* Fix UI when editing database roles
When using a database role the UI will try to update the database connection
associated to the role. This is to make sure that the role is allowed to
use this connection:
async _updateAllowedRoles(store, { role, backend, db, type = 'add' }) {
const connection = await store.queryRecord('database/connection', { backend, id: db });
const roles = [...connection.allowed_roles];
const allowedRoles = type === 'add' ? addToArray([roles, role]) : removeFromArray([roles, role]);
connection.allowed_roles = allowedRoles;
return connection.save();
},
async createRecord(store, type, snapshot) {
const serializer = store.serializerFor(type.modelName);
const data = serializer.serialize(snapshot);
const roleType = snapshot.attr('type');
const backend = snapshot.attr('backend');
const id = snapshot.attr('name');
const db = snapshot.attr('database');
try {
await this._updateAllowedRoles(store, {
role: id,
backend,
db: db[0],
});
} catch (e) {
throw new Error('Could not update allowed roles for selected database. Check Vault logs for details');
}
return this.ajax(this.urlFor(backend, id, roleType), 'POST', { data }).then(() => {
// ember data doesn't like 204s if it's not a DELETE
return {
data: assign({}, data, { id }),
};
});
},
This is intended to help the administrator as the role will only work if
it is allowed by the database connection.
This is however an issue if the person doing the update does not have
the permission to update the connection: they will not be able to use
the UI to update the role even though they have the appropriate permissions
to do so (using the CLI or the API will work for example).
This is often the case when the database connections are created by a
centralized system but a human operator needs to create the roles.
You can try this with the following test case:
$ cat main.tf
resource "vault_auth_backend" "userpass" {
type = "userpass"
}
resource "vault_generic_endpoint" "alice" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/alice"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : ["root"],
"password" : "alice"
})
}
data "vault_policy_document" "db_admin" {
rule {
path = "database/roles/*"
capabilities = ["create", "read", "update", "delete", "list"]
}
}
resource "vault_policy" "db_admin" {
name = "db-admin"
policy = data.vault_policy_document.db_admin.hcl
}
resource "vault_generic_endpoint" "bob" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/bob"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : [vault_policy.db_admin.name],
"password" : "bob"
})
}
resource "vault_mount" "db" {
path = "database"
type = "database"
}
resource "vault_database_secret_backend_connection" "postgres" {
backend = vault_mount.db.path
name = "postgres"
allowed_roles = ["*"]
verify_connection = false
postgresql {
connection_url = "postgres://username:password@localhost/database"
}
}
$ terraform apply --auto-approve
then using bob to create a role associated to the `postgres` connection.
This patch changes the way the UI does the update: it still tries to
update the database connection but if it fails to do so because it does not
have the permission it just silently skip this part and updates the role.
This also update the error message returned to the user in case of issues
to include the actual errors.
* Add changelog
* Also ignore error when deleting a role
* Address code review comments
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* Ember Engine Setup for Secrets Sync (#23653)
* ember engine setup for secrets sync
* Update ui/lib/sync/addon/routes.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Mirage Setup (#23683)
* adds mirage setup for sync endpoints
* updates secret_name default in sync-association mirage factory
* UI Secrets Sync: Ember data sync destinations (#23674)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* use normalizeItems instead
* destination serializer test
* add destination find method;
* add conditional operand
* UI Secrets Sync: Overview landing page (#23696)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* add tests
* UI Secrets Sync: Destinations adapter add LIST (#23716)
* add models
* adapters
* base model adapter
* update test response
* add sync destinations helper
* finish renaming base destination model/adapter
* add comment
* add serializer
* doc-link helper
* add version service
* landing and overview component
* overview page
* build out serializer and adapters
* update mirage
* fix merge conflicts
* one more conflict!
