feat(frontend): add PLAIN auth to shadow link#2442
Open
r-vasquez wants to merge 1 commit into
Open
Conversation
The shadow link create flow previously exposed only a binary SCRAM toggle, so users could not configure source clusters that require PLAIN SASL credentials. Replace useScram with a 3-way authMethod discriminator (none, scram, plain) and render the picker as a Tabs control to match the adjacent certificate input method. Each method keeps its own credential block in form state, so switching back and forth preserves typed values; the payload builder emits only the active branch. The form type is shared with the edit flow, so its mappers and update path were migrated to read and write the plain_configuration oneof case as well. Lift the form-to-proto builder into shadowlink-edit-utils alongside buildTLSSettings to avoid duplication between create and edit.
r-vasquez
force-pushed
the
plain-shadow-link
branch
from
9e5752f to
2850f8f
Compare
r-vasquez
requested review from
a team,
Copilot,
datamali,
graham-rp,
jvorcak and
yougotashovel
and removed request for
a team,
datamali,
graham-rp,
jvorcak and
yougotashovel
There was a problem hiding this comment.
Pull request overview
Adds 3-way SASL authentication support (None / SCRAM / PLAIN) to the Shadow Link create + edit flows by replacing the prior binary SCRAM toggle with an auth-method discriminator and shared form-to-proto builders.
Changes:
- Replaced
useScramwithauthMethod+ per-method credential blocks (scramCredentials,plainCredentials) across create/edit, mappers, and tests. - Introduced a new
AuthenticationSectionUI (Tabs control) that renders SCRAM/PLAIN inputs and preserves typed credentials when switching methods. - Lifted auth configuration proto building into
buildAuthenticationConfigurationand reused it in both create and edit update payload builders.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| frontend/tests/test-variant-console/utils/shadowlink-page.ts | Updates E2E helper to select the SCRAM auth tab and wait for SCRAM inputs. |
| frontend/src/components/pages/shadowlinks/mappers/dataplane.ts | Maps dataplane auth oneof into new authMethod + SCRAM/PLAIN credential form fields. |
| frontend/src/components/pages/shadowlinks/mappers/controlplane.ts | Extends controlplane mapping to support PLAIN and adds more robust auth extraction. |
| frontend/src/components/pages/shadowlinks/edit/source-tab.tsx | Swaps SCRAM-only section for the shared AuthenticationSection. |
| frontend/src/components/pages/shadowlinks/edit/shadowlink-edit-utils.ts | Adds buildAuthenticationConfiguration and updates connection diffing/update building for new auth model. |
| frontend/src/components/pages/shadowlinks/edit/shadowlink-edit-page.tsx | Updates validation error-to-tab routing keys for new auth fields. |
| frontend/src/components/pages/shadowlinks/edit/get-update-values-for-topics.test.ts | Updates base form values to use authMethod and adds plainCredentials. |
| frontend/src/components/pages/shadowlinks/edit/get-update-values-for-consumer-groups.test.ts | Updates base form values to use authMethod and adds plainCredentials. |
| frontend/src/components/pages/shadowlinks/edit/get-update-values-for-connection.test.ts | Updates auth-related tests and adds PLAIN coverage. |
| frontend/src/components/pages/shadowlinks/edit/get-update-values-for-acls.test.ts | Updates base form values to use authMethod and adds plainCredentials. |
| frontend/src/components/pages/shadowlinks/edit/build-update-request.test.ts | Updates auth change expectations from useScram to authMethod. |
| frontend/src/components/pages/shadowlinks/create/shadowlink-create-page.tsx | Uses shared buildAuthenticationConfiguration in create request building. |
| frontend/src/components/pages/shadowlinks/create/model.ts | Introduces AUTH_METHOD, adds plainCredentials, and refactors auth validation. |
| frontend/src/components/pages/shadowlinks/create/model.test.ts | Adds schema tests for NONE/SCRAM/PLAIN auth validation. |
| frontend/src/components/pages/shadowlinks/create/connection/scram-configuration.tsx | Removed (replaced by AuthenticationSection). |
| frontend/src/components/pages/shadowlinks/create/connection/scram-configuration.test.tsx | Removed (replaced by AuthenticationSection tests). |
| frontend/src/components/pages/shadowlinks/create/connection/connection-step.tsx | Uses AuthenticationSection instead of SCRAM-only configuration. |
| frontend/src/components/pages/shadowlinks/create/connection/authentication-section.tsx | New Tabs-based auth picker and SCRAM/PLAIN credential forms. |
| frontend/src/components/pages/shadowlinks/create/connection/authentication-section.test.tsx | New unit tests covering rendering, validation, and method switching behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
188
to
198
| // Compare authentication | ||
| const authChanged = | ||
| values.useScram !== originalValues.useScram || | ||
| values.authMethod !== originalValues.authMethod || | ||
| values.scramCredentials?.username !== originalValues.scramCredentials?.username || | ||
| values.scramCredentials?.password !== originalValues.scramCredentials?.password || | ||
| values.scramCredentials?.mechanism !== originalValues.scramCredentials?.mechanism; | ||
| values.scramCredentials?.mechanism !== originalValues.scramCredentials?.mechanism || | ||
| values.plainCredentials?.username !== originalValues.plainCredentials?.username || | ||
| values.plainCredentials?.password !== originalValues.plainCredentials?.password; | ||
| if (authChanged) { | ||
| fieldMaskPaths.push('configurations.client_options.authentication_configuration'); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TL;DR: add support for PLAIN auth in Shadow Link Create and Edit.
The shadow link create flow previously exposed only a binary SCRAM toggle, so users could not configure source clusters that require PLAIN SASL credentials.
Replace useScram with a 3-way authMethod discriminator (none, scram, plain) and render the picker as a Tabs control to match the adjacent certificate input method. Each method keeps its own credential block in form state, so switching back and forth preserves typed values; the payload builder emits only the active branch.
The form type is shared with the edit flow, so its mappers and update path were migrated to read and write the plain_configuration oneof case as well. Lift the form-to-proto builder into shadowlink-edit-utils alongside buildTLSSettings to avoid duplication between create and edit.
Note: Create affects only self-hosted instances, however, we share the edit page between cloud and SH.
Examples:
Before
After
