scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prep for Azure WIF work (#28994)

Browse Source 
* make things more generic

* aws to wif selector change

* secret list header cleanup

* clean up
This commit is contained in:
Angel Garbarino
2024-11-27 09:50:52 -07:00
committed by GitHub
parent b2886d2a99
commit 442b6f5291
16 changed files with 88 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ui/app/components/secret-engine/configure-aws.ts
View File

@@ -68,7 +68,7 @@ export default class ConfigureAwsComponent extends Component<Args> {
// the following checks are only relevant to enterprise users and those editing an existing root configuration.
if (this.version.isCommunity || this.args.rootConfig.isNew) return;
const { roleArn, identityTokenAudience, identityTokenTtl, accessKey } = this.args.rootConfig;
// do not include issuer in this check. Issuer is a global endpoint and can bet set even if we're not editing wif attributes
// do not include issuer in this check. Issuer is a global endpoint and can be set even if we're not editing wif attributes
const wifAttributesSet = !!roleArn || !!identityTokenAudience || !!identityTokenTtl;
const iamAttributesSet = !!accessKey;
// If any WIF attributes have been set in the rootConfig model, set accessType to 'wif'.

8
ui/app/helpers/mountable-secret-engines.js
View File

@@ -134,16 +134,16 @@ const MOUNTABLE_SECRET_ENGINES = [
},
];
// A list of Workflow Identity Federation engines.
export const WIF_ENGINES = ['aws', 'azure', 'gcp'];
// A list of Workload Identity Federation engines.
// Will eventually include Azure and GCP.
export const WIF_ENGINES = ['aws'];
export function wifEngines() {
return WIF_ENGINES.slice();
}
// Secret Engines that have their own configuration page and actions
// Secret engines that have their own configuration page and actions
// These engines do not exist in their own Ember engine.
// Ex: AWS vs. LDAP which is configurable but is handled inside the routing of its own Ember engine.
export const CONFIGURABLE_SECRET_ENGINES = ['aws', 'ssh'];
export function configurableSecretEngines() {

12
ui/app/helpers/supported-secret-backends.js
View File

@@ -7,18 +7,18 @@ import { helper as buildHelper } from '@ember/component/helper';
const SUPPORTED_SECRET_BACKENDS = [
'aws',
'database',
'cubbyhole',
'database',
'generic',
'keymgmt',
'kmip',
'kubernetes',
'kv',
'ldap',
'pki',
'ssh',
'transit',
'kmip',
'transform',
'keymgmt',
'kubernetes',
'ldap',
'transit',
];
export function supportedSecretBackends() {

1
ui/app/models/aws/root-config.js
View File

@@ -30,7 +30,6 @@ export default class AwsRootConfig extends Model {
helperTextDisabled:
'The TTL of generated tokens. Defaults to 1 hour, turn on the toggle to specify a different value.',
helperTextEnabled: 'The TTL of generated tokens.',
subText: '',
editType: 'ttl',
})
identityTokenTtl;

2
ui/app/models/identity/oidc/config.js
View File

@@ -10,7 +10,7 @@ export default class IdentityOidcConfig extends Model {
@attr('string', {
label: 'Issuer',
subText:
"The Issuer URL to be used in configuring Vault as an identity provider in AWS. If not set, Vault's default issuer will be used",
"The Issuer URL to be used in configuring Vault as an identity provider. If not set, Vault's default issuer will be used.",
docLink: '/vault/api-docs/secret/identity/tokens#configure-the-identity-tokens-backend',
placeholder: 'https://vault-test.com',
})

6
ui/app/routes/vault/cluster/secrets/backend/configuration/edit.ts
View File

@@ -7,7 +7,7 @@ import AdapterError from '@ember-data/adapter/error';
import { set } from '@ember/object';
import Route from '@ember/routing/route';
import { service } from '@ember/service';
import { CONFIGURABLE_SECRET_ENGINES } from 'vault/helpers/mountable-secret-engines';
import { CONFIGURABLE_SECRET_ENGINES, WIF_ENGINES } from 'vault/helpers/mountable-secret-engines';
import errorMessage from 'vault/utils/error-message';
import { action } from '@ember/object';
@@ -68,9 +68,9 @@ export default class SecretsBackendConfigurationEdit extends Route {
}
}
}
// if the type is AWS and it's enterprise, we also fetch the issuer
// if the type is a WIF engine and it's enterprise, we also fetch the issuer
// from a global endpoint which has no associated model/adapter
if (type === 'aws' && this.version.isEnterprise) {
if (WIF_ENGINES.includes(type) && this.version.isEnterprise) {
try {
const response = await this.store.queryRecord('identity/oidc/config', {});
model['identity-oidc-config'] = response;

