scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b8d8fb4ffe7e305847cfed2fd859d78adb53f96
vault/ui/app/models/database/connection.js
Alexandr Hacicheant 2f95a73d1d Updated description of the field (#29146) 
Co-authored-by: akshya96 <87045294+akshya96@users.noreply.github.com>
2025-01-08 20:32:41 +00:00

268 lines
10 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import Model, { attr } from '@ember-data/model';
import { computed } from '@ember/object';
import { alias, or } from '@ember/object/computed';
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
import { AVAILABLE_PLUGIN_TYPES } from '../../utils/model-helpers/database-helpers';
import { service } from '@ember/service';
/**
* fieldsToGroups helper fn
* @param {array} arr any subset of "fields" from AVAILABLE_PLUGIN_TYPES
* @param {*} key item by which to group the fields. If item has no group it will be under "default"
* @returns array of objects where the key is default or the name of the option group, and the value is an array of attr names
*/
const fieldsToGroups = function (arr, key = 'subgroup') {
const fieldGroups = [];
const byGroup = arr.reduce(function (rv, x) {
(rv[x[key]] = rv[x[key]] || []).push(x);
return rv;
}, {});
Object.keys(byGroup).forEach((key) => {
const attrsArray = byGroup[key].map((obj) => obj.attr);
const group = key === 'undefined' ? 'default' : key;
fieldGroups.push({ [group]: attrsArray });
});
return fieldGroups;
};
export default Model.extend({
version: service(),
backend: attr('string', {
readOnly: true,
}),
// required
name: attr('string', {
label: 'Connection name',
}),
plugin_name: attr('string', {
label: 'Database plugin',
possibleValues: AVAILABLE_PLUGIN_TYPES,
noDefault: true,
}),
// standard
verify_connection: attr('boolean', {
label: 'Connection will be verified',
defaultValue: true,
}),
allowed_roles: attr('array'),
password_policy: attr('string', {
label: 'Use custom password policy',
editType: 'optionalText',
subText: 'Specify the name of an existing password policy.',
defaultSubText:
'Unless a custom policy is specified, Vault will use a default: 20 characters with at least 1 uppercase, 1 lowercase, 1 number, and 1 dash character.',
defaultShown: 'Default',
docLink: '/vault/docs/concepts/password-policies',
}),
// common fields
connection_url: attr('string', {
label: 'Connection URL',
subText:
'The connection string used to connect to the database. This allows for simple templating of username and password of the root user in the {{field_name}} format.',
}),
url: attr('string', {
label: 'URL',
subText: `The URL for Elasticsearch's API ("https://localhost:9200").`,
}),
username: attr('string', {
subText: `The name of the user to use as the "root" user when connecting to the database.`,
}),
password: attr('string', {
subText: 'The password to use when connecting with the above username.',
editType: 'password',
}),
disable_escaping: attr('boolean', {
defaultValue: false,
subText: 'Turns off the escaping of special characters inside of the username and password fields.',
docLink: 'https://developer.hashicorp.com/vault/docs/secrets/databases#disable-character-escaping',
}),
// optional
ca_cert: attr('string', {
label: 'CA certificate',
subText: `The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.`,
}),
ca_path: attr('string', {
label: 'CA path',
subText: `The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.`,
}),
client_cert: attr('string', {
label: 'Client certificate',
subText: 'The path to the certificate for the Elasticsearch client to present for communication.',
}),
client_key: attr('string', {
subText: 'The path to the key for the Elasticsearch client to use for communication.',
}),
hosts: attr('string', {}),
host: attr('string', {}),
port: attr('string', {}),
write_concern: attr('string', {
subText: 'Optional. Must be in JSON. See our documentation for help.',
allowReset: true,
editType: 'json',
theme: 'hashi short',
defaultShown: 'Default',
}),
username_template: attr('string', {
editType: 'optionalText',
subText: 'Enter the custom username template to use.',
defaultSubText:
'Template describing how dynamic usernames are generated. Vault will use the default for this plugin.',
docLink: '/vault/docs/concepts/username-templating',
defaultShown: 'Default',
}),
max_open_connections: attr('number', {
defaultValue: 4,
}),
max_idle_connections: attr('number', {
defaultValue: 0,
}),
max_connection_lifetime: attr('string', {
defaultValue: '0s',
}),
insecure: attr('boolean', {
label: 'Disable SSL verification',
defaultValue: false,
}),
password_authentication: attr('string', {
defaultValue: 'password',
editType: 'radio',
subText: 'The default is "password."',
possibleValues: [
{
value: 'password',
helpText:
