improve cert-signing ux

2026-01-19 17:57:15 +01:00
parent 512177cab0
commit 2af7ff85c1
3 changed files with 30 additions and 21 deletions
--- a/html/ui/js/Cluster.js
+++ b/html/ui/js/Cluster.js
@ -15,8 +15,8 @@ export default {
            sshUserCert: null,
            kubeSignReq: {
                CSR: "",
-                User:   "anonymous",
-                Group:  "",
+                User:   "",
+                Group:  "system:masters",
            },
            kubeUserCert: null,
        };
@ -28,8 +28,13 @@ export default {
                method: 'POST',
                body: JSON.stringify({ ...this.sshSignReq, Validity: this.signReqValidity }),
                headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
-            }).then((resp) => resp.blob())
-              .then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })
+            }).then((resp) => {
+                if (resp.ok) {
+                    resp.blob().then((cert) => { this.sshUserCert = URL.createObjectURL(cert) })
+                } else {
+                    resp.json().then((resp) => alert('failed to sign: '+resp.message))
+                }
+              })
              .catch((e) => { alert('failed to sign: '+e); })
        },
        kubeCASign() {
@ -38,8 +43,13 @@ export default {
                method: 'POST',
                body: JSON.stringify({ ...this.kubeSignReq, Validity: this.signReqValidity }),
                headers: { 'Authorization': 'Bearer ' + this.token, 'Content-Type': 'application/json' },
-            }).then((resp) => resp.blob())
-              .then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })
+            }).then((resp) => {
+                if (resp.ok) {
+                    resp.blob().then((cert) => { this.kubeUserCert = URL.createObjectURL(cert) })
+                } else {
+                    resp.json().then((resp) => alert('failed to sign: '+resp.message))
+                }
+              })
              .catch((e) => { alert('failed to sign: '+e); })
        },
    },
@ -78,11 +88,12 @@ export default {
  <p>Public key (OpenSSH format):<br/>
     <textarea v-model="sshSignReq.PubKey" style="width:64em;height:2lh"></textarea>
  </p>
-  <p>Principal: <input type="text" v-model="sshSignReq.Principal"/></p>
+  <p>User: <input type="text" v-model="sshSignReq.Principal"/></p>

-  <p><button @click="sshCASign">Sign SSH access request</button></p>
-  <p v-if="sshUserCert">
-    <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
+  <p><button @click="sshCASign">Sign SSH access (validity: {{signReqValidity}})</button>
+    <template v-if="sshUserCert">
+    =&gt; <a :href="sshUserCert" download="ssh-cert.pub">Get certificate</a>
+    </template>
  </p>

  <h4>Grant Kubernetes API access</h4>
@ -93,9 +104,10 @@ export default {
  <p>User: <input type="text" v-model="kubeSignReq.User"/></p>
  <p>Group: <input type="text" v-model="kubeSignReq.Group"/></p>

-  <p><button @click="kubeCASign">Sign Kubernetes API access request</button></p>
-  <p v-if="kubeUserCert">
-    <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
+  <p><button @click="kubeCASign">Sign Kubernetes API access (validity: {{signReqValidity}})</button>
+    <template v-if="kubeUserCert">
+      =&gt; <a :href="kubeUserCert" download="kube-cert.pub">Get certificate</a>
+    </template>
  </p>
 `
 }