3
ui/app/routes/vault/cluster/secrets/backend/configuration/index.js
View File

@@ -5,8 +5,7 @@
import { service } from '@ember/service';
import Route from '@ember/routing/route';
import { CONFIGURABLE_SECRET_ENGINES } from 'vault/helpers/mountable-secret-engines';
import { allEngines } from 'vault/helpers/mountable-secret-engines';
import { CONFIGURABLE_SECRET_ENGINES, allEngines } from 'vault/helpers/mountable-secret-engines';
import { reject } from 'rsvp';
/**

11
ui/app/templates/vault/cluster/secrets/backend/configuration/index.hbs
View File

@@ -3,16 +3,7 @@
SPDX-License-Identifier: BUSL-1.1
~}}
<SecretListHeader
@model={{this.model.secretEngineModel}}
@backendCrumb={{hash
label=this.model.secretEngineModel.id
text=this.model.secretEngineModel.id
path="vault.cluster.secrets.backend.list-root"
model=this.model.secretEngineModel.id
}}
@isConfigure={{true}}
/>
<SecretListHeader @model={{this.model.secretEngineModel}} @isConfigure={{true}} />
{{#if this.isConfigurable}}
<Toolbar>

8
ui/app/templates/vault/cluster/secrets/backend/list.hbs
View File

@@ -3,13 +3,7 @@
SPDX-License-Identifier: BUSL-1.1
~}}
<SecretListHeader
@isCertTab={{eq this.tab "cert"}}
@model={{this.backendModel}}
@baseKey={{this.baseKey}}
@backendCrumb={{this.backendCrumb}}
@filter={{this.filter}}
/>
<SecretListHeader @model={{this.backendModel}} />
{{#let (options-for-backend this.backendType this.tab) as |options|}}
{{#if (or this.model.meta.total (not this.isConfigurableTab))}}
<Toolbar>

8
ui/app/templates/vault/cluster/secrets/backend/overview.hbs
View File

@@ -3,13 +3,7 @@
SPDX-License-Identifier: BUSL-1.1
~}}
<SecretListHeader
@isCertTab={{eq this.tab "cert"}}
@model={{this.model}}
@baseKey={{this.baseKey}}
@backendCrumb={{this.backendCrumb}}
@filter={{this.filter}}
/>
<SecretListHeader @model={{this.model}} />
{{#if this.showEmptyState}}
<div class="box is-fullwidth is-shadowless is-sideless is-paddingless is-marginless">

5
ui/lib/core/addon/components/secret-list-header.js
View File

@@ -7,15 +7,16 @@ import Component from '@glimmer/component';
/**
* @module SecretListHeader
* SecretListHeader component is breadcrumb, title with icon and menu with tabs component. Hello
* SecretListHeader component is breadcrumb, title with icon and menu with tabs component.
*
* Example is wrapped in back ticks because this component relies on routing and cannot render an isolated sample, so just rendering template sample
* @example
* ```
* <SecretListHeader @isCertTab={{eq this.tab "cert"}} @model={{this.model}} @baseKey={{this.baseKey}} @backendCrumb={{this.backendCrumb}} @filter={{this.filter}} />
* <SecretListHeader @model={{this.model}} />
* ```
*
* @param {object} model - Model used to pull information about icon and title and backend type for navigation.
* @param {boolean} [isConfigure=false] - Boolean to determine if the configure tab should be shown.
*/
export default class SecretListHeader extends Component {

