* upgrade ember-data 5.3.2, uninstall legacy compat, upgrade ember-cli, ember-source
* use query instead of findAll for auth methods, update tests
* set mutableId for kmip
* show generated private key data before transitioning to details
* update kv metadata test
* remove deprecated methods from path help service
* add changelog, update readme version matrix
* remove toggle template helper
* Add helper combineOpenApiAttrs + test
* hydrateModel working with upgradeModelSchema
* new registerNewModelWithAttrs method for generated models
* Add newFields to generated models
* copyright
* Glimmerize path-help service
* update generated-item-list adapter and path-help usage of it
* remove unused methods combineAttributes and combineFields
* move expandOpenApiProps to ts helper file
* fix auth test
* fix bug where adding user to second userpass mount saves to first mount
* Add mutableId
* fix ent test
* remove addressed deprecation
* Address PR comments
* [VAULT-31208] remove deprecation early-static from decorator tests
* rename validators util into model-helpers folder
* move kmip-role-fields to model-helpers
* fill out docs
* Move database-helpers into model-helpers
* broom
* update kmip/role model and adapter
* New KMIP role form component
* cleanup on kmip role adapter/model
* fix role details view
* update tests to check for kmip role form and details validity
* cleanup
* Add kmip-role-fields test
* add headers, remove old component
* Address PR comments
* UI: Implement overview page for KV v2 (#28162)
* build json editor patch form
* finish patch component and tests
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add overview tabs to test
* add subtext to overview card
* remaining redirects in secret edit
* remove create new version from popup menu
* fix breadcrumbs for overview
* separate adding capabilities service
* add service to kv engine
* Revert "separate adding capabilities service"
This reverts commit bb70b12ab7dbcde0fbd2d4d81768e5c8b1c420cc.
* Revert "add service to kv engine"
This reverts commit bfa880535ef7d529d7610936b2c1aae55673d23f.
* update navigation test
* consistently navigate to secret.index route to be explicit
* finish overview navigation tests
* add copyright header
* update delete tests
* fix nav testrs
* cleanup secret edit redirects
* remove redundant async/awaits
* fix create test
* edge case tests
* secret acceptance tests
* final component tests
* rename kvSecretDetails external route to kvSecretOverview
* add comment
* UI: Add patch route and implement Page::Secret::Patch page component (sidebranch) (#28192)
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add patch route and put in page component
* add patch secret action to subkeys card
* fix component name
* add patch capability
* alphabetize computed capabilities
* update links, cleanup selectors
* fix more merge conflict stuff
* add capabilities test
* add models to patch link
* add test for patch route
* rename external route
* add error templates
* make notes about enterprise tests, filter one
* remove errors, transition (redirect) instead
* redirect patch routes
* UI: Move fetching secret data to child route (#28198)
* remove @secret from metadata details
* use metadata model instead of secret in paths page
* put delete back into kv/data adapter
* grant access in control group test
* update metadata route and permissions
* remove secret from parent route, only fetch in details route
* change more permissions to route perms, add tests
* revert overview redirect from list view
* wrap model in conditional for perms
* remove redundant canReadCustomMetadata check
* rename adapter method
* handle overview 404
* remove comment
* add customMetadata as an arg
* update grantAccess in test
* make version param easier to follow
* VAULT-30494 handle 404 jira
* refactor capabilities to return an object
* update create tests
* add test for default truthy capabilities
* remove destroy-all-versions from kv/data adapter
* UI: Add enterprise checks (#28215)
* add enterprise check for subkey card
* add max height and scroll to subkey card
* only fetch subkeys if enterprise
* remove check in overview
* add test
* Update ui/tests/integration/components/kv/page/kv-page-overview-test.js
* fix test failures (#28222)
* add assertion
* add optional chaining
* create/delete versioned secret in each module
* wait for transition
* add another waitUntil
* UI: Add patch latest version to toolbar (#28223)
* add patch latest version action to toolbar
* make isPatchAllowed arg all encompassing
* no longer need model check
* use hash so both promises fire at the same time
* add subkeys to policy
* Update ui/lib/kv/addon/routes/secret.js
* add changelog
* small cleanup items! (#28229)
* add conditional for enterprise checking tabs
* cleanup fetchMultiplePaths method
* add test
* remove todo comment, ticket created and design wants to hold off
* keep transition, update comments
* cleanup tests, add index to breadcrumbs
* add some test coverage
* toggle so value is readable
* manual cherry pick to deal with all the merge things
* changelog
* test fixes
* Update 28148.txt
* fix tests failures after main merge
* fix test failures after main merge
* Add Access Type and conditionally render WIF fields (#28149)
* initial work.
