mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-20 20:05:14 +00:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
76 lines
2.3 KiB
JavaScript
76 lines
2.3 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import Model, { attr } from '@ember-data/model';
|
|
import { withFormFields } from 'vault/decorators/model-form-fields';
|
|
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
|
|
|
|
@withFormFields()
|
|
export default class PkiConfigAcmeModel extends Model {
|
|
// This model uses the backend value as the model ID
|
|
get useOpenAPI() {
|
|
return true;
|
|
}
|
|
|
|
getHelpUrl(backendPath) {
|
|
return `/v1/${backendPath}/config/acme?help=1`;
|
|
}
|
|
|
|
// attrs order in the form is determined by order here
|
|
|
|
@attr('boolean', {
|
|
label: 'ACME enabled',
|
|
subText: 'When ACME is disabled, all requests to ACME directory URLs will return 404.',
|
|
})
|
|
enabled;
|
|
|
|
@attr('string', {
|
|
subText:
|
|
"Specifies the behavior of the default ACME directory. Can be 'forbid', 'sign-verbatim' or a role given by 'role:<role_name>'. If a role is used, it must be present in 'allowed_roles'.",
|
|
})
|
|
defaultDirectoryPolicy;
|
|
|
|
@attr('array', {
|
|
editType: 'stringArray',
|
|
subText:
|
|
"The default value '*' allows every role within the mount to be used. If the default_directory_policy specifies a role, it must be allowed under this configuration.",
|
|
})
|
|
allowedRoles;
|
|
|
|
@attr('boolean', {
|
|
label: 'Allow role ExtKeyUsage',
|
|
subText:
|
|
"When enabled, respect the role's ExtKeyUsage flags. Otherwise, ACME certificates are forced to ServerAuth.",
|
|
})
|
|
allowRoleExtKeyUsage;
|
|
|
|
@attr('array', {
|
|
editType: 'stringArray',
|
|
subText:
|
|
"Specifies a list of issuers allowed to issue certificates via explicit ACME paths. If an allowed role specifies an issuer outside this list, it will be allowed. The default value '*' allows every issuer within the mount.",
|
|
})
|
|
allowedIssuers;
|
|
|
|
@attr('string', {
|
|
label: 'EAB policy',
|
|
possibleValues: ['not-required', 'new-account-required', 'always-required'],
|
|
})
|
|
eabPolicy;
|
|
|
|
@attr('string', {
|
|
label: 'DNS resolver',
|
|
subText:
|
|
'An optional overriding DNS resolver to use for challenge verification lookups. When not specified, the default system resolver will be used. This allows domains on peered networks with an accessible DNS resolver to be validated.',
|
|
})
|
|
dnsResolver;
|
|
|
|
@lazyCapabilities(apiPath`${'id'}/config/acme`, 'id')
|
|
acmePath;
|
|
|
|
get canSet() {
|
|
return this.acmePath.get('canUpdate') !== false;
|
|
}
|
|
}
|