8
ui/tests/acceptance/secrets/backend/aws/aws-configuration-test.js
View File

@@ -93,8 +93,8 @@ module('Acceptance | aws | configuration', function (hooks) {
await click(SES.configure);
await fillInAwsConfig('withWif');
await click(GENERAL.saveButton);
assert.dom(SES.aws.issuerWarningModal).exists('issue warning modal exists');
await click(SES.aws.issuerWarningSave);
assert.dom(SES.wif.issuerWarningModal).exists('issue warning modal exists');
await click(SES.wif.issuerWarningSave);
// three flash messages, the first is about mounting the engine, only care about the last two
assert.strictEqual(
this.flashSuccessSpy.args[1][0],
@@ -174,7 +174,7 @@ module('Acceptance | aws | configuration', function (hooks) {
await click(SES.configTab);
await click(SES.configure);
// manually fill in attrs without using helper so we can exclude identityTokenTtl and maxRetries.
await click(SES.aws.accessType('wif')); // toggle to wif
await click(SES.wif.accessType('wif')); // toggle to wif
await fillIn(GENERAL.inputByAttr('roleArn'), 'foo-role');
await fillIn(GENERAL.inputByAttr('identityTokenAudience'), 'foo-audience');
// manually fill in non-access type specific fields on root config so we can exclude Max Retries.
@@ -362,7 +362,7 @@ module('Acceptance | aws | configuration', function (hooks) {
await click(SES.configTab);
await click(SES.configure);
assert
.dom(SES.aws.accessTypeSection)
.dom(SES.wif.accessTypeSection)
.doesNotExist('Access type section does not render for a community user');
// check all the form fields are present
await click(GENERAL.toggleGroup('Root config options'));

4
ui/tests/helpers/secret-engine/secret-engine-helpers.js
View File

@@ -121,7 +121,7 @@ export const createConfig = (store, backend, type) => {
case 'aws-no-access':
return createAwsRootConfig(store, backend, 'no-access');
case 'issuer':
return createIssuerConfig(store, backend);
return createIssuerConfig(store);
case 'aws-lease':
return createAwsLeaseConfig(store, backend);
case 'ssh':
@@ -198,7 +198,7 @@ export const fillInAwsConfig = async (situation = 'withAccess') => {
await fillIn(GENERAL.ttl.input('Max Lease TTL'), '44');
}
if (situation === 'withWif') {
await click(SES.aws.accessType('wif')); // toggle to wif
await click(SES.wif.accessType('wif')); // toggle to wif
await fillIn(GENERAL.inputByAttr('issuer'), `http://bar.${uuidv4()}`); // make random because global setting
await fillIn(GENERAL.inputByAttr('roleArn'), 'foo-role');
await fillIn(GENERAL.inputByAttr('identityTokenAudience'), 'foo-audience');

20
ui/tests/helpers/secret-engine/secret-engine-selectors.ts
View File

@@ -23,21 +23,23 @@ export const SECRET_ENGINE_SELECTORS = {
name ? `[data-test-secret-item-link="${name}"]` : '[data-test-secret-item-link]',
viewBackend: '[data-test-backend-view-link]',
warning: '[data-test-warning]',
configureForm: '[data-test-configure-form]',
wif: {
accessTypeSection: '[data-test-access-type-section]',
accessTitle: '[data-test-access-title]',
accessType: (type: string) => `[data-test-access-type="${type}"]`,
accessTypeSubtext: '[data-test-access-type-subtext]',
issuerWarningCancel: '[data-test-issuer-cancel]',
issuerWarningMessage: '[data-test-issuer-warning-message]',
issuerWarningModal: '[data-test-issuer-warning]',
issuerWarningSave: '[data-test-issuer-save]',
},
aws: {
rootForm: '[data-test-root-form]',
accessTitle: '[data-test-access-title]',
leaseTitle: '[data-test-lease-title]',
deleteRole: (role: string) => `[data-test-aws-role-delete="${role}"]`,
accessTypeSection: '[data-test-access-type-section]',
accessTypeSubtext: '[data-test-access-type-subtext]',
accessType: (type: string) => `[data-test-access-type="${type}"]`,
issuerWarningModal: '[data-test-issuer-warning]',
issuerWarningMessage: '[data-test-issuer-warning-message]',
issuerWarningSave: '[data-test-issuer-save]',
issuerWarningCancel: '[data-test-issuer-cancel]',
},
ssh: {
configureForm: '[data-test-configure-form]',
editConfigSection: '[data-test-edit-config-section]',
save: '[data-test-configure-save-button]',
cancel: '[data-test-cancel-button]',

7
ui/tests/integration/components/secret-engine/configuration-details-test.js
View File