* remove access_type
* better no model logic well kind of
* rollback attrs
* remove defaults
* stopping point
* wip changing back to sidebranch
* hustling shuffling and serializing
* some of the component test coverage
* disable acces type if editing
* test coverage
* hide max retries that sneaky bugger
* cleanup
* cleanup
* Update root-config.js
* remove flash message check, locally passes great but on ci flaky
* clean up
* thank you chelsea
* test clean up per enterprise vs community
* address pr comments
* welp a miss add
* UI (sidebranch) WIF Issuer field (#28187)
* Add type declaration files for aws config models
* use updated task syntax for save method on configure-aws
* fix types on edit route
* fetch issuer on configure edit page if aws + enterprise
* track issuer within configure-aws component
* add placeholder support on form-field
* Add warning if issuer changed from previous value or could not be read
* cleanup
* preliminary tests
* dont use while loop so we can test the modal
* tests
* cleanup
* fix tests
* remove extra tracked value and duplicate changed attrs check
* modal footer
---------
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>
* Display issuer on Configuration details (#28209)
* display issuer on configuration details
* workflow complete, now on to testing
* handle issuer things
* fix all the broken tests things
* add test coveragE:
* cleanup
* rename model/adapter
* Update configure-aws.ts
* Update aws-configuration-test.js
* 90 percent there for pr comments
* last one for tonight
* a few more because why not
* hasDirtyAttributes fixes
* revert back to previous noRead->queryIssuerError
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* add capabilities service
* remove from kv engine for now
* add canRead
* move await helper to addon
* add test
* update capabilities service to accommodate multiple paths
* address comments, make methods more explicit
* remove namespace key
* fix typo in test
* add namespace back!
* round out tests for other methods
* add test
* add comment
* initial changes with no test coverage
* test coverage and fixes
* additional edit config test coverage
* clean up
* clean up
* Address pr feedback
* welp missed an await
* missed
* take back
* Update configure-ssh-test.js
* add patch to kv adapter
* use query-param-string helper in fetchSubkeys
* one more whitespace helper
* move method because git diff was strange
* update path util tests
* move files around
* move fetches to config to the configuration.index route
* working... for aws, lots of clean up left
* move error handling to parent route
* standarize configModel param
* add test coverage
* welp a miss for non configurable engines
* pr comments
* remove mirage interrupts and test actual api
* update configuration details test to test for template only things
* api error coverage
* setup the toggle to display mount configuration options
* whew.. getting there. aws only, borked for ssh
* another round, better than before
* masked things
* changelog
* fix broken oss test
* move to component
* handle ssh things and cleanup
* wip test coverage
* test coverage for the component
* copywrite header miss
* update no model error
* setup configuration aws acceptance tests
* update CONFIURABLE_SECRET_ENGINES
* acceptance tests for aws
* ssh configuration
* clean up
* remove comment
* move to confirm model before destructuring
* pr comments
* fix check for ssh config error
* add message check in api error test
* pr comments
* consistent timestamp format
* wrap client count card in permissions
* add test
* add changelog
* move tests into module, add more!
* final test cleanup, stub permissions manually without helper
* use current_billing_period for dashboard, add tests
* update mirage to handle new client param
* Update ui/app/components/dashboard/client-count-card.js
* refactor findAll to use internal/ui/mounts when authenticated as well
* format ttl in details view
* include hours in format for easy comparison to CLI return
* Revert "include hours in format for easy comparison to CLI return"
This reverts commit 990aaf5d1e157ccd83389ecd54011b8971f7e52d.
* add changelog
* revert adapter change
* add new adapter method instead of updating existing
* add test for ttl
* revert and use findAll again
* update mirage endpoints
* remove query obj
* Revert "update mirage endpoints"
This reverts commit f5fb333bf46b8ee86fbd134cbbd9fde85a72c9a1.
