled by the error-message component
       // in the form
@@ -26,6 +21,11 @@ const AuthConfigBase = Component.extend({
       }
       return;
     }
+    if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+      this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+    }
+    this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+    this.flashMessages.success('The configuration was saved successfully.');
   }),
 });
 
diff --git a/ui/app/components/auth-config-form/options.js b/ui/app/components/auth-config-form/options.js
index e62163502e58..528c803c8591 100644
--- a/ui/app/components/auth-config-form/options.js
+++ b/ui/app/components/auth-config-form/options.js
@@ -11,11 +11,6 @@ export default AuthConfigComponent.extend({
     data.description = this.model.description;
     try {
       yield this.model.tune(data);
-      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
-        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
-      }
-      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
-      this.flashMessages.success('The configuration was saved successfully.');
     } catch (err) {
       // AdapterErrors are handled by the error-message component
       // in the form
@@ -24,5 +19,10 @@ export default AuthConfigComponent.extend({
       }
       return;
     }
+    if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+      this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+    }
+    this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+    this.flashMessages.success('The configuration was saved successfully.');
   }),
 });

From bc6ad9bc03c00c388bd565d05d19a583cf1eb281 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 11:17:20 -0500
Subject: [PATCH 81/84] fix string concat in template

---
 ui/app/templates/components/mount-backend-form.hbs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/app/templates/components/mount-backend-form.hbs b/ui/app/templates/components/mount-backend-form.hbs
index 090acb49621b..5a1fff82e9aa 100644
--- a/ui/app/templates/components/mount-backend-form.hbs
+++ b/ui/app/templates/components/mount-backend-form.hbs
@@ -1,7 +1,7 @@
 <PageHeader as |p|>
   <p.levelLeft>
     <h1 class="title is-3" data-test-mount-form-header="true">
-      {{#if showConfig}}
+      {{#if showEnable}}
         {{#with (find-by "type" mountModel.type mountTypes) as |typeInfo|}}
           <ICon
             @size="24"
@@ -10,9 +10,9 @@
            />
 
           {{#if (eq mountType "auth")}}
-            Enable{{typeInfo.displayName}}authentication method
+            {{concat "Enable " typeInfo.displayName " authentication method"}}
           {{else}}
-            Enable{{typeInfo.displayName}}secrets engine
+            {{concat "Enable " typeInfo.displayName "secrets engine"}}
           {{/if}}
         {{/with}}
       {{else if (eq mountType "auth")}}

From 257bb7f1fff6737741bba464fe2e5585298a7dff Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 11:19:11 -0500
Subject: [PATCH 82/84] add comment about why we're still setting keyType for
 ssh role

---
 ui/app/models/role-ssh.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index 71f2c00826b8..d9835cb3e6a9 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -59,7 +59,7 @@ export default DS.Model.extend({
     readOnly: true,
   }),
   keyType: attr('string', {
-    possibleValues: ['ca', 'otp'],
+    possibleValues: ['ca', 'otp'], //overriding the API which also lists 'dynamic' as a type though it is deprecated
   }),
   adminUser: attr('string', {
     helpText: 'Username of the admin user at the remote host',

From 132ce022ecbf63d6a1dd9bb71108d0e06a6b21b3 Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 11:29:44 -0500
Subject: [PATCH 83/84] add a couple more test cases

---
 ui/tests/unit/utils/openapi-to-attrs-test.js | 33 ++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/ui/tests/unit/utils/openapi-to-attrs-test.js b/ui/tests/unit/utils/openapi-to-attrs-test.js
index ad84df4a3c2e..8b9464a22f44 100644
--- a/ui/tests/unit/utils/openapi-to-attrs-test.js
+++ b/ui/tests/unit/utils/openapi-to-attrs-test.js
@@ -17,6 +17,19 @@ module('Unit | Util | OpenAPI Data Utilities', function() {
       },
       'x-vault-displayValue': 'Grace Hopper,Lady Ada',
     },
+    'favorite-ice-cream': {
+      type: 'string',
+      enum: ['vanilla', 'chocolate', 'strawberry'],
+    },
+    'default-value': {
+      default: 30,
+      'x-vault-displayValue': 300,
+      type: 'integer',
+    },
+    default: {
+      default: 30,
+      type: 'integer',
+    },
   };
   const EXPANDED_PROPS = {
     ttl: {
@@ -29,6 +42,21 @@ module('Unit | Util | OpenAPI Data Utilities', function() {
       type: 'array',
       defaultValue: 'Grace Hopper,Lady Ada',
     },
+    favoriteIceCream: {
+      editType: 'string',
+      type: 'string',
+      possibleValues: ['vanilla', 'chocolate', 'strawberry'],
+    },
+    defaultValue: {
+      editType: 'number',
+      type: 'number',
+      defaultValue: 300,
+    },
+    default: {
+      editType: 'number',
+      type: 'number',
+      defaultValue: 30,
+    },
   };
 
   const EXISTING_MODEL_ATTRS = [
@@ -72,6 +100,11 @@ module('Unit | Util | OpenAPI Data Utilities', function() {
       type: 'array',
       defaultValue: 'Grace Hopper,Lady Ada',
     }),
+    favoriteIceCream: attr('string', {
+      type: 'string',
+      editType: 'string',
+      possibleValues: ['vanilla', 'chocolate', 'strawberry'],
+    }),
   };
 
   const NEW_FIELDS = ['one', 'two', 'three'];