* pull transformQueryResponse to separate method in adapter
* move data transforming all to serializer and tests
* add note to paginationd ocs
docs
* conditionally render CTA
* add lazyPaginatedQuery method to destinations route
* remove partial error
* Secrets Sync: Destinations create - select type (#23792)
* add category to destinations
* build select type page
* refactor prompt config situation
* routing for destinations
* update select-type routing
* make card width fixed
* revert CTA routing change, keep shouldRenderOverview
* add header for gif demo to form
* cleanup scope
* more scope cleanup
* add test
* add type selector
* rename components
* rename again
* remove async
* fix tests
* fix select type rename in test
* delete renamed test
* fix import of general selectors
* rename using component syntax
* UI Secrets Sync: Create destination form and route (#23806)
* add model attribute metadata
* add form and save url, remove name and type from serializer
* move checkbox list to form field helper
* add styling to alert inline
* use newly made class
* fix cancel action and cleanup form
* change quotes
* remove checkbox action from form component
* add tests
* address feedback
* add API error test
* use create record method instead
* adapter test for create record
* return from find method if type is undefined
* cleanup test selectors
* secrets sync: refactor sync destinations helper (#23839)
* refactor getter in base destination model
* add getters back to model
* Secrets sync UI: Destination details page (#23842)
* change labels to match params
* add maskedParams to base model
* add details route
* add details view;
* update mirage
* fix secrets sync link;
* delete parent destination route
* add copyright header
* add secrets route
* move sync route outside of secrets/ route
* upate mirage
* export to-label
* finish tests
* make ternary
* rename header tabs
* fix selector in test
* Secrets Sync UI: Cleanup headers + tabs (#23873)
* remove destination header component, add headers/tabs to all routes
* fix header padding
* move tabs + toolbar back into component...
* add copyright header
* add delete modal
* lol revert again
* add extra line after copyright header
* Secrets Sync Destinations List View (#23949)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* Update ui/app/services/store.js
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* updates nav link label for secrets sync
* moves sync destinations types out of app-types
* moves loading-dropdown-option component to core addon and adds to destination list item menu
* change true assertion to deepEqual in sync destinations test
* adds copyright header to sync-destinations type file
* clear store dataset on sync destination create
---------
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* Sync Destinations Capabilities (#23953)
* adds route and page component for sync destinations list view
* filters by type first for sync destinations
* adds test for store.filterData method
* adds capabilities checks for sync destinations
* removes canList from sync destinations capabilities
* updates sync header tests
* Update ui/tests/integration/components/sync/sync-header-test.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* updates sync destination response serialization
* updates sync destination serializer test
* updates sync destinations page test assertions
* fixes mirage sync destinations payload issue
* removes commented out method in sync destination adapter
* fixes inconsistencies with url generation for sync destinations delete
* fixes sync destinations page test
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Sync Associations Ember Data Setup (#24132)
* adds model, adapter and serializer for sync associations
* updates sync association adapter save methods to use adapterOptions to determine action
* Sync Destination Secrets Route and Page Component (#24155)
* renames sync destination header component and adds tests
* adds destination secrets route and page component
* adds setup-models helper for sync testing
* moves destination details test into subdir
* adds destination secrets page component tests
* adds controller for destination secrets route
* fixes pagination route on destination secrets view
* fixes sync association updated_at assertion based on timezone
* updates kv secret details external route name
* updates usage of old spacing style variable after merge
* use confirm action instead of contextual confirm (old) component (#24189)
* UI Secrets Sync: Adds secret status to kv v2 details page (#24208)
* woops! missed this styling for confirm action swap
* update link to go to destination secrets
* change edit to view secret from destination secrets list
* add synDestination to external routes for kv engine
* add sync status badge component
* export from addon
* splaattributes
* poll sync status for kv secret details and render
* move from controller to component
* update name to new destinationName key
* reorder list view items
* add refresh button
* add mirage data
* change to loading static
* update icons to be sync specific
* change name
* move button and change fetch to concurrency task
* add tests to kv details
* add color assertion
* add copyright header
* small test tweaks
* Update ui/tests/integration/components/sync-status-badge-test.js
* fixes test
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* Sync Secrets to Destination (#24247)
* fixes issue with filter-input debounce and updates to spread attributes for input rather than use args
* adds destination sync page component
* removes unused var in sync component
* adds test for manual mount path input in sync view
* updates mount filtering in destinations sync page to target kv v2
* Secrets Sync Landing Page Images (#24277)
* updates sync landing page to add marketing images
* removes top margin from sync landing-cta
* adds aria-describedby to sync landing images
* UI Secrets Sync: Serialize trailing slash from destination type (#24294)
* remove trailing slash from type in destination LIST response
* update keys in mirage and tests
* Sync Overview (#24340)
* updates landing-cta image to png with matching height
* adds ts definitons for sync adapters
* updates sync adapters and serializers to add methods for fetching overview data