'Passwords will be sent to PostgreSQL in plaintext format and may appear in PostgreSQL logs as-is.',
},
{
value: 'scram-sha-256',
helpText:
'When set to "scram-sha-256", passwords will be hashed by Vault and stored as-is by PostgreSQL. Using "scram-sha-256" requires a minimum version of PostgreSQL 10.',
},
],
docLink:
'https://developer.hashicorp.com/vault/api-docs/secret/databases/postgresql#password_authentication',
}),
auth_type: attr('string', {
subText: 'If set to "gcp_iam", will enable IAM authentication to a Google CloudSQL instance.',
docLink: 'https://developer.hashicorp.com/vault/api-docs/secret/databases/postgresql#auth_type',
}),
service_account_json: attr('string', {
label: 'Service account JSON',
subText:
'JSON encoded credentials for a GCP Service Account to use for IAM authentication. Requires "auth_type" to be "gcp_iam".',
editType: 'file',
}),
use_private_ip: attr('boolean', {
label: 'Use private IP',
subText:
'Enables the option to connect to CloudSQL Instances with Private IP. Requires auth_type to be "gcp_iam".',
defaultValue: false,
}),
private_key: attr('string', {
helpText: 'The secret key used for the x509 client certificate. Must be PEM encoded.',
editType: 'file',
}),
tls: attr('string', {
label: 'TLS Certificate Key',
helpText:
'x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.',
editType: 'file',
}),
tls_certificate: attr('string', {
label: 'TLS Certificate Key',
helpText: 'The x509 certificate for connecting to the database. Must be PEM encoded.',
editType: 'file',
}),
tls_ca: attr('string', {
label: 'TLS CA',
helpText:
'x509 CA file for validating the certificate presented by the database server. Must be PEM encoded.',
editType: 'file',
}),
tls_server_name: attr('string', {
label: 'TLS server name',
subText: 'If set, this name is used to set the SNI host when connecting via 1TLS.',
}),
root_rotation_statements: attr({
subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`,
editType: 'stringArray',
defaultShown: 'Default',
}),
// ENTERPRISE ONLY
self_managed: attr('boolean', {
subText:
'Allows onboarding static roles with a rootless connection configuration. Mutually exclusive with username and password. If true, will force verify_connection to be false.',
defaultValue: false,
}),
isAvailablePlugin: computed('plugin_name', function () {
return !!AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name);
}),
showAttrs: computed('plugin_name', function () {
const fields = this._filterFields((f) => f.show !== false).map((f) => f.attr);
fields.push('allowed_roles');
return expandAttributeMeta(this, fields);
}),
// for both create and edit fields
fieldAttrs: computed('plugin_name', function () {
let fields = ['plugin_name', 'name', 'connection_url', 'verify_connection', 'password_policy'];
if (this.plugin_name) {
fields = this._filterFields((f) => !f.group).map((f) => f.attr);
}
return expandAttributeMeta(this, fields);
}),
pluginFieldGroups: computed('plugin_name', function () {
if (!this.plugin_name) {
return null;
}
const pluginFields = this._filterFields((f) => f.group === 'pluginConfig');
const groups = fieldsToGroups(pluginFields, 'subgroup');
return fieldToAttrs(this, groups);
}),
statementFields: computed('plugin_name', function () {
if (!this.plugin_name) {
return expandAttributeMeta(this, ['root_rotation_statements']);
}
const fields = this._filterFields((f) => f.group === 'statements').map((f) => f.attr);
return expandAttributeMeta(this, fields);
}),
// after checking for enterprise, filter callback fires and returns
_filterFields(filterCallback) {
const plugin = AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name);
return plugin.fields.filter((field) => {
// return if attribute is enterprise only and we're on community
if (field?.isEnterprise && !this.version.isEnterprise) return false;
// filter by group, or if there isn't a group
return filterCallback(field);
});
},
/* CAPABILITIES */
editConnectionPath: lazyCapabilities(apiPath`${'backend'}/config/${'id'}`, 'backend', 'id'),
canEdit: alias('editConnectionPath.canUpdate'),
canDelete: alias('editConnectionPath.canDelete'),
resetConnectionPath: lazyCapabilities(apiPath`${'backend'}/reset/${'id'}`, 'backend', 'id'),
canReset: or('resetConnectionPath.canUpdate', 'resetConnectionPath.canCreate'),
rotateRootPath: lazyCapabilities(apiPath`${'backend'}/rotate-root/${'id'}`, 'backend', 'id'),
canRotateRoot: or('rotateRootPath.canUpdate', 'rotateRootPath.canCreate'),
rolePath: lazyCapabilities(apiPath`${'backend'}/role/*`, 'backend'),
staticRolePath: lazyCapabilities(apiPath`${'backend'}/static-role/*`, 'backend'),
canAddRole: or('rolePath.canCreate', 'staticRolePath.canCreate'),
});
Reference in New Issue View Git Blame Copy Permalink