From b259aa679d6518c4776e06700756078e5cde12df Mon Sep 17 00:00:00 2001
From: Madalyn Parker <madalyn@hashicorp.com>
Date: Thu, 14 Feb 2019 12:36:46 -0500
Subject: [PATCH 84/84] grab path dynamically instead of declaring it in models

---
 ui/app/models/auth-config.js | 7 ++-----
 ui/app/models/role-pki.js    | 7 ++-----
 ui/app/models/role-ssh.js    | 7 ++-----
 ui/app/services/path-help.js | 7 ++++---
 4 files changed, 10 insertions(+), 18 deletions(-)

diff --git a/ui/app/models/auth-config.js b/ui/app/models/auth-config.js
index 4f9cb0235534..3c70bb14ec3d 100644
--- a/ui/app/models/auth-config.js
+++ b/ui/app/models/auth-config.js
@@ -3,10 +3,7 @@ const { belongsTo } = DS;
 
 export default DS.Model.extend({
   backend: belongsTo('auth-method', { inverse: 'authConfigs', readOnly: true, async: false }),
-  getOpenApiInfo: function(backend) {
-    return {
-      helpUrl: `/v1/auth/${backend}/config?help=1`,
-      path: `/config`,
-    };
+  getHelpUrl: function(backend) {
+    return `/v1/auth/${backend}/config?help=1`;
   },
 });
diff --git a/ui/app/models/role-pki.js b/ui/app/models/role-pki.js
index a8e92cce2d75..3f4459f55c94 100644
--- a/ui/app/models/role-pki.js
+++ b/ui/app/models/role-pki.js
@@ -16,11 +16,8 @@ export default DS.Model.extend({
     readOnly: true,
   }),
   useOpenAPI: true,
-  getOpenApiInfo: function(backend) {
-    return {
-      helpUrl: `/v1/${backend}/roles/example?help=1`,
-      path: `/roles/{name}`,
-    };
+  getHelpUrl: function(backend) {
+    return `/v1/${backend}/roles/example?help=1`;
   },
   updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
   canDelete: alias('updatePath.canDelete'),
diff --git a/ui/app/models/role-ssh.js b/ui/app/models/role-ssh.js
index d9835cb3e6a9..fb1d6e052354 100644
--- a/ui/app/models/role-ssh.js
+++ b/ui/app/models/role-ssh.js
@@ -41,11 +41,8 @@ const CA_FIELDS = [
 
 export default DS.Model.extend({
   useOpenAPI: true,
-  getOpenApiInfo: function(backend) {
-    return {
-      helpUrl: `/v1/${backend}/roles/example?help=1`,
-      path: `/roles/{role}`,
-    };
+  getHelpUrl: function(backend) {
+    return `/v1/${backend}/roles/example?help=1`;
   },
   zeroAddress: attr('boolean', {
     readOnly: true,
diff --git a/ui/app/services/path-help.js b/ui/app/services/path-help.js
index 6e3234c7d80a..e7fa3883b2fd 100644
--- a/ui/app/services/path-help.js
+++ b/ui/app/services/path-help.js
@@ -27,8 +27,9 @@ export default Service.extend({
   //Makes a call to grab the OpenAPI document.
   //Returns relevant information from OpenAPI
   //as determined by the expandOpenApiProps util
-  getProps(helpUrl, path, backend) {
+  getProps(helpUrl, backend) {
     return this.ajax(helpUrl, backend).then(help => {
+      let path = Object.keys(help.openapi.paths)[0];
       let props = help.openapi.paths[path].post.requestBody.content['application/json'].schema.properties;
       return expandOpenApiProps(props);
     });
@@ -40,9 +41,9 @@ export default Service.extend({
     if (newModel.merged || newModel.prototype.useOpenAPI !== true) {
       return resolve();
     }
-    let { helpUrl, path } = newModel.prototype.getOpenApiInfo(backend);
+    let helpUrl = newModel.prototype.getHelpUrl(backend);
 
-    return this.getProps(helpUrl, path, backend).then(props => {
+    return this.getProps(helpUrl, backend).then(props => {
       if (owner.hasRegistration(name) && !newModel.merged) {
         let { attrs, newFields } = combineAttributes(newModel.attributes, props);
         newModel = newModel.extend(attrs, { newFields });