* another one that snuck into a separate commit
* use adapterOption to manage endpoint logic
* add adapter tests
* Update changelog/26663.txt
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* add test that ttl inputs aren not checked
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* Glimmerize replication controllers
* Add enable-replication-form component with tests
* use EnableReplicationForm in index and mode routes
* clean up enable action from replication-actions mixin
* fix test failure for structuredClone
* stabilize tests, remove enable action from replication-actions and replication-summary
* Update ui/lib/replication/addon/controllers/replication-mode.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* address PR comments
* stabilize oidc test?
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* remove .get() from cluster and vault route
* replace .get() use in adapters
* remove .get() from components part 1
* remove .get() from string-list
* remaining components
* controller .get() removal
* remove .get() use in mixins
* routes/cluster/access* .get() replacement
* policy index route
* routes/secrets/backend*
* route/cluster*
* serializers
* is-active-route
* remaining top-level addon gets
* replication get()
* revery change that broke things
* woops, revert other store service change
* revert some controller changes
* revert get on URLSearchParams class
* remove .sortBy ember method
* small cleanup items
* small cleanups from PR review
* Update add-to-array and remove-from-array helpers
* remove search-select-has-many, moved logic directly into mfa-login-enforcement-form (see #16470)
* Replace add/remove object in MFA files - All MFA tests pass
* Replace in PKI components (pki tests all passing)
* Replace in core addon where applicable
* glimmerize console service -- console tests pass
* more replacements
* update string-list, add comment to vertical-bar-chart
* Refactor CSP Event service
- only used one place (auth-form) so simplified that usage
- glimmerize and refactor so that the tests work
* small updates
* more cleanup
* Fix tests
* Remove objectAt from console-helpers
* Address PR comments
* move commandIndex clearing back
* Remove extra model set
* VAULT-24469 use sys/seal-status instead of internal version endpoint
* Update tests and mirage handlers
* Revert "VAULT-20669: Add New Authenticated Endpoint for Version (#23740)"
This reverts commit 550c99ae3b.
* Readded version_test.go
* Reverted any old changes on versionlgo
---------
Co-authored-by: divyaac <divyaac@berkeley.edu>
* update adapter to accept :type in url
* update model attributes to include deletion_allowed and tokenization type
* update max_ttl text
* update adapter test
* add changelog;
* update comment
* Request resultant-acl only from users root namespace
* Update permissions adapter to always call resultant-acl at users root, with test
* Update resultant-acl to accept failType
* Update permissions service to set permissionsBanner based on resultant-acl contents
* wire it up
* add changelog
* cleanup unused adapter changes
* use getter for shared namespace logic
* oidc provider test stability
* ldap role error object to adapter error object so we can amend the message.
* userpass stability
* missed the assert modification
* unique provider and app names
* Client Count Routing Updates (#24733)
* updates client count routing for sync and future additions
* adds copyright header to clients sync template
* adds missing copyright headers
* UI: Adds secret_syncs to mirage /activity endpoint (#24846)
* add secret_syncs to mirage endpoint
* import clients handler
* UI: Set up client charts for incoming sync data (#24852)
* sum stacked bar values for tooltip total
* make tooltip dynamic based on chartLegend
* remove redundant helper
* add secret_syncs to client count utils
* move sum function to helper
* update horizontal bar chart to include sync_clients
* calculate sum of bars in tooltip
* rename color palette const, define chart legends in each parent component instead of token.js
* update tooltips
* update mirage handler to add sys/ namespace
* update mirage handler to add sys/ namespace
* use pushObject
* update test
* UI: Secret sync bar chart (#24926)
* install lineal
* add ember-style-modifier dep
* Add client count types for serialized data
* Add sync bar chart component with tests
* Chart is responsive
* address comments
* Clients Counts Parent Route (#24899)
* adds interfaces for clients models
* moves date formatting logic from clients activity adapter to utils file
* adds clients counts route
* updates links to clients route to point to top level and updates redirect to counts overview route
* removes clients base route and moves overview and sync routes under counts
* adds clients counts page component
* converts clients route to ts
* adds billing start timestamp to clients config mirage response and updates counts route to always attempt to fetch activity
