From 6091ad4f716a4c6f954b07869e4008d901e65153 Mon Sep 17 00:00:00 2001 From: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Date: Thu, 21 Mar 2024 11:14:22 -0500 Subject: [PATCH] Remove internal version endpoint (#25998) * VAULT-24469 use sys/seal-status instead of internal version endpoint * Update tests and mirage handlers * Revert "VAULT-20669: Add New Authenticated Endpoint for Version (#23740)" This reverts commit 550c99ae3b6553f12e4a862c915155b8d0a53516. * Readded version_test.go * Reverted any old changes on versionlgo --------- Co-authored-by: divyaac --- changelog/23740.txt | 3 -- ui/app/adapters/cluster.js | 9 +--- ui/app/services/version.js | 5 +- ui/mirage/handlers/base.js | 8 --- ui/mirage/handlers/reduced-disclosure.js | 10 ++-- .../config-ui/messages/messages-test.js | 15 ------ ui/tests/acceptance/dashboard-test.js | 4 +- .../acceptance/reduced-disclosure-test.js | 11 ++-- ui/tests/unit/services/version-test.js | 10 ++++ vault/logical_system.go | 12 ----- vault/logical_system_integ_test.go | 5 -- vault/logical_system_paths.go | 25 --------- vault/policy_store.go | 6 --- .../api-docs/system/internal-ui-version.mdx | 51 ------------------- website/data/api-docs-nav-data.json | 4 -- 15 files changed, 29 insertions(+), 149 deletions(-) delete mode 100644 changelog/23740.txt delete mode 100644 website/content/api-docs/system/internal-ui-version.mdx diff --git a/changelog/23740.txt b/changelog/23740.txt deleted file mode 100644 index 76582bcfbc..0000000000 --- a/changelog/23740.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:feature -core: add sys/internal/ui/version endpoint -``` \ No newline at end of file diff --git a/ui/app/adapters/cluster.js b/ui/app/adapters/cluster.js index 2f914bcf10..2552a72a68 100644 --- a/ui/app/adapters/cluster.js +++ b/ui/app/adapters/cluster.js @@ -21,7 +21,6 @@ const ENDPOINTS = [ 'init', 'capabilities-self', 'license', - 'internal/ui/version', ]; const REPLICATION_ENDPOINTS = { @@ -100,12 +99,8 @@ export default ApplicationAdapter.extend({ }); }, - fetchVersion() { - return this.ajax(`${this.urlFor('internal/ui/version')}`, 'GET').catch(() => ({})); - }, - - sealStatus() { - return this.ajax(this.urlFor('seal-status'), 'GET', { unauthenticated: true }); + sealStatus(unauthenticated = true) { + return this.ajax(this.urlFor('seal-status'), 'GET', { unauthenticated }); }, seal() { diff --git a/ui/app/services/version.js b/ui/app/services/version.js index 7e3c7a2278..3c30d82167 100644 --- a/ui/app/services/version.js +++ b/ui/app/services/version.js @@ -52,8 +52,9 @@ export default class VersionService extends Service { @task({ drop: true }) *getVersion() { if (this.version) return; - const response = yield this.store.adapterFor('cluster').fetchVersion(); - this.version = response.data?.version; + // Fetch seal status with token to get version + const response = yield this.store.adapterFor('cluster').sealStatus(false); + this.version = response?.version; } @task diff --git a/ui/mirage/handlers/base.js b/ui/mirage/handlers/base.js index 92ebdbda44..52a7ff996a 100644 --- a/ui/mirage/handlers/base.js +++ b/ui/mirage/handlers/base.js @@ -37,14 +37,6 @@ export default function (server) { }; }); - server.get('/sys/internal/ui/version', function () { - return { - data: { - version: '1.9.0+ent', - }, - }; - }); - server.get('/sys/license/status', function () { return { data: { diff --git a/ui/mirage/handlers/reduced-disclosure.js b/ui/mirage/handlers/reduced-disclosure.js index 73fc189d36..747c20d231 100644 --- a/ui/mirage/handlers/reduced-disclosure.js +++ b/ui/mirage/handlers/reduced-disclosure.js @@ -10,9 +10,13 @@ export default function (server) { server.get('/sys/health', (schema, req) => modifyPassthroughResponse(req, { version: '', cluster_name: '' }) ); - server.get('/sys/seal-status', (schema, req) => - modifyPassthroughResponse(req, { version: '', cluster_name: '', build_date: '' }) - ); + server.get('/sys/seal-status', (schema, req) => { + // When reduced disclosure is active, the version is only returned when a valid token is used + const overrides = req.requestHeaders['X-Vault-Token'] + ? { cluster_name: '', build_date: '' } + : { version: '', cluster_name: '', build_date: '' }; + return modifyPassthroughResponse(req, overrides); + }); server.get('sys/replication/status', () => new Response(404, {}, { errors: ['disabled path'] })); server.get('sys/replication/dr/status', () => new Response(404, {}, { errors: ['disabled path'] })); server.get( diff --git a/ui/tests/acceptance/config-ui/messages/messages-test.js b/ui/tests/acceptance/config-ui/messages/messages-test.js index f1e2af426c..ee98375490 100644 --- a/ui/tests/acceptance/config-ui/messages/messages-test.js +++ b/ui/tests/acceptance/config-ui/messages/messages-test.js @@ -19,14 +19,6 @@ module('Acceptance | Community | config-ui/messages', function (hooks) { setupMirage(hooks); hooks.beforeEach(async function () { - this.server.get('sys/internal/ui/version', function () { - return { - data: { - version: '1.16.0', - }, - }; - }); - this.server.get('/sys/health', function () { return { enterprise: false, @@ -100,13 +92,6 @@ module('Acceptance | Enterprise | config-ui/message', function (hooks) { await click(PAGE.button('create-message')); }; - this.server.get('sys/internal/ui/version', function () { - return { - data: { - version: '1.16.0+ent', - }, - }; - }); this.server.get('/sys/health', function () { return { enterprise: true, diff --git a/ui/tests/acceptance/dashboard-test.js b/ui/tests/acceptance/dashboard-test.js index 3cf73edebe..0dc00b5e07 100644 --- a/ui/tests/acceptance/dashboard-test.js +++ b/ui/tests/acceptance/dashboard-test.js @@ -83,7 +83,9 @@ module('Acceptance | landing page dashboard', function (hooks) { await visit('/vault/dashboard'); const version = this.owner.lookup('service:version'); // Since we're using mirage, version is mocked static value - const versionText = version.isEnterprise ? `Vault v1.9.0 root` : `Vault v1.9.0`; + const versionText = version.isEnterprise + ? `Vault ${version.versionDisplay} root` + : `Vault ${version.versionDisplay}`; assert.dom(SELECTORS.cardHeader('Vault version')).hasText(versionText); }); diff --git a/ui/tests/acceptance/reduced-disclosure-test.js b/ui/tests/acceptance/reduced-disclosure-test.js index 172d34eb8b..a4dff8c28e 100644 --- a/ui/tests/acceptance/reduced-disclosure-test.js +++ b/ui/tests/acceptance/reduced-disclosure-test.js @@ -62,6 +62,7 @@ module('Acceptance | reduced disclosure test', function (hooks) { type: 'shamir', initialized: true, sealed: this.sealed, + version: '1.21.3', }; }); this.server.put(`/sys/seal`, () => { @@ -84,11 +85,9 @@ module('Acceptance | reduced disclosure test', function (hooks) { }); await authPage.login(); - const versionSvc = this.owner.lookup('service:version'); await visit('/vault/settings/seal'); - assert - .dom('[data-test-footer-version]') - .hasText(`Vault ${versionSvc.version}`, 'shows version on seal page'); + + assert.dom('[data-test-footer-version]').hasText(`Vault 1.21.3`, 'shows version on seal page'); assert.strictEqual(currentURL(), '/vault/settings/seal'); // seal @@ -115,9 +114,7 @@ module('Acceptance | reduced disclosure test', function (hooks) { assert.strictEqual(currentRouteName(), 'vault.cluster.auth', 'vault is ready to authenticate'); assert.dom('[data-test-footer-version]').hasText(`Vault`, 'Version is still not shown before auth'); await authPage.login(); - assert - .dom('[data-test-footer-version]') - .hasText(`Vault ${versionSvc.version}`, 'Version is shown after login'); + assert.dom('[data-test-footer-version]').hasText(`Vault 1.21.3`, 'Version is shown after login'); }); module('enterprise', function () { diff --git a/ui/tests/unit/services/version-test.js b/ui/tests/unit/services/version-test.js index f7ebf7b2f2..1718a8ed8b 100644 --- a/ui/tests/unit/services/version-test.js +++ b/ui/tests/unit/services/version-test.js @@ -23,6 +23,16 @@ module('Unit | Service | version', function (hooks) { assert.true(service.isEnterprise); }); + test('calculates versionDisplay correctly', function (assert) { + const service = this.owner.lookup('service:version'); + service.type = 'community'; + service.version = '1.2.3'; + assert.strictEqual(service.versionDisplay, 'v1.2.3'); + service.type = 'enterprise'; + service.version = '1.4.7+ent'; + assert.strictEqual(service.versionDisplay, 'v1.4.7'); + }); + test('hasPerfReplication', function (assert) { const service = this.owner.lookup('service:version'); assert.false(service.hasPerfReplication); diff --git a/vault/logical_system.go b/vault/logical_system.go index 78d2d976cf..b0006eb32e 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -5249,18 +5249,6 @@ func (b *SystemBackend) pathInternalUIResultantACL(ctx context.Context, req *log return resp, nil } -// pathInternalUIVersion is the framework.PathOperation callback function for -// the sys/internal/ui/version path. It simply returns the Vault version. -func (b *SystemBackend) pathInternalUIVersion(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - resp := &logical.Response{ - Data: map[string]any{ - "version": version.GetVersion().VersionNumber(), - }, - } - - return resp, nil -} - func (b *SystemBackend) pathInternalOpenAPI(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { // Limit output to authorized paths resp, err := b.pathInternalUIMountsRead(ctx, req, d) diff --git a/vault/logical_system_integ_test.go b/vault/logical_system_integ_test.go index 644aaec0a6..fc572d21c7 100644 --- a/vault/logical_system_integ_test.go +++ b/vault/logical_system_integ_test.go @@ -87,11 +87,6 @@ func TestSystemBackend_InternalUIResultantACL(t *testing.T) { "read", }, }, - "sys/internal/ui/version": map[string]interface{}{ - "capabilities": []interface{}{ - "read", - }, - }, "sys/leases/lookup": map[string]interface{}{ "capabilities": []interface{}{ "update", diff --git a/vault/logical_system_paths.go b/vault/logical_system_paths.go index 6f9df86c16..818abbbeb5 100644 --- a/vault/logical_system_paths.go +++ b/vault/logical_system_paths.go @@ -2895,31 +2895,6 @@ func (b *SystemBackend) internalPaths() []*framework.Path { }, }, }, - { - Pattern: "internal/ui/version", - DisplayAttrs: &framework.DisplayAttributes{ - OperationPrefix: "internal-ui", - OperationVerb: "read", - OperationSuffix: "version", - }, - Operations: map[logical.Operation]framework.OperationHandler{ - logical.ReadOperation: &framework.PathOperation{ - Callback: b.pathInternalUIVersion, - Summary: "Backwards compatibility is not guaranteed for this API", - Responses: map[int][]framework.Response{ - http.StatusOK: {{ - Description: "OK", - Fields: map[string]*framework.FieldSchema{ - "version": { - Type: framework.TypeString, - Required: true, - }, - }, - }}, - }, - }, - }, - }, { Pattern: "internal/counters/requests", DisplayAttrs: &framework.DisplayAttributes{ diff --git a/vault/policy_store.go b/vault/policy_store.go index a238be3c2d..c04f769418 100644 --- a/vault/policy_store.go +++ b/vault/policy_store.go @@ -102,12 +102,6 @@ path "sys/internal/ui/resultant-acl" { capabilities = ["read"] } -# Allow a token to look up the Vault version. This path is not subject to -# redaction like the unauthenticated endpoints that provide the Vault version. -path "sys/internal/ui/version" { - capabilities = ["read"] -} - # Allow a token to renew a lease via lease_id in the request body; old path for # old clients, new path for newer path "sys/renew" { diff --git a/website/content/api-docs/system/internal-ui-version.mdx b/website/content/api-docs/system/internal-ui-version.mdx deleted file mode 100644 index 962c059a0d..0000000000 --- a/website/content/api-docs/system/internal-ui-version.mdx +++ /dev/null @@ -1,51 +0,0 @@ ---- -layout: api -page_title: /sys/internal/ui/version - HTTP API -description: >- - The `/sys/internal/ui/version` endpoint exposes the software version of Vault. ---- - -# `/sys/internal/ui/version` - -The `/sys/internal/ui/version` endpoint exposes the Vault software version -so the Vault UI can display the information to logged in users. - -Vault uses internal endpoints to provide information to the Vault UI -and/or Vault CLI. Internal endpoints are explicitly intended to support -Vault functionality, so we do not recommend them for general use -and do not guarantee backwards compatibility across versions. - -## Get version - -Return the current software version of Vault. - -| Method | Path | -| :----- | :------------------------- | -| `GET` | `/sys/internal/ui/version` | - -### Sample request - -```shell-session -$ curl \ - --header "X-Vault-Token: ..." \ - --request GET \ - http://127.0.0.1:8200/v1/sys/internal/ui/version -``` - -### Sample response - -```json -{ - "request_id": "d585b9be-9c6f-a05f-939b-490cf062ebbe", - "lease_id": "", - "renewable": false, - "lease_duration": 0, - "data": { - "version": "1.16.0" - }, - "wrap_info": null, - "warnings": null, - "auth": null, - "mount_type": "system" -} -``` diff --git a/website/data/api-docs-nav-data.json b/website/data/api-docs-nav-data.json index eb66db3929..834e427363 100644 --- a/website/data/api-docs-nav-data.json +++ b/website/data/api-docs-nav-data.json @@ -532,10 +532,6 @@ "title": "/sys/internal/ui/unauthenticated-messages", "path": "system/internal-ui-unauthenticated-messages" }, - { - "title": "/sys/internal/ui/version", - "path": "system/internal-ui-version" - }, { "title": "/sys/key-status", "path": "system/key-status"