add saml wizard to ui (#27518)

gravitational · Jun 16, 2023 · 6be5d88 · 6be5d88
1 parent 1b69fbc
commit 6be5d88
Show file tree

Hide file tree

Showing 32 changed files with 2,332 additions and 1,987 deletions.
diff --git a/api/gen/proto/go/usageevents/v1/usageevents.pb.go b/api/gen/proto/go/usageevents/v1/usageevents.pb.go
diff --git a/api/proto/teleport/usageevents/v1/usageevents.proto b/api/proto/teleport/usageevents/v1/usageevents.proto
@@ -128,6 +128,8 @@ enum DiscoverResource {
   DISCOVER_RESOURCE_DOC_DATABASE_RDS_PROXY = 34;
   DISCOVER_RESOURCE_DOC_DATABASE_HIGH_AVAILABILITY = 35;
   DISCOVER_RESOURCE_DOC_DATABASE_DYNAMIC_REGISTRATION = 36;
+
+  DISCOVER_RESOURCE_SAML_APPLICATION = 37;
 }
 
 // DiscoverResourceMetadata contains common metadata identifying resource type being added.

diff --git a/gen/proto/go/prehog/v1alpha/teleport.pb.go b/gen/proto/go/prehog/v1alpha/teleport.pb.go
diff --git a/gen/proto/js/prehog/v1alpha/teleport_pb.d.ts b/gen/proto/js/prehog/v1alpha/teleport_pb.d.ts
diff --git a/gen/proto/js/prehog/v1alpha/teleport_pb.js b/gen/proto/js/prehog/v1alpha/teleport_pb.js
diff --git a/lib/services/saml_idp_service_provider.go b/lib/services/saml_idp_service_provider.go
@@ -97,3 +97,21 @@ func UnmarshalSAMLIdPServiceProvider(data []byte, opts ...MarshalOption) (types.
 	}
 	return nil, trace.BadParameter("unsupported SAML IdP service provider resource version %q", h.Version)
 }
+
+// GenerateIdPServiceProviderFromFields takes `name` and `entityDescriptor` fields and returns a SAMLIdPServiceProvider.
+func GenerateIdPServiceProviderFromFields(name string, entityDescriptor string) (types.SAMLIdPServiceProvider, error) {
+	if len(name) == 0 {
+		return nil, trace.BadParameter("missing name")
+	}
+	if len(entityDescriptor) == 0 {
+		return nil, trace.BadParameter("missing entity descriptor")
+	}
+
+	var s types.SAMLIdPServiceProviderV1
+	s.SetName(name)
+	s.SetEntityDescriptor(entityDescriptor)
+	if err := s.CheckAndSetDefaults(); err != nil {
+		return nil, trace.Wrap(err)
+	}
+	return &s, nil
+}
diff --git a/lib/web/ui/usercontext.go b/lib/web/ui/usercontext.go
@@ -104,6 +104,8 @@ type userACL struct {
 	Locks access `json:"lock"`
 	// Assist defines access to assist feature.
 	Assist access `json:"assist"`
+	// SAMLIdpServiceProvider defines access to `saml_idp_service_provider` objects.
+	SAMLIdpServiceProvider access `json:"samlIdpServiceProvider"`
 }
 
 type authType string
@@ -197,6 +199,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto.
 	requestAccess := newAccess(userRoles, ctx, types.KindAccessRequest)
 	desktopAccess := newAccess(userRoles, ctx, types.KindWindowsDesktop)
 	cnDiagnosticAccess := newAccess(userRoles, ctx, types.KindConnectionDiagnostic)
+	samlIdpServiceProviderAccess := newAccess(userRoles, ctx, types.KindSAMLIdPServiceProvider)
 
 	var assistAccess access
 	if features.Assist {
@@ -251,6 +254,7 @@ func NewUserContext(user types.User, userRoles services.RoleSet, features proto.
 		DeviceTrust:             deviceTrust,
 		Locks:                   lockAccess,
 		Assist:                  assistAccess,
+		SAMLIdpServiceProvider:  samlIdpServiceProviderAccess,
 	}
 
 	// local user

diff --git a/proto/prehog/v1alpha/teleport.proto b/proto/prehog/v1alpha/teleport.proto
@@ -268,6 +268,8 @@ enum DiscoverResource {
   DISCOVER_RESOURCE_DOC_DATABASE_RDS_PROXY = 34;
   DISCOVER_RESOURCE_DOC_DATABASE_HIGH_AVAILABILITY = 35;
   DISCOVER_RESOURCE_DOC_DATABASE_DYNAMIC_REGISTRATION = 36;
+
+  DISCOVER_RESOURCE_SAML_APPLICATION = 37;
 }
 
 // DiscoverResourceMetadata contains common metadata identifying resource type being added.