* adds sync associations list handler to mirage and seeds more associations in scenario
* adds table and totals cards to sync overview page
* adds sync overview page component tests
* fixes tests
* changes lastSync key to lastUpdated for sync fetchByDestinations response
* adds emdash as placeholder for lastUpdated null value in secrets by destination table
* updates to handle 0 associations state for destination in overview table
* Secrets Sync UI: Add loading and error substates (#24353)
* add error substate
* add loading substates
* delete loading from secrets route
* Remove is-version Helper (#24388)
* removes is-version helper and injects service into components
* updates sync tests using version service to new API
* adds comment back for tracked property in secret detials page component
* updates sync tests to use common selectors (#24397)
* update capitalization to consistently be titlecase, fix breadcrumb selector
* clears sync associations from store on destination sync page component destroy (#24450)
* KV Suggestion Input (#24447)
* updates filter-input component to conditionally show search icon
* adds kv-suggestion-input component to core addon
* updates destination sync page component to use KvSuggestionInput component
* fixes issue in kv-suggestion-input where a partial search term was not replaced with the selected suggestion value
* updates kv-suggestion-input to retain focus on suggestion click
* fixes test
* updates kv-suggestion-input to conditionally render label component
* adds comments to kv-suggestion-input regarding trigger
* moves alert banner in sync page below button set
* moves inputId from getter to class property on kv-suggestion-input
* Secrets Sync UI: Editing a destination (#24413)
* add form field groups to sync models
* update create-and-edit form to use confirmLeave and enableInput component
* enable input component
* add more stars
* update css comments
* Update ui/app/styles/helper-classes/flexbox-and-grid.scss
* make attrOptions optional
* remove decorator
* add env variables to subtexr
* add subtext to textfile
* fix overviwe transition bug
* remove breadcrumbs to getter
* WIP adapter update
* update mirage response
* add update method with PATCH
* add patch to application adapter
* fix typo
* finish tests
* remove validations because could use environment variables
* use getter and setter in model
* move update record business to serializer
* rest of logic in serializer;
gp
;
gp
* add model validation warnings
* cleanup getters
* pull create/update logic into method for mirage
* add test for validation warning
* update KV copy
* Sync Success Banner (#24491)
* adds success banner to destination sync page
* move submit disabled logic to getter in destination sync page
* adds id and for attributes to kv mount input in sync page
* hides sync success banner on submit
* use Sync secrets everywhere (remove new) (#24494)
* use Sync secrets everywhere (remove new)
* revert test name change
* Sync Destinations List Filter Bug (#24496)
* fixes issues filtering destinations list
* adds test
* fixes Sync now action text alignment in destination secrets list
* UI Secrets sync: Add purge query param to delete endpoint (#24497)
* adds updated_at to mirage set association handler
* adds changelog entry
* add enterprise in parenthesis for changelog
* addres a11y feedback
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
* upgrade to 3.1.0
* VAULT-22471 upgrade to latest version
* fix other selectors
* fix pki tests
* fix copy dropdown
* rename selectors to be consistent
* add replicationRedacted attribute to cluster model
* disallow access to replication pages if repl endpoints are redacted
* hide replicatio nav item
* Hide replication card on dashboard
* Create app-footer component with tests
* glimmerize vault route + controller
* Add dev mode badge to new footer
* Fix version on dashboard
* update app-footer tests
* update version title component
* Handle case for chroot namespace fail on health check
* cleanup
* fix ent tests
* add missing headers
* extra version fetch on login success, clear version on logout and seal
* Add coverage for clearing version on seal
* rename isOSS to isCommunity
* remove is-version helper
* test version in footer on unseal flow
* fix enterprise test
* VAULT-21399 test coverage
* VAULT-21400 test coverage
* replace paddingTop with clas
* use hds alert for AlertInline component
* remve isSmall arg
* add test selector back
* remove mimicRefresh arg
* update assertion for alert inline component
* update string-list
* use alert inline for string-list
* add changelog
* update block instances of alert inline
* remove p tags from test selectors
* minor cleanup
* make splash page view only block content
* change invocation of component
* address some of the pr comments
* add test coverage
* remove conditional because of issue with it always showing
* solve for mfa errors
* move altcontent outside
* remove title-number class and consolidate border radius
* move selectable card to core addon
* add top padding to db cards
* update transform icon color
* new selectable card component
* fix db test
* use selectable card in mount backend form
* fix query param for overview card
* update tests
* fix replication card styling
* make card accessible;
* update tabindex
* change to standalone for error handling
* update test selector
* update tests
* go back to number only css class
* fix on click tests
* add changelog
* update class name in template file
* delete box radio
* fixes issues displaying accurate tls state in dashboard configuration details
* adds changelog entry
* updates tls getter to look for falsy in configuration details card
* fixes issue with auth methods disappearing from list view
* fixes issue with Authentication Methods sidebar nav link not staying active when mounting auth method
* fixes tests and adds coverage for missing auth methods
* Remove component: diff version selector
* delete SecretVersionMenu
* remove secret logic from GetCredentialsCard
* remove DiffVersionSelector hbs file and references
* delete more css for diff version view
* remove diff route
* fix credential card selector
* ui: refactor SecretFormShow (#22723)
* refactor secret form show
* fix selector typo
* remove version route (#22738)