@@ -6,6 +6,7 @@
import { module, test } from 'qunit';
import { setupRenderingTest } from 'vault/tests/helpers';
import { GENERAL } from 'vault/tests/helpers/general-selectors';
import { allEngines } from 'vault/helpers/mountable-secret-engines';
import { render } from '@ember/test-helpers';
import { hbs } from 'ember-cli-htmlbars';
import { CONFIGURABLE_SECRET_ENGINES } from 'vault/helpers/mountable-secret-engines';
@@ -34,11 +35,15 @@ module('Integration | Component | SecretEngine/ConfigurationDetails', function (
test('it shows config details if configModel(s) are passed in', async function (assert) {
assert.expect(21);
const allEnginesArray = allEngines(); // saving as const so we don't invoke the method multiple times via the for loop
for (const type of CONFIGURABLE_SECRET_ENGINES) {
const backend = `test-${type}`;
this.configModels = createConfig(this.store, backend, type);
this.typeDisplay = allEnginesArray.find((engine) => engine.type === type).displayName;
await render(hbs`<SecretEngine::ConfigurationDetails @configModels={{array this.configModels}}/>`);
await render(
hbs`<SecretEngine::ConfigurationDetails @configModels={{array this.configModels}} @typeDisplay={{this.typeDisplay}}/>`
);
for (const key of expectedConfigKeys(type)) {
assert.dom(GENERAL.infoRowLabel(key)).exists(`${key} on the ${type} config details exists.`);
const responseKeyAndValue = expectedValueOfConfigKeys(type, key);