* fixes issue with updating namespace and auth mount query params always triggering client counts route model hook
* adds tests for clients counts page component
* adds missing copyright header to client-counts type file
* Update ui/app/components/clients/page/counts.hbs
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* fixes bad import in sync-bar-chart
* updates clients counts route to bypass query if there is not start_time
* pins d3-shape to 1.3.7 for now -- makes lineal play nice with old charts
* fixes sync bar chart tooltip assertion
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* UI: convert line-chart to lineal (#24961)
* lineal chart alongside svg
* Add version-history to sync handler for testing
* line chart is TS, test updated
* remove d3-shape resolution
* fix clients/token-test
* use chartHeight in running-total template
* use M/yy key instead of timestamp, chart is responsive
* Add test for swapping datasets
* add more edge case tests
* more test
* remove untrue assertion
* fix weird decimal when between 1.1k and 2k
* address feedback
* Update line-chart to use timestamp instead of month key
* Add timestamp to all places where month is on the clients activity response
* Client Counts Overview (#24969)
* adds counts base component for use in client counts child routes
* adds clients counts overview page component
* splits out monthly new chart from clients running total component
* adds missing copyright headers
* moves running total related assertions from token to overview acceptance test
* removes new client assertions from running-total test and adds tests for monthly-new component
* updates copy in running-total component
* fixes clients overview tests
* fixes timestamp stub not being restored in monthly-new test
* fixes mfa-login test
* renames counts component to activity
* removes unused selectedAuthMethod arg from running-total component
* adds timestamp back to running-total component
* Secrets sync UI: add sync page component (#24982)
* adds counts base component for use in client counts child routes
* adds clients counts overview page component
* splits out monthly new chart from clients running total component
* adds missing copyright headers
* move sync-bar-chart to charts/ folder
* update types and rename chart
* rename template file
* moves running total related assertions from token to overview acceptance test
* removes new client assertions from running-total test and adds tests for monthly-new component
* updates copy in running-total component
* fixes clients overview tests
* fixes timestamp stub not being restored in monthly-new test
* fixes mfa-login test
* fix 0 values erroring charts
* separate timestamp again
* address merge conflicts
* finish building sync chart component WIP css
* renames counts component to activity
* update import
* revert name to dataKey
* update styling for charts without legends
* use monthly stat chart component for layout
* use monthly chart stats in monthly new
* implement stat wrapper;
* remove extra grid div
* rename component
* fix legend css;
* update test[
* remove arbitrarily setting max
* add single month view
* use stat text
* update line chart tests
* rename line chart
* update tests
---------
Co-authored-by: Jordan Reimer <zofskeez@gmail.com>
* update selectors
* add sync page tests
* Secrets Sync UI: Add secrets syncs to csv export (#25056)
* update mirage and add sync clients to export csv
* fix sync legend label
* remove word
* update copy in modal
* update mirage
* fix attribution tooltip text
* Clients Counts Token Route (#25019)
* renames token route and page component back to dashboard
* adds client counts token route and page component
* updates charts in token page to use ChartContainer component
* adds tests for clients token page component
* restore clients dashboard test
* use var for chart title sync page
* updates clients token page to show usage stats when querying single month
* updates token page clients averages to only include entity and non-entity clients in calculation
* fixes monthly total counts lower than new clients in mirage handler
* fixes token test
---------
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
* Clients Usage Stats/Running Total Updates (#25094)
* updates clients usage counts and running totals
* updates usage stats total copy
* fixes client counts overview tests
* Secrets sync UI: cleanup and consolidation of components (#25090)
* rename authMethod to mountPath
* generalize count template copy
* add todo to delete monthly new component
* rename to tokenTab
* wrap filters in conditional checking for start timestamp
* some users may not have access to /config endpoint
* fix querying when user has no billing date permissions and clicks current billing period
* extend activity component from counts page
* Revert "extend activity component from counts page"
This reverts commit 1d0e85c82faf88c4385a04b1a5841cdde7fd00e0.
