* Fixed Oauth redirect not working on Android Chrome
This fixes the issue described in https://github.com/hashicorp/vault/issues/16778.
Navigation is blocked in Android chrome while redirecting back after OIDC authentication.
The issue is explained by the lead maintainer of
AppAuth(https://stackoverflow.com/a/41882732).
The latest Chrome version redirects to the app only if triggered by the user and not automatically redirect. Hence, a link is added in the UI to redirect back to the app.
* Update ui/app/templates/vault/cluster/oidc-provider.hbs
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* added requested changes
* Modified requested changes and added changelog
* Added requested change
* Modified requested changes
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* updates destination name filter to use FilterInput component
* simplifies destinations list redirect condition
* fixes issue with sync destination type filter and issue filtering by both name and type
* unsets page query param in sync destination secrets route
* Fix UI when editing database roles
When using a database role the UI will try to update the database connection
associated to the role. This is to make sure that the role is allowed to
use this connection:
async _updateAllowedRoles(store, { role, backend, db, type = 'add' }) {
const connection = await store.queryRecord('database/connection', { backend, id: db });
const roles = [...connection.allowed_roles];
const allowedRoles = type === 'add' ? addToArray([roles, role]) : removeFromArray([roles, role]);
connection.allowed_roles = allowedRoles;
return connection.save();
},
async createRecord(store, type, snapshot) {
const serializer = store.serializerFor(type.modelName);
const data = serializer.serialize(snapshot);
const roleType = snapshot.attr('type');
const backend = snapshot.attr('backend');
const id = snapshot.attr('name');
const db = snapshot.attr('database');
try {
await this._updateAllowedRoles(store, {
role: id,
backend,
db: db[0],
});
} catch (e) {
throw new Error('Could not update allowed roles for selected database. Check Vault logs for details');
}
return this.ajax(this.urlFor(backend, id, roleType), 'POST', { data }).then(() => {
// ember data doesn't like 204s if it's not a DELETE
return {
data: assign({}, data, { id }),
};
});
},
This is intended to help the administrator as the role will only work if
it is allowed by the database connection.
This is however an issue if the person doing the update does not have
the permission to update the connection: they will not be able to use
the UI to update the role even though they have the appropriate permissions
to do so (using the CLI or the API will work for example).
This is often the case when the database connections are created by a
centralized system but a human operator needs to create the roles.
You can try this with the following test case:
$ cat main.tf
resource "vault_auth_backend" "userpass" {
type = "userpass"
}
resource "vault_generic_endpoint" "alice" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/alice"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : ["root"],
"password" : "alice"
})
}
data "vault_policy_document" "db_admin" {
rule {
path = "database/roles/*"
capabilities = ["create", "read", "update", "delete", "list"]
}
}
resource "vault_policy" "db_admin" {
name = "db-admin"
policy = data.vault_policy_document.db_admin.hcl
}
resource "vault_generic_endpoint" "bob" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/bob"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : [vault_policy.db_admin.name],
"password" : "bob"
})
}
resource "vault_mount" "db" {
path = "database"
type = "database"
}
resource "vault_database_secret_backend_connection" "postgres" {
backend = vault_mount.db.path
name = "postgres"
allowed_roles = ["*"]
verify_connection = false
postgresql {
connection_url = "postgres://username:password@localhost/database"
}
}
$ terraform apply --auto-approve
then using bob to create a role associated to the `postgres` connection.
This patch changes the way the UI does the update: it still tries to
update the database connection but if it fails to do so because it does not
have the permission it just silently skip this part and updates the role.
This also update the error message returned to the user in case of issues
to include the actual errors.