86
ui/tests/integration/components/secret-engine/configure-aws-test.js
View File

@@ -61,11 +61,11 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('it renders fields ', async function (assert) {
await this.renderComponent();
assert.dom(SES.aws.rootForm).exists('it lands on the aws root configuration form.');
assert.dom(SES.aws.accessTitle).exists('Access section is rendered');
assert.dom(SES.wif.accessTitle).exists('Access section is rendered');
assert.dom(SES.aws.leaseTitle).exists('Lease section is rendered');
assert.dom(SES.aws.accessTypeSection).exists('Access type section is rendered');
assert.dom(SES.aws.accessType('iam')).isChecked('defaults to showing IAM access type checked');
assert.dom(SES.aws.accessType('wif')).isNotChecked('wif access type is not checked');
assert.dom(SES.wif.accessTypeSection).exists('Access type section is rendered');
assert.dom(SES.wif.accessType('iam')).isChecked('defaults to showing IAM access type checked');
assert.dom(SES.wif.accessType('wif')).isNotChecked('wif access type is not checked');
// check all the form fields are present
await click(GENERAL.toggleGroup('Root config options'));
for (const key of expectedConfigKeys('aws-root-create')) {
@@ -79,7 +79,7 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('it renders wif fields when selected', async function (assert) {
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
// check for the wif fields only
for (const key of expectedConfigKeys('aws-root-create-wif')) {
if (key === 'Identity token TTL') {
@@ -98,9 +98,9 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
await this.renderComponent();
await fillInAwsConfig('withAccess');
await fillInAwsConfig('withLease');
await click(SES.aws.accessType('wif')); // toggle to wif
await click(SES.wif.accessType('wif')); // toggle to wif
await fillInAwsConfig('withWif');
await click(SES.aws.accessType('iam')); // toggle to wif
await click(SES.wif.accessType('iam')); // toggle to wif
assert
.dom(GENERAL.inputByAttr('accessKey'))
.hasValue('', 'accessKey is cleared after toggling accessType');
@@ -108,7 +108,7 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
.dom(GENERAL.inputByAttr('secretKey'))
.hasValue('', 'secretKey is cleared after toggling accessType');
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
assert
.dom(GENERAL.inputByAttr('issuer'))
.hasValue('', 'issue shows no value after toggling accessType');
@@ -133,13 +133,13 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('it does not clear global issuer when toggling accessType', async function (assert) {
this.issuerConfig = createConfig(this.store, this.id, 'issuer');
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
assert
.dom(GENERAL.inputByAttr('issuer'))
.hasValue(this.issuerConfig.issuer, 'issuer is what is sent in my the model on first load');
await fillIn(GENERAL.inputByAttr('issuer'), 'http://ive-changed');
await click(SES.aws.accessType('iam'));
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('iam'));
await click(SES.wif.accessType('wif'));
assert
.dom(GENERAL.inputByAttr('issuer'))
.hasValue(
@@ -230,7 +230,7 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
});
await fillInAwsConfig('withWif');
await click(GENERAL.saveButton);
await click(SES.aws.issuerWarningSave);
await click(SES.wif.issuerWarningSave);
assert.true(
this.flashDangerSpy.calledWith('Issuer was not saved: bad request'),
@@ -285,11 +285,11 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('if issuer API error and user changes issuer value, shows specific warning message', async function (assert) {
this.issuerConfig.queryIssuerError = true;
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
await fillIn(GENERAL.inputByAttr('issuer'), 'http://change.me.no.read');
await click(GENERAL.saveButton);
assert
.dom(SES.aws.issuerWarningMessage)
.dom(SES.wif.issuerWarningMessage)
.hasText(
`You are updating the global issuer config. This will overwrite Vault's current issuer if it exists and may affect other configurations using this value. Continue?`,
'modal shows message about overwriting value if it exists'
@@ -313,22 +313,22 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
);
});
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
assert
.dom(GENERAL.inputByAttr('issuer'))
.hasAttribute('placeholder', 'https://vault-test.com', 'shows issuer placeholder');
assert.dom(GENERAL.inputByAttr('issuer')).hasValue('', 'shows issuer is empty when not passed');
await fillIn(GENERAL.inputByAttr('issuer'), 'http://bar.foo');
await click(GENERAL.saveButton);
assert.dom(SES.aws.issuerWarningModal).exists('issuer modal exists');
assert.dom(SES.wif.issuerWarningModal).exists('issuer modal exists');
assert
.dom(SES.aws.issuerWarningMessage)
.dom(SES.wif.issuerWarningMessage)
.hasText(
`You are updating the global issuer config. This will overwrite Vault's current issuer and may affect other configurations using this value. Continue?`,
'modal shows message about overwriting value without the noRead: "if it exists" adage'
);
await click(SES.aws.issuerWarningCancel);
assert.dom(SES.aws.issuerWarningModal).doesNotExist('issuer modal is removed on cancel');
await click(SES.wif.issuerWarningCancel);
assert.dom(SES.wif.issuerWarningModal).doesNotExist('issuer modal is removed on cancel');
assert.true(this.flashDangerSpy.notCalled, 'No danger flash messages called.');
assert.true(this.flashSuccessSpy.notCalled, 'No success flash messages called.');
assert.true(this.transitionStub.notCalled, 'Does not redirect');
@@ -354,12 +354,12 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
assert.notOk(true, 'skips request to config/lease due to no changes');
});
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
assert.dom(GENERAL.inputByAttr('issuer')).hasValue('', 'issuer defaults to empty string');
await fillIn(GENERAL.inputByAttr('issuer'), newIssuer);
await click(GENERAL.saveButton);
assert.dom(SES.aws.issuerWarningModal).exists('issue warning modal exists');
await click(SES.aws.issuerWarningSave);
assert.dom(SES.wif.issuerWarningModal).exists('issue warning modal exists');
await click(SES.wif.issuerWarningSave);
