mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
3abca46464
* manual cherry pick to deal with all the merge things * changelog * test fixes * Update 28148.txt * fix tests failures after main merge * fix test failures after main merge * Add Access Type and conditionally render WIF fields (#28149) * initial work. * remove access_type * better no model logic well kind of * rollback attrs * remove defaults * stopping point * wip changing back to sidebranch * hustling shuffling and serializing * some of the component test coverage * disable acces type if editing * test coverage * hide max retries that sneaky bugger * cleanup * cleanup * Update root-config.js * remove flash message check, locally passes great but on ci flaky * clean up * thank you chelsea * test clean up per enterprise vs community * address pr comments * welp a miss add * UI (sidebranch) WIF Issuer field (#28187) * Add type declaration files for aws config models * use updated task syntax for save method on configure-aws * fix types on edit route * fetch issuer on configure edit page if aws + enterprise * track issuer within configure-aws component * add placeholder support on form-field * Add warning if issuer changed from previous value or could not be read * cleanup * preliminary tests * dont use while loop so we can test the modal * tests * cleanup * fix tests * remove extra tracked value and duplicate changed attrs check * modal footer --------- Co-authored-by: Angel Garbarino <argarbarino@gmail.com> * Display issuer on Configuration details (#28209) * display issuer on configuration details * workflow complete, now on to testing * handle issuer things * fix all the broken tests things * add test coveragE: * cleanup * rename model/adapter * Update configure-aws.ts * Update aws-configuration-test.js * 90 percent there for pr comments * last one for tonight * a few more because why not * hasDirtyAttributes fixes * revert back to previous noRead->queryIssuerError --------- Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
37 lines
1.0 KiB
TypeScript
37 lines
1.0 KiB
TypeScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
// This is policy can mount a secret engine
|
|
// and list and create oidc keys, relevant for setting identity_key_token for WIF
|
|
export const adminOidcCreateRead = (mountPath: string) => {
|
|
return `
|
|
path "sys/mounts/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "identity/oidc/key/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "${mountPath}/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
`;
|
|
};
|
|
|
|
// This policy can mount the engine
|
|
// But does not have access to oidc/key list or read
|
|
export const adminOidcCreate = (mountPath: string) => {
|
|
return `
|
|
path "sys/mounts/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "${mountPath}/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
},
|
|
path "identity/oidc/key/*" {
|
|
capabilities = ["create", "update"]
|
|
},
|
|
`;
|
|
};
|