* Add changelog
* Also ignore error when deleting a role
* Address code review comments
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* update header to refer to destination name
* teeny design improvements VAULT-22943
* update azure model attrs
* remove padding, add destination type to description VAULT-22930 VAULT-22943
* fix overview popupmenu nav to sync secrets VAULT-22944
* update sync banner, hyperlink secret
* redirect when all destinations are deleted VAULT-22945
* add keyVaultUri to credentials for editing
* fix extra space and test for sync banner
* use localName to get dynamic route section to fix pagination transition error
* add copy header remove duplicate app type
* add cloud param to azure mirage destination
* add comments
* enter line
* conditionally render view synced secrets button
* revert pagination route change
* combine buttons and add logic for args
* rename to route
* remove model arg
* VAULT-21427 change ui references from K/V to KV
* references in docs/
* website json data
* go command errors
* replace Key/Value with Key Value
* add changelog
* update test
* update secret list header badge
* two more test updates
* Ember Engine Setup for Secrets Sync (#23653)
* ember engine setup for secrets sync
* Update ui/lib/sync/addon/routes.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Mirage Setup (#23683)
* adds mirage setup for sync endpoints
* updates secret_name default in sync-association mirage factory
* UI Secrets Sync: Ember data sync destinations (#23674)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* use normalizeItems instead
* destination serializer test
* add destination find method;
* add conditional operand
* UI Secrets Sync: Overview landing page (#23696)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* add tests
* UI Secrets Sync: Destinations adapter add LIST (#23716)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* build out serializer and adapters
* update mirage
* fix merge conflicts
* one more conflict!
* pull transformQueryResponse to separate method in adapter
* move data transforming all to serializer and tests
* add note to paginationd ocs
docs
* conditionally render CTA
* add lazyPaginatedQuery method to destinations route
* remove partial error
* Secrets Sync: Destinations create - select type (#23792)
* add category to destinations
* build select type page
* refactor prompt config situation
* routing for destinations
* update select-type routing
* make card width fixed
* revert CTA routing change, keep shouldRenderOverview
* add header for gif demo to form
* cleanup scope
* more scope cleanup
* add test
* add type selector
* rename components
* rename again
* remove async
* fix tests
* fix select type rename in test
* delete renamed test
* fix import of general selectors
* rename using component syntax
* UI Secrets Sync: Create destination form and route (#23806)
* add model attribute metadata
* add form and save url, remove name and type from serializer
* move checkbox list to form field helper
* add styling to alert inline
* use newly made class
* fix cancel action and cleanup form
* change quotes
* remove checkbox action from form component
* add tests
* address feedback
* add API error test
* use create record method instead
* adapter test for create record
* return from find method if type is undefined
* cleanup test selectors
* secrets sync: refactor sync destinations helper (#23839)
* refactor getter in base destination model
* add getters back to model
* Secrets sync UI: Destination details page (#23842)
* change labels to match params
* add maskedParams to base model
* add details route
* add details view;
* update mirage
* fix secrets sync link;
* delete parent destination route
* add copyright header
* add secrets route
* move sync route outside of secrets/ route
* upate mirage
* export to-label
* finish tests
* make ternary
* rename header tabs
* fix selector in test
* Secrets Sync UI: Cleanup headers + tabs (#23873)
* remove destination header component, add headers/tabs to all routes
* fix header padding
* move tabs + toolbar back into component...
* add copyright header
* add delete modal
* lol revert again
* add extra line after copyright header
* Secrets Sync Destinations List View (#23949)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* Update ui/app/services/store.js
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* updates nav link label for secrets sync
* moves sync destinations types out of app-types
* moves loading-dropdown-option component to core addon and adds to destination list item menu
* change true assertion to deepEqual in sync destinations test
* adds copyright header to sync-destinations type file
* clear store dataset on sync destination create
---------
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* Sync Destinations Capabilities (#23953)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* adds capabilities checks for sync destinations
* removes canList from sync destinations capabilities
* updates sync header tests
* Update ui/tests/integration/components/sync/sync-header-test.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* updates sync destination response serialization
* updates sync destination serializer test
* updates sync destinations page test assertions
* fixes mirage sync destinations payload issue
* removes commented out method in sync destination adapter
* fixes inconsistencies with url generation for sync destinations delete