assert.true(this.flashDangerSpy.notCalled, 'No danger flash messages called.');
assert.true(
this.flashSuccessSpy.calledWith('Issuer saved successfully'),
@@ -387,14 +387,14 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
});
await this.renderComponent();
await click(SES.aws.accessType('wif'));
await click(SES.wif.accessType('wif'));
assert.dom(GENERAL.inputByAttr('issuer')).hasValue('');
await fillIn(GENERAL.inputByAttr('issuer'), this.issuer);
await fillIn(GENERAL.inputByAttr('roleArn'), 'some-other-value');
await click(GENERAL.saveButton);
assert.dom(SES.aws.issuerWarningModal).exists('issuer warning modal exists');
assert.dom(SES.wif.issuerWarningModal).exists('issuer warning modal exists');
await click(SES.aws.issuerWarningSave);
await click(SES.wif.issuerWarningSave);
assert.true(
this.flashDangerSpy.calledWith('Issuer was not saved: permission denied'),
'shows danger flash for issuer save'
@@ -419,10 +419,10 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
assert.expect(13);
await this.renderComponent();
assert.dom(SES.aws.rootForm).exists('it lands on the aws root configuration form.');
assert.dom(SES.aws.accessTitle).exists('Access section is rendered');
assert.dom(SES.wif.accessTitle).exists('Access section is rendered');
assert.dom(SES.aws.leaseTitle).exists('Lease section is rendered');
assert
.dom(SES.aws.accessTypeSection)
.dom(SES.wif.accessTypeSection)
.doesNotExist('Access type section does not render for a community user');
// check all the form fields are present
await click(GENERAL.toggleGroup('Root config options'));
@@ -446,7 +446,7 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
await fillInAwsConfig('withAccess');
await fillInAwsConfig('withLease');
await click(GENERAL.saveButton);
assert.dom(SES.aws.issuerWarningModal).doesNotExist('modal should not render');
assert.dom(SES.wif.issuerWarningModal).doesNotExist('modal should not render');
assert.true(
this.flashSuccessSpy.calledWith(`Successfully saved ${this.id}'s root configuration.`),
'Flash message shows that root was saved even if issuer was not'
@@ -470,25 +470,25 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('it defaults to IAM accessType if IAM fields are already set', async function (assert) {
await this.renderComponent();
assert.dom(SES.aws.accessType('iam')).isChecked('IAM accessType is checked');
assert.dom(SES.aws.accessType('iam')).isDisabled('IAM accessType is disabled');
assert.dom(SES.aws.accessType('wif')).isNotChecked('WIF accessType is not checked');
assert.dom(SES.aws.accessType('wif')).isDisabled('WIF accessType is disabled');
assert.dom(SES.wif.accessType('iam')).isChecked('IAM accessType is checked');
assert.dom(SES.wif.accessType('iam')).isDisabled('IAM accessType is disabled');
assert.dom(SES.wif.accessType('wif')).isNotChecked('WIF accessType is not checked');
assert.dom(SES.wif.accessType('wif')).isDisabled('WIF accessType is disabled');
assert
.dom(SES.aws.accessTypeSubtext)
.dom(SES.wif.accessTypeSubtext)
.hasText('You cannot edit Access Type if you have already saved access credentials.');
});
test('it defaults to WIF accessType if WIF fields are already set', async function (assert) {
this.rootConfig = createConfig(this.store, this.id, 'aws-wif');
await this.renderComponent();
assert.dom(SES.aws.accessType('wif')).isChecked('WIF accessType is checked');
assert.dom(SES.aws.accessType('wif')).isDisabled('WIF accessType is disabled');
assert.dom(SES.aws.accessType('iam')).isNotChecked('IAM accessType is not checked');
assert.dom(SES.aws.accessType('iam')).isDisabled('IAM accessType is disabled');
assert.dom(SES.wif.accessType('wif')).isChecked('WIF accessType is checked');
assert.dom(SES.wif.accessType('wif')).isDisabled('WIF accessType is disabled');
assert.dom(SES.wif.accessType('iam')).isNotChecked('IAM accessType is not checked');
assert.dom(SES.wif.accessType('iam')).isDisabled('IAM accessType is disabled');
assert.dom(GENERAL.inputByAttr('roleArn')).hasValue(this.rootConfig.roleArn);
assert
.dom(SES.aws.accessTypeSubtext)
.dom(SES.wif.accessTypeSubtext)
.hasText('You cannot edit Access Type if you have already saved access credentials.');
assert
.dom(GENERAL.inputByAttr('identityTokenAudience'))
@@ -500,8 +500,8 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
this.rootConfig = createConfig(this.store, this.id, 'aws-wif');
this.issuerConfig = createConfig(this.store, this.id, 'issuer');
await this.renderComponent();
assert.dom(SES.aws.accessType('wif')).isChecked('WIF accessType is checked');
assert.dom(SES.aws.accessType('wif')).isDisabled('WIF accessType is disabled');
assert.dom(SES.wif.accessType('wif')).isChecked('WIF accessType is checked');
assert.dom(SES.wif.accessType('wif')).isDisabled('WIF accessType is disabled');
assert
.dom(GENERAL.inputByAttr('issuer'))
.hasValue(this.issuerConfig.issuer, 'it has the models issuer value');
@@ -512,8 +512,8 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
// the access type is only disabled if the model has values already set for access type fields.
this.rootConfig = createConfig(this.store, this.id, 'aws-no-access');
await this.renderComponent();
assert.dom(SES.aws.accessType('wif')).isNotDisabled('WIF accessType is NOT disabled');
assert.dom(SES.aws.accessType('iam')).isNotDisabled('IAM accessType is NOT disabled');
assert.dom(SES.wif.accessType('wif')).isNotDisabled('WIF accessType is NOT disabled');
assert.dom(SES.wif.accessType('iam')).isNotDisabled('IAM accessType is NOT disabled');
});
test('it shows previously saved root and lease information', async function (assert) {
@@ -558,7 +558,7 @@ module('Integration | Component | SecretEngine/ConfigureAws', function (hooks) {
test('it does not show access types but defaults to iam fields', async function (assert) {
await this.renderComponent();
assert.dom(SES.aws.accessTypeSection).doesNotExist('Access type section does not render');
assert.dom(SES.wif.accessTypeSection).doesNotExist('Access type section does not render');
assert.dom(GENERAL.inputByAttr('accessKey')).hasValue(this.rootConfig.accessKey);
assert
.dom(GENERAL.inputByAttr('secretKey'))