Merge pull request #1905 from coreos-inc/external-auth-search

Add support for entity search against external auth users not yet linked

static/directives/config/config-setup-tool.html

@@ -523,6 +523,15 @@
 
         <!--  Keystone Authentication -->
         <table class="config-table" ng-if="config.AUTHENTICATION_TYPE == 'Keystone'">
+          <tr>
+            <td>Keystone API Version:</td>
+            <td>
+              <select ng-model="config.KEYSTONE_AUTH_VERSION">
+                <option value="2">2.0</option>
+                <option value="3">V3</option>
+              </select>
+            </td>
+          </tr>
           <tr>
             <td>Keystone Authentication URL:</td>
             <td>
@@ -573,20 +582,6 @@
         </div>
 
         <table class="config-table" ng-if="config.AUTHENTICATION_TYPE == 'JWT'">
-          <tr>
-            <td>User Verification Endpoint:</td>
-            <td>
-              <span class="config-string-field" binding="config.JWT_VERIFY_ENDPOINT"
-                    pattern="http(s)?://.+"></span>
-              <div class="help-text">
-              The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
-              </div>
-
-              <div class="help-text" style="margin-top: 6px;">
-              Credentials will be sent in the <code>Authorization</code> header as Basic Auth, and this endpoint should return <code>200 OK</code> on success (or a <code>4**</code> otherwise).
-              </div>
-            </td>
-          </tr>
           <tr>
             <td>Authentication Issuer:</td>
             <td>
@@ -606,6 +601,50 @@
               </div
             </td>
           </tr>
+          <tr>
+            <td>User Verification Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_VERIFY_ENDPOINT"
+                    pattern="http(s)?://.+"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for verifying username and password credentials.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              Credentials will be sent in the <code>Authorization</code> header as Basic Auth, and this endpoint should return <code>200 OK</code> on success (or a <code>4**</code> otherwise).
+              </div>
+            </td>
+          </tr>
+          <tr>
+            <td>User Query Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_QUERY_ENDPOINT"
+                    pattern="http(s)?://.+" is-optional="true"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for looking up
+              users based on a prefix query. This is optional.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              The prefix query will be sent as a query parameter with name <code>query</code>.
+              </div>
+            </td>
+          </tr>
+          <tr>
+            <td>User Lookup Endpoint:</td>
+            <td>
+              <span class="config-string-field" binding="config.JWT_GETUSER_ENDPOINT"
+                    pattern="http(s)?://.+" is-optional="true"></span>
+              <div class="help-text">
+              The URL (starting with http or https) on the JWT authentication server for looking up
+              a user by username or email address.
+              </div>
+
+              <div class="help-text" style="margin-top: 6px;">
+              The username or email address will be sent as a query parameter with name <code>username</code>.
+              </div>
+            </td>
+          </tr>
         </table>
 
         <!-- LDAP Authentication -->