* fixes sync destinations page test
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Associations Ember Data Setup (#24132)
* adds model, adapter and serializer for sync associations
* updates sync association adapter save methods to use adapterOptions to determine action
* Sync Destination Secrets Route and Page Component (#24155)
* renames sync destination header component and adds tests
* adds destination secrets route and page component
* adds setup-models helper for sync testing
* moves destination details test into subdir
* adds destination secrets page component tests
* adds controller for destination secrets route
* fixes pagination route on destination secrets view
* fixes sync association updated_at assertion based on timezone
* updates kv secret details external route name
* updates usage of old spacing style variable after merge
* use confirm action instead of contextual confirm (old) component (#24189)
* UI Secrets Sync: Adds secret status to kv v2 details page (#24208)
* woops! missed this styling for confirm action swap
* update link to go to destination secrets
* change edit to view secret from destination secrets list
* add synDestination to external routes for kv engine
* add sync status badge component
* export from addon
* splaattributes
* poll sync status for kv secret details and render
* move from controller to component
* update name to new destinationName key
* reorder list view items
* add refresh button
* add mirage data
* change to loading static
* update icons to be sync specific
* change name
* move button and change fetch to concurrency task
* add tests to kv details
* add color assertion
* add copyright header
* small test tweaks
* Update ui/tests/integration/components/sync-status-badge-test.js
* fixes test
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* Sync Secrets to Destination (#24247)
* fixes issue with filter-input debounce and updates to spread attributes for input rather than use args
* adds destination sync page component
* removes unused var in sync component
* adds test for manual mount path input in sync view
* updates mount filtering in destinations sync page to target kv v2
* Secrets Sync Landing Page Images (#24277)
* updates sync landing page to add marketing images
* removes top margin from sync landing-cta
* adds aria-describedby to sync landing images
* UI Secrets Sync: Serialize trailing slash from destination type (#24294)
* remove trailing slash from type in destination LIST response
* update keys in mirage and tests
* Sync Overview (#24340)
* updates landing-cta image to png with matching height
* adds ts definitons for sync adapters
* updates sync adapters and serializers to add methods for fetching overview data
* adds sync associations list handler to mirage and seeds more associations in scenario
* adds table and totals cards to sync overview page
* adds sync overview page component tests
* fixes tests
* changes lastSync key to lastUpdated for sync fetchByDestinations response
* adds emdash as placeholder for lastUpdated null value in secrets by destination table
* updates to handle 0 associations state for destination in overview table
* Secrets Sync UI: Add loading and error substates (#24353)
* add error substate
* add loading substates
* delete loading from secrets route
* Remove is-version Helper (#24388)
* removes is-version helper and injects service into components
* updates sync tests using version service to new API
* adds comment back for tracked property in secret detials page component
* updates sync tests to use common selectors (#24397)
* update capitalization to consistently be titlecase, fix breadcrumb selector
* clears sync associations from store on destination sync page component destroy (#24450)
* KV Suggestion Input (#24447)
* updates filter-input component to conditionally show search icon
* adds kv-suggestion-input component to core addon
* updates destination sync page component to use KvSuggestionInput component
* fixes issue in kv-suggestion-input where a partial search term was not replaced with the selected suggestion value
* updates kv-suggestion-input to retain focus on suggestion click
* fixes test
* updates kv-suggestion-input to conditionally render label component
* adds comments to kv-suggestion-input regarding trigger
* moves alert banner in sync page below button set
* moves inputId from getter to class property on kv-suggestion-input
* Secrets Sync UI: Editing a destination (#24413)
* add form field groups to sync models
* update create-and-edit form to use confirmLeave and enableInput component
* enable input component
* add more stars
* update css comments
* Update ui/app/styles/helper-classes/flexbox-and-grid.scss
* make attrOptions optional
* remove decorator
* add env variables to subtexr
* add subtext to textfile
* fix overviwe transition bug
* remove breadcrumbs to getter
* WIP adapter update
* update mirage response
* add update method with PATCH
* add patch to application adapter
* fix typo
* finish tests
* remove validations because could use environment variables
* use getter and setter in model
* move update record business to serializer
* rest of logic in serializer;
gp
;
gp
* add model validation warnings
* cleanup getters
* pull create/update logic into method for mirage
* add test for validation warning
* update KV copy
* Sync Success Banner (#24491)
* adds success banner to destination sync page