* rename to startTimestampISO
* remove timestamp from route and just use activity model responseTimestamp
* fix chart y domain max
* fix typos in usage stat and running totals component
* delete backing class for display only template;
* updates tests
* adds comment for fetching license to get start date for billing
* cleans up unused client counts files (#25157)
* adds changelog
* fix assertion copy
* adds changelog description
* updates enterprise sidebar nav test
---------
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* UI: [VAULT-21521] Initial config-ui engine and routes set up (#23922)
* UI: [VAULT-21526] Create adapter, serializer, and model files (#23947)
* UI: [VAULT-21588] Add Custom Messages to the sidebar (#23946)
* UI: [VAULT-21527] Mirage setup (#24000)
* UI: [VAULT-21530] Custom Messages List View w/ Pagination and LazyPaginatedQuery (#24133)
* UI: Add list to adapter query param (#24187)
* UI: [VAULT-21532] Create message (#24407)
* WIP create message
* Add breadcrumns
* Create and edit form
* Add save to create/edit form
* Add cancel and todo
* Fix cancel route
* Fix breadcrumb label to be title case
* add start time logic
* Update breadcrumb
* Fix breadcrumbs and merge conflict test
* Update create form description
* Fix sidenav so it always highlights
* Fix up forms
* Mostly working create form
* Form cleanup
* Fix link title and href form fields
* Default startTime
* Fix messages
* Update dropdown to use the updated ConfirmAction component
* Update create and edit form
* Add wip tests
* Fix breadcrumb formatter
* Comment out test
* Update create message test
* Update more tests
* Add comment for fixing date on edit
* Update Message form
* Code cleanup!
* Add validation tests
* Remove authenticated from route model
* SOme more code cleanup
* Add controller so authenticated is parsed
* Working radio buttons
* Use an object instead of arrays
* Wip date form
* Fix license headers
* Fix license headers addition of files
* Fix copyright format issues and clean up code
* Fix tests
* Rename FormField radio getter and ay11 improvements
* Address feedback
* Fix specific date so it remembers the values
* Address feedback!
* Update more form fields
* Use formfield action instead
* Update to every
* Update syntax of onchange
* Fix tests
* Update willDestroy so it doesnt break tests
* Remove set and brodcast datetimelocal
* Put FormField back the way it was in favor of putting FormField to a seperate PR
* Remove getter in formfield component file
* Address more feedback
* Put back test
* Update datetime string format var name and location
* UI: [VAULT-21534 VAULT-21533 VAULT-21536] edit, preview, and delete custom message (#24603)
* Working edit
* VAULT-21536 update delete message and create/update flash message
* VAULT-21533 add preview modal
* Update serializer
* Preview refinements
* Move preview to its own component
* Move breadcrumbs to setupController
* Add more tests
* Address some feedback
* Address more feedback!
* Update serailizer
* Remove stylesheet
* Add comment
* UI: [VAULT-21435] Message details (#24645)
* WIP
* Fix timezone bug
* Fix date issues on create/edit form
* Add details screen
* Use allFields instead of formFields
* Fix tests
* Address comments!
* UI: VAULT-21538 unauth endpoint message display (#24665)
* WIP unauth display
* Add modal custom message
* Close multiple modals
* Update todo with ticket number
* On init make custom message request
* Use serializer
* Update fetchMessages
* Add copyright headers
* Add services and serializers
* Send null instead of empty strings
* Fix tests!
* Add copywrite headers
* Add some acceptance tests
* Test cleanup
* Put tests back
* pass hooks to module
* Move module out
* Seperate tests
* Copywrite
* Add aria-prohibited-attr runList options
* Code cleanup
* Add date-time-local transform
* Add copyright headers
* Remove comments
* Remove date transform stuff for now!
* Put getISODateFormat back into the serailize function
* UI: Date time local transform (#24694)
* Date time local
* Add deserialize
* Add copyright header
* check if date exists
* Use parseISO for date strings since datefns requires this in new update
* Update tests
* Ensure we cehck for an ISOString
* Add checks so tests wont fail
* Update parseISO
* Address feedback
* UI: multiple banner message on create and edit form (#24742)
* WIP multiple banner message on create and edit form
* Fix tests
* Put checks back
* Add try/catch to query
* Fix breadcrumbs
* Add page size to pagination
* Add multiple modal message tests
* Address feedback
* Check for valid form first
* Add extra checks
* Address feedback
* Move getter to the route
* Fix tests!
* Address more feedback
* Use still when cancelling
* Update multiple banner modal
* Fix tests
* Set user confirmation to empty string
* UI: VAULT-21539 auth messages display (#24842)
* WIP auth message display
* Move block to show only when authenticated
* VAULT-22046 working search by name
* Some code clean up
* Fix merge conflict
* Add tests
* Fetch messages again after creation
* UI: [VAULT-22908] Update kv object editor, add max number of messages reached modal, small improvements (#24918)
* Update kv object editor to only use a single row
* continute using kv editype
* Fix failing dashboard tests!