diff --git a/web/packages/teleport/src/Discover/Database/CreateDatabase/useCreateDatabase.test.tsx b/web/packages/teleport/src/Discover/Database/CreateDatabase/useCreateDatabase.test.tsx
@@ -259,6 +259,7 @@ describe('registering new databases, mainly error checking', () => {
         engine: DatabaseEngine.AuroraMysql,
       },
     } as any,
+    exitFlow: () => null,
     viewConfig: null,
     indexedViews: [],
     setResourceSpec: () => null,

diff --git a/web/packages/teleport/src/Discover/Database/EnrollRdsDatabase/EnrollRdsDatabase.test.tsx b/web/packages/teleport/src/Discover/Database/EnrollRdsDatabase/EnrollRdsDatabase.test.tsx
@@ -53,6 +53,7 @@ describe('test EnrollRdsDatabase.tsx', () => {
       },
     } as any,
     viewConfig: null,
+    exitFlow: null,
     indexedViews: [],
     setResourceSpec: () => null,
     updateAgentMeta: jest.fn(x => x),

diff --git a/web/packages/teleport/src/Discover/Discover.tsx b/web/packages/teleport/src/Discover/Discover.tsx
@@ -22,9 +22,10 @@ import { Box } from 'design';
 import { FeatureBox } from 'teleport/components/Layout';
 
 import { Navigation } from 'teleport/Discover/Navigation/Navigation';
-import { SelectResource } from 'teleport/Discover/SelectResource/SelectResource';
+import { SelectResource } from 'teleport/Discover/SelectResource';
 import cfg from 'teleport/config';
 
+import { EViewConfigs } from './types';
 import { findViewAtIndex } from './flow';
 
 import { DiscoverProvider, useDiscover } from './useDiscover';
@@ -86,10 +87,18 @@ function DiscoverContent() {
   );
 }
 
-export function Discover() {
+export function DiscoverComponent({ eViewConfigs = [] }: Props) {
   return (
-    <DiscoverProvider>
+    <DiscoverProvider eViewConfigs={eViewConfigs}>
       <DiscoverContent />
     </DiscoverProvider>
   );
 }
+
+export function Discover() {
+  return <DiscoverComponent />;
+}
+
+type Props = {
+  eViewConfigs?: EViewConfigs;
+};
diff --git a/web/packages/teleport/src/Discover/SelectResource/PermissionsErrorMessage.tsx b/web/packages/teleport/src/Discover/SelectResource/PermissionsErrorMessage.tsx
@@ -19,13 +19,15 @@ import { Text, Box } from 'design';
 
 import { ResourceKind } from '../Shared';
 
+import { ResourceSpec } from './types';
+
 export function PermissionsErrorMessage({
-  resourceKind,
+  resource,
 }: PermissionsErrorMessageProps) {
   let action = 'add new';
   let productName = '';
 
-  switch (resourceKind) {
+  switch (resource.kind) {
     case ResourceKind.Application:
       action = `${action} Applications`;
       productName = 'Access Application';
@@ -51,8 +53,8 @@ export function PermissionsErrorMessage({
 
       break;
     default:
-      action = 'unimplemented';
-      productName = 'unimplemented';
+      action = `${action} ${resource.name}s`;
+      productName = `adding ${resource.name}s`;
   }
 
   return (
@@ -75,5 +77,5 @@ export function PermissionsErrorMessage({
 }
 
 interface PermissionsErrorMessageProps {
-  resourceKind: ResourceKind;
+  resource: ResourceSpec;
 }
diff --git a/web/packages/teleport/src/Discover/SelectResource/SelectResource.test.tsx b/web/packages/teleport/src/Discover/SelectResource/SelectResource.test.tsx
@@ -0,0 +1,153 @@
+/**
+ * Copyright 2023 Gravitational, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { ResourceKind } from '../Shared';
+
+import { sortResources } from './SelectResource';
+import { ResourceSpec } from './types';
+
+test('sortResources sorts resources alphabetically with guided resources first', () => {
+  const sorted = sortResources(mockUnsorted);
+
+  expect(sorted).toMatchObject(mockSorted);
+});
+
+const mockUnsorted: ResourceSpec[] = [
+  {
+    name: 'jenkins',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'grafana',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'linux',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'apple',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  // Guided
+  {
+    name: 'zapier',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+  {
+    name: 'amazon',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+  {
+    name: 'costco',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+];
+
+const mockSorted: ResourceSpec[] = [
+  {
+    name: 'amazon',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+  {
+    name: 'costco',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+  {
+    name: 'zapier',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+  },
+  {
+    name: 'apple',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'grafana',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'jenkins',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+  {
+    name: 'linux',
+    kind: ResourceKind.Application,
+    icon: 'Apple',
+    event: null,
+    keywords: 'test',
+    hasAccess: true,
+    unguidedLink: 'test.com',
+  },
+];