* move submit disabled logic to getter in destination sync page
* adds id and for attributes to kv mount input in sync page
* hides sync success banner on submit
* use Sync secrets everywhere (remove new) (#24494)
* use Sync secrets everywhere (remove new)
* revert test name change
* Sync Destinations List Filter Bug (#24496)
* fixes issues filtering destinations list
* adds test
* fixes Sync now action text alignment in destination secrets list
* UI Secrets sync: Add purge query param to delete endpoint (#24497)
* adds updated_at to mirage set association handler
* adds changelog entry
* add enterprise in parenthesis for changelog
* addres a11y feedback
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* redirect for deshow/details view
* test coverage
* not found test fix
* changelog
* test fixes and amend for create route with no secret
* handle router with no secret
* add more coverage
* Update 24339.txt
* Update secret-edit.js
* Update secret-edit.js
* restructure conditional because list-directory will never be a thing in this view
* Update secret-edit.js
* remove show for directory. that doesn't exists
* blah fix test
* fix conditional
* remove meep
* enable input component
* add more stars
* update css comments
* Update ui/app/styles/helper-classes/flexbox-and-grid.scss
* make attrOptions optional
* add subtext to textfile
* add docLink arg to form field textfile
* update form field test
* add test
* add comment
* update jsdoc
* remove unused class
* Update ui/tests/integration/components/enable-input-test.js
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* add getter to metadata model
* add changelog and data model fix
* add test coverage
* add nested create coverage
* Update 24404.txt
* remove from data model
* return to how it was
* upgrade to 3.1.0
* VAULT-22471 upgrade to latest version
* fix other selectors
* fix pki tests
* fix copy dropdown
* generated breadcrumbs
* mfa crumbs
* oidc crumbs
* identity crumbs
* use hds crumbs in page::breadcrumbs file
* rename selectors to be consistent
* remaining oidc
* update empty state link style to match hds
* repl empty state
* rep empty state 2
* policy and secret error template
* replace yielded KeyValueHeader elements directly with HDS breadcrumbs
* remove yield from KeyValueHeader
* use key value header in secret header
* update pki header
* kmip breadcrumbs
* replace key-value-header classes
* ssh sign
* replace key value with breadcrumbs
* update selectors part 1
* add a tags
* policy tests
* add crumb index back
* add current route to generated item
* another round of test updates
* remove root link test selector
* secrets/secrete test
* add changelog
* trailing icon
* delete breadcrumb css
* consistently change to sentence case
* titlsecase!
* upgrade to 3.1.0
* VAULT-22471 upgrade to latest version
* fix other selectors
* fix pki tests
* fix copy dropdown
* rename selectors to be consistent
* add replicationRedacted attribute to cluster model
* disallow access to replication pages if repl endpoints are redacted
* hide replicatio nav item
* Hide replication card on dashboard
* Create app-footer component with tests
* glimmerize vault route + controller
* Add dev mode badge to new footer
* Fix version on dashboard
* update app-footer tests
* update version title component
* Handle case for chroot namespace fail on health check
* cleanup
* fix ent tests
* add missing headers
* extra version fetch on login success, clear version on logout and seal
* Add coverage for clearing version on seal
* rename isOSS to isCommunity
* remove is-version helper
* test version in footer on unseal flow
* fix enterprise test
* VAULT-21399 test coverage
* VAULT-21400 test coverage
* replace paddingTop with clas
* use hds alert for AlertInline component
* remve isSmall arg
* add test selector back
* remove mimicRefresh arg
* update assertion for alert inline component
* update string-list
* use alert inline for string-list
* add changelog
* update block instances of alert inline
* remove p tags from test selectors
* minor cleanup
* make splash page view only block content
* change invocation of component
* address some of the pr comments
* add test coverage
* remove conditional because of issue with it always showing
* solve for mfa errors
* move altcontent outside
* replication directory components update
* need to wait for another pr to merge for revoke and fixing a one off in distribute:
* clean up
* amend revoke with new ConfirmAction work.
* some PR comments
* remove wrapping LinkTo
* Update ui/lib/replication/addon/templates/mode/secondaries/revoke.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Add getRelativePath helper and use to calculate relativeNamespace
* Always request capabilities-self on users root ns and prefix body with relative path
* Update capabilities adapter with test
* add changelog
* Simplify getRelativePath logic
* test update
* move list to component
* use helper instead
* add changelog
* clarify changelog copy
* delete components now that helper is in use
* move helper to util, remove template helper invokation
* add optional sorting to lazyPaginatedQuery based on sortBy query attribute
* Add serialization to entity-alias and entity so that they can be sorted by name on list view
* Same logic as base normalizeItems for extractLazyPaginatedData so that metadata shows on list
* Add headers
---------
Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