* Fix failing test on sidebranch
* Fix tests and update validations
* Add optional tag
* Address feedback
* Add documentation
* Clear messages when logging out
* Fix tests!
* Add 100 message limit modal
* Add max message modal test
* Do more checks!
* Pair with Claire on the refactor of validator!
* Only show validationerror for multiple rows
* Update pageSize to 100 since when paginations are active it causes accessbility errors
* Fix tests!
* Add links to test
* Make banners dismissable
* Add cancel button
* Address feedback!
* Update test selectors
* Update validator
* Remove validations check in kvobjecteditor
* Revert validationError in kvobjecteditor template
* Put back if/else statements for link
* Add changelog
* UI: fix link bug and add colors (#24977)
* Fix edit bug and put transform back
* Edit badgeColor
* Add tests
* Revert changes to transform
* Edit badge colors
* remove universal object transform
* Update changelog filename
* UI: Add form inline warning (#24986)
* Add form inline warning
* Remove title
* Only show form warning for unauth
* Address feedback!
* Fix UI when editing database roles
When using a database role the UI will try to update the database connection
associated to the role. This is to make sure that the role is allowed to
use this connection:
async _updateAllowedRoles(store, { role, backend, db, type = 'add' }) {
const connection = await store.queryRecord('database/connection', { backend, id: db });
const roles = [...connection.allowed_roles];
const allowedRoles = type === 'add' ? addToArray([roles, role]) : removeFromArray([roles, role]);
connection.allowed_roles = allowedRoles;
return connection.save();
},
async createRecord(store, type, snapshot) {
const serializer = store.serializerFor(type.modelName);
const data = serializer.serialize(snapshot);
const roleType = snapshot.attr('type');
const backend = snapshot.attr('backend');
const id = snapshot.attr('name');
const db = snapshot.attr('database');
try {
await this._updateAllowedRoles(store, {
role: id,
backend,
db: db[0],
});
} catch (e) {
throw new Error('Could not update allowed roles for selected database. Check Vault logs for details');
}
return this.ajax(this.urlFor(backend, id, roleType), 'POST', { data }).then(() => {
// ember data doesn't like 204s if it's not a DELETE
return {
data: assign({}, data, { id }),
};
});
},
This is intended to help the administrator as the role will only work if
it is allowed by the database connection.
This is however an issue if the person doing the update does not have
the permission to update the connection: they will not be able to use
the UI to update the role even though they have the appropriate permissions
to do so (using the CLI or the API will work for example).
This is often the case when the database connections are created by a
centralized system but a human operator needs to create the roles.
You can try this with the following test case:
$ cat main.tf
resource "vault_auth_backend" "userpass" {
type = "userpass"
}
resource "vault_generic_endpoint" "alice" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/alice"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : ["root"],
"password" : "alice"
})
}
data "vault_policy_document" "db_admin" {
rule {
path = "database/roles/*"
capabilities = ["create", "read", "update", "delete", "list"]
}
}
resource "vault_policy" "db_admin" {
name = "db-admin"
policy = data.vault_policy_document.db_admin.hcl
}
resource "vault_generic_endpoint" "bob" {
depends_on = [vault_auth_backend.userpass]
path = "auth/userpass/users/bob"
ignore_absent_fields = true
data_json = jsonencode({
"policies" : [vault_policy.db_admin.name],
"password" : "bob"
})
}
resource "vault_mount" "db" {
path = "database"
type = "database"
}
resource "vault_database_secret_backend_connection" "postgres" {
backend = vault_mount.db.path
name = "postgres"
allowed_roles = ["*"]
verify_connection = false
postgresql {
connection_url = "postgres://username:password@localhost/database"
}
}
$ terraform apply --auto-approve
then using bob to create a role associated to the `postgres` connection.
This patch changes the way the UI does the update: it still tries to
update the database connection but if it fails to do so because it does not
have the permission it just silently skip this part and updates the role.
This also update the error message returned to the user in case of issues
to include the actual errors.
* Add changelog
* Also ignore error when deleting a role
* Address code review comments
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