* Remove old KV2 delete things (#23015)
* remove kv2 old delete things
* comment
* Remove old metadata (#22747)
* wip to remove metadata
* review comments
* UI/remove kv2 secret create or update (#23039)
* remove is v2 param
* permissions clean up
* remove version things
* remove excess from form show
* clean up
* created time was never a thing for cubbyhole, confirmed on api
* update tune test
* fix control group tests:
* Remove kv v2 models (#23087)
* remove is v2 param
* permissions clean up
* remove version things
* remove excess from form show
* clean up
* created time was never a thing for cubbyhole, confirmed on api
* update tune test
* fix control group tests:
* remove models
* Update ui/app/models/secret-engine.js
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* blah prettier
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* UI/config update (#23111)
* sweep through clean up
* remove component
* remove unused selectors
* remove unncessary
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>
Co-authored-by: Angel Garbarino <angel@hashicorp.com>
* Part 1: Upgrade HDS to 2.9.0 (#22311)
* UI: HDS adoption replace <CopyButton> part 2 (#22356)
* certificate-card.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* scope-form.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* fix tests caused by changing certificate-card. change hds copy button in certificate-card.hbs
* json-editor.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* masked-input.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* fix error with certificate-card.hbs copy button
* fix tests that deal with certificate-card.hbs
* add class to hds copy buttons to maintain similar styling to curent UI
* info-table-row.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* undo change that should instead by merged in from main
* change tooltip copy button to white. cleanup
* add extra tet for oidc scope form. edit css class for the white icon copy button
* fix tests
* UI: HDS adoption replace <CopyButton> part 3 (#22614)
* encrypt.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* decrypt.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* datakey.hbs. replace 6 <CopyButton> with <Hds::Copy::Button>
* rewrap.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* hmac.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* fix typo
* add copy-close class to copy & close buttons
* export.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>. fix styling
* sign.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* fix test caused by changing <pre> tag to <code> in export.hbs
* rename class
* add extra style to class needed for part 4 of copy button replacement
* UI: HDS adoption replace <CopyButton> part 4 (#22749)
* user-menu.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* transit-form-show.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* configure-ssh-secret.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* tool-hash.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* tool-random.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* tool-rewrap.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* tool-unwrap.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* tool-wrap.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* paths.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* code-snippet.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* cleanup css for code-snippet. add comments for getting rid of code-snippet and replacing with <Hds::Copy::Snippet
* change code-snippet copy icon to gray to match original design
* change code-snippet class
* accounts.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* hover-copy-button.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* add.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* show.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* copy-secret-dropdown.hbs: replace 1 <CopyButton> with <Hds::Copy::Button>
* change styling of 'link' copy buttons
* generate-credentials.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* transform-show-transformation.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* sign.hbs: replace 2 <CopyButton> with <Hds::Copy::Button>
* hide some copy buttons' icons and use original flash message
* undo cleanup of scss file so that I can put cleanup all into one PR to be more organized
* update code snippet copy button
* UI: HDS adoption replace <CopyButton> part 5: Cleanup (#22884)
* remove unecessary code-snippet.scssn class
* remove copy classes from masked-input.scss
* remove copy button class from text-file.scss
* uninstall ember-cli-clipboard 0.16.0 since there is no longer structure <CopyButton>
* remove copyright message from code-snippet.scss to avoid merge conflicts with main, where the file is deleted
* replace 2 classes with one
* remove unecessary class from copy button
* cleanup classes
* revert changes to avoid merge conflicts
* remove is-block class
* conditionally render private key
* add more info to comment
* remove HoverCopyButton
* add missing selector
* fix control group padding
---------
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* rename class to transparent background
* remove unused test selectors
* replace transit actions with Copy::Snippet
* replace transfrom code blocks with code snippet component
* revert extra css fiddling
* misc cleanup, unused action
* remove copy & close buttons from transit modals
* remove is- from class naming
* remove hds-copy-button class
* add other grey class
* more small cleanup
* add -top to margin
* add changelog
---------
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* ui: adds a new auth form option
* add warning if nonsecure context, cleanup
* more ember-y
* Only show saml auth method for enterprise, plus tests
* Use error message helper
* Dont include saml on community auth list
* Add allSupportedAuthBackends method
* change token request from GET to PUT to match backend change
* Fetch role on sign in, cancel login after timeout
* saml acceptance test
* Add changelog
* saml test only on enterprise
* set the acs_url according to which cluster the UI is served from
* prepare namespace in addition to path with a helper func
---------
Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com>
