Conversation
github-actions
bot
added
the
hashicorp-contributed-pr
|
CI Results: |
|
Build Results: |
hellobontempo
requested review from
schavis
and removed request for
elliesterner and
scellef
| <Tip> | ||
|
|
||
| - To apply a login customization to the `root` namespace, pass an empty string: `namespace=""`. | ||
|
|
There was a problem hiding this comment.
should this say root or admin (for HVD)?
There was a problem hiding this comment.
No, root and admin are different. Maybe it's easier to think of root as a "lack" of a namespace because it's the top-most level. Passing admin would be necessary to set for the HVD admin namespace.
| Default only | Clients must use the selected authentication method during login | ||
| Preferred only | Clients must choose among the selected authentication methods during login | ||
| Default and preferred | Clients see the default method first but can toggle to view the preferred backup methods | ||
|
|
There was a problem hiding this comment.
"Clients see the default method first but can toggle to view the preferred backup methods"
to
"Clients see the default method first but can access the preferred methods as backup methods"
because the preferred methods live under the backup link if there's a default set, right?
There was a problem hiding this comment.
Not sure exactly what you mean by "under" I used the word "toggle" because they are accessible by clicking "Sign in with other methods"
|
|
||
| If [listing visibility](/vault/api-docs/system/auth#listing_visibility-1) is unset or set to `hidden`, | ||
| the Vault GUI assumes the default mount path for login, which matches the method type. | ||
|
|
There was a problem hiding this comment.
Could you explain more about what exactly this means? Is there another doc to link to that goes into more detail? This is a complicated nuance
There was a problem hiding this comment.
There are docs linked already (that's what the markdown syntax of [link text](href) means).
|
|
||
| @include 'ui/supported-login-methods-api-docs.mdx' | ||
|
|
||
| <Tip> |
There was a problem hiding this comment.
Does this tip make sense here? I wasn't really sure where to put it 🤔
There was a problem hiding this comment.
It does, I think it makes sense here.
|
|
||
| ## Using a Direct Link | ||
|
|
||
| The `?with=` query parameter can be used at any point to override login customizations. For example, |
There was a problem hiding this comment.
@deidraprado I'm tagging you because you’ll have the most insight into how users might interpret this. These are the docs for the custom login feature, and this specific part is about how you can override the default or backup method at any time if you don’t have something like “token” set as one. You and I had discussed this concern, so I wanted your take: any feedback on how this is worded, or do you think it’s clear enough for folks to understand?
There was a problem hiding this comment.
LGTM! the only (very minor) thing that could be tweaked, is a link to:
https://developer.hashicorp.com/vault/api-docs/system/mounts#listing_visibility
instead of just having it in code
(the reason I say that is that I had no idea listing_visibility existed!)
There was a problem hiding this comment.
Sounds good! Most people don't know it's a thing which is why I sprinkled links all over the place 😂 Easy enough to add here, too!
| Login settings can be used to customize which methods display in the web UI login form by setting a default and back up login methods. | ||
| Available to be created via the CLI or HTTP API. |
There was a problem hiding this comment.
| Login settings can be used to customize which methods display in the web UI login form by setting a default and back up login methods. | |
| Available to be created via the CLI or HTTP API. | |
| Use can use the Vault CLI or API to customize a default and one or more back up | |
| login method for the Vault GUI login form. |
Style correction: write in the active voice, write directly to the user in how-to guides
|
|
||
| ## Before you start | ||
|
|
||
| @include 'alerts/restricted-admin.mdx' |
There was a problem hiding this comment.
| @include 'alerts/restricted-admin.mdx' |
We should just list the permission requirements in the list instead of inserting an aside
| @include 'alerts/restricted-admin.mdx' | ||
|
|
||
| - **You must have Vault Enterprise 1.20.0 or higher installed.** | ||
| - **You must have the appropriate permissions**: |
There was a problem hiding this comment.
| - **You must have the appropriate permissions**: | |
| - **You must have permission to operate from the `root` namespace**. | |
| - **You must have the appropriate permissions**: |
There was a problem hiding this comment.
I almost wrote:
- You must have permission to operate from the
rootoradminnamespace."
But decided against it because I wanted to differentiate between HCP admin/ namespaces (administrative) and namespaces that just happened to be named admin
| </Tab> | ||
| </Tabs> | ||
|
|
||
| ## Using a direct link |
There was a problem hiding this comment.
| ## Using a direct link | |
| ## Bypass authentication customization |
| }, | ||
| { | ||
| "title": "Custom Messages", | ||
| "title": "Custom login", |
There was a problem hiding this comment.
| "title": "Custom login", | |
| "title": "Customize GUI authN", |
There was a problem hiding this comment.
Whoops I missed this earlier - is this imperative? Also - what is the reasoning behind "AuthN"?
* saving because laptop is bad and should feel bad * save * make supported login types partial * add api-docs partial * update custom login docs * reword tip? * add delete section * address feedback, update using a direct link section * move tips down * remove table lines and see if that fixes build? * revert changes to custom-messages mdx * add line break? * format fixes * empty commit again * check vercel? * add line break * update "namespace" to be "namespace_path" * reduce use of "preferred" * address feedback * use "settings" to match GUI verbiage * missed a couple feedback comments * add "single" and "multiple" * fix link rendering * fix namespace-path typos for namespace params referencing namespace context * address feedback --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* saving because laptop is bad and should feel bad * save * make supported login types partial * add api-docs partial * update custom login docs * reword tip? * add delete section * address feedback, update using a direct link section * move tips down * remove table lines and see if that fixes build? * revert changes to custom-messages mdx * add line break? * format fixes * empty commit again * check vercel? * add line break * update "namespace" to be "namespace_path" * reduce use of "preferred" * address feedback * use "settings" to match GUI verbiage * missed a couple feedback comments * add "single" and "multiple" * fix link rendering * fix namespace-path typos for namespace params referencing namespace context * address feedback --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* saving because laptop is bad and should feel bad * save * make supported login types partial * add api-docs partial * update custom login docs * reword tip? * add delete section * address feedback, update using a direct link section * move tips down * remove table lines and see if that fixes build? * revert changes to custom-messages mdx * add line break? * format fixes * empty commit again * check vercel? * add line break * update "namespace" to be "namespace_path" * reduce use of "preferred" * address feedback * use "settings" to match GUI verbiage * missed a couple feedback comments * add "single" and "multiple" * fix link rendering * fix namespace-path typos for namespace params referencing namespace context * address feedback --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
5 participants
Description
Docs for feature merged by PR #30700
To view latest preview scroll all the way down and click the latest
View deploymentbeside the Vercel bot below.Most of the feature documentation is located at:
/vault/docs/ui/custom-loginbut a tip has been added to supported auth methods as well, navigate to/vault/docs/auth/ldapto see in LDAP, for example:TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.