mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 11:38:02 +00:00
a8b593614e
* adds ldap ember engine (#20786) * adds ldap as mountable and supported secrets engine (#20793) * removes active directory as mountable secrets engine (#20798) * LDAP Config Ember Data Setup (#20863) * adds secret-engine-path adapter * adds model, adapater and serializer for ldap config * adds test for ldap config adapter * addresses PR feedback * updates remaining instances of getURL in secrets-engine-path adapter * adds underscore to getURL method in kubernetes/config adapter * adds check config vars test for kubernetes/config adapter * adds comment regarding primaryKey in secrets-engine-path adapter * adds tab-page-header component for ldap secrets engine (#20941) * LDAP Config Route (#21059) * converts secret-mount-path service to ts and moves kubernetes fetch-config decorator to core addon and converts to ts * adds ldap config route * fixes withConfig import path in kubernetes roles route * updates types in ldap config route * adds unit tests for fetch-secret-config decorator * updates comments in fetch-secret-config decorator * renames fetch-secret-config decorator * LDAP Configure Page Component (#21384) * adds ldap page configure component * removes pauseTest and updates radio card selector in ldap config test * LDAP Configuration (#21430) * adds ldap configuration route * adds secrets-engine-mount-config component to core addon * adds ldap config-cta component * adds display fields to ldap configuration page and test * fixes ldap config-cta test * adds yield to secrets-engine-mount-config component * fixes tests * LDAP Overview Route and Page Component (#21579) * adds ldap overview route and page component * changes toolbar link action type for create role on overview page * LDAP Role Model, Adapter and Serializer (#21655) * adds model, adapter and serializer for ldap roles * addresses review feedback * changes ldap role type from tracked prop to attr and sets in adapter for query methods * adds assertions to verify that frontend only props are returned from query methods in ldap role adapter * LDAP Library Model, Adapter and Serializer (#21728) * adds model, adapter and serializer for ldap library * updates capitalization and punction for ldap role and library form fields * LDAP Roles Create and Edit (#21818) * moves stringify and jsonify helpers to core addon * adds validation error for ttl picker in form field component * adds ldap roles create and edit routes and page component * adds ldap mirage handler and factory for roles * adds example workflow to json editor component * adds tests for ldap page create and edit component * addresses feedback * LDAP Role Details (#22036) * adds ldap role route to pass down model to child routes * adds ldap role details route and page component * updates ldap role model capabilities checks * adds periods to error messages * removes modelFor from ldap roles edit and details routes * adds flash message on ldap role delete success * LDAP Roles (#22070) * adds ldap roles route and page component * update ldap role adapter tests and adds adapter options to query for partialErrorInfo * updates ldap role adapter based on PR feedback * adds filter-input component to core addon * updates ldap roles page to use filter-input component * updates ldap role adapter tests * LDAP Role Credentials (#22142) * adds ldap roles route and page component * update ldap role adapter tests and adds adapter options to query for partialErrorInfo * adds credentials actions to ldap roles list menu and fixes rotate action in details view * adds ldap role credentials route and page component * adds tests for ldap role credentials * LDAP Library Create and Edit (#22171) * adds ldap library create/edit routes and page component * adds ldap library create-and-edit tests and library mirage factory * updates form-field component to display validation errors and warnings for all fields * updates ldap library edit route class name * updates ldap library model interface name * adds missing period in flash message * LDAP Libraries (#22184) * updates interface and class names in ldap roles route * adds ldap libraries route and page component * fixes lint error * LDAP Library Details (#22200) * updates interface and class names in ldap roles route * adds ldap libraries route and page component * fixes lint error * adds ldap library details route and page component * LDAP Library Details Configuration (#22201) * updates interface and class names in ldap roles route * adds ldap libraries route and page component * fixes lint error * adds ldap library details route and page component * adds ldap library details configuration route and page component * updates ldap library check-in enforcement value mapping * fixes issue in code mirror modifier after merging upgrade * fixes failing database secrets test * LDAP Library Account Details (#22287) * adds route and page component for ldap library accounts * adds ldap component for checked out accounts * updates ldap library adapter tests * LDAP Library Check-out (#22289) * adds route and page component for ldap library accounts * adds ldap component for checked out accounts * adds route and page component for ldap library checkout * addresses PR feedback * LDAP Overview Cards (#22325) * adds overview cards to ldap overview route * adds create library toolbar action to ldap overview route * adds acceptance tests for ldap workflows (#22375) * Fetch Secrets Engine Config Decorator Docs (#22416) * removes uneccesary asyncs from ldap route model hooks * updates ldap overview route class name * adds documentation for fetch-secrets-engine-config decorator * add changelog * adding back external links, missed due to merge. * changelog * fix test after merging in dashboard work * Update 20790.txt --------- Co-authored-by: Angel Garbarino <angel@hashicorp.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>
93 lines
3.3 KiB
JavaScript
93 lines
3.3 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: MPL-2.0
|
|
*/
|
|
|
|
import NamedPathAdapter from 'vault/adapters/named-path';
|
|
import { encodePath } from 'vault/utils/path-encoding-helpers';
|
|
import { inject as service } from '@ember/service';
|
|
|
|
export default class LdapRoleAdapter extends NamedPathAdapter {
|
|
@service flashMessages;
|
|
|
|
getURL(backend, path, name) {
|
|
const base = `${this.buildURL()}/${encodePath(backend)}/${path}`;
|
|
return name ? `${base}/${name}` : base;
|
|
}
|
|
pathForRoleType(type, isCred) {
|
|
const staticPath = isCred ? 'static-cred' : 'static-role';
|
|
const dynamicPath = isCred ? 'creds' : 'role';
|
|
return type === 'static' ? staticPath : dynamicPath;
|
|
}
|
|
|
|
urlForUpdateRecord(name, modelName, snapshot) {
|
|
const { backend, type } = snapshot.record;
|
|
return this.getURL(backend, this.pathForRoleType(type), name);
|
|
}
|
|
urlForDeleteRecord(name, modelName, snapshot) {
|
|
const { backend, type } = snapshot.record;
|
|
return this.getURL(backend, this.pathForRoleType(type), name);
|
|
}
|
|
|
|
async query(store, type, query, recordArray, options) {
|
|
const { showPartialError } = options.adapterOptions || {};
|
|
const { backend } = query;
|
|
const roles = [];
|
|
const errors = [];
|
|
|
|
for (const roleType of ['static', 'dynamic']) {
|
|
const url = this.getURL(backend, this.pathForRoleType(roleType));
|
|
try {
|
|
const models = await this.ajax(url, 'GET', { data: { list: true } }).then((resp) => {
|
|
return resp.data.keys.map((name) => ({ name, backend, type: roleType }));
|
|
});
|
|
roles.addObjects(models);
|
|
} catch (error) {
|
|
if (error.httpStatus !== 404) {
|
|
errors.push(error);
|
|
}
|
|
}
|
|
}
|
|
|
|
if (errors.length) {
|
|
const errorMessages = errors.reduce((errors, e) => {
|
|
e.errors.forEach((error) => {
|
|
errors.push(`${e.path}: ${error}`);
|
|
});
|
|
return errors;
|
|
}, []);
|
|
if (errors.length === 2) {
|
|
// throw error as normal if both requests fail
|
|
// ignore status code and concat errors to be displayed in Page::Error component with generic message
|
|
throw { message: 'Error fetching roles:', errors: errorMessages };
|
|
} else if (showPartialError) {
|
|
// if only one request fails, surface the error to the user an info level flash message
|
|
// this may help for permissions errors where a users policy may be incorrect
|
|
this.flashMessages.info(`Error fetching roles from ${errorMessages.join(', ')}`);
|
|
}
|
|
}
|
|
|
|
return roles.sortBy('name');
|
|
}
|
|
queryRecord(store, type, query) {
|
|
const { backend, name, type: roleType } = query;
|
|
const url = this.getURL(backend, this.pathForRoleType(roleType), name);
|
|
return this.ajax(url, 'GET').then((resp) => ({ ...resp.data, backend, name, type: roleType }));
|
|
}
|
|
|
|
fetchCredentials(backend, type, name) {
|
|
const url = this.getURL(backend, this.pathForRoleType(type, true), name);
|
|
return this.ajax(url, 'GET').then((resp) => {
|
|
if (type === 'dynamic') {
|
|
const { lease_id, lease_duration, renewable } = resp;
|
|
return { ...resp.data, lease_id, lease_duration, renewable, type };
|
|
}
|
|
return { ...resp.data, type };
|
|
});
|
|
}
|
|
rotateStaticPassword(backend, name) {
|
|
const url = this.getURL(backend, 'rotate-role', name);
|
|
return this.ajax(url, 'POST');
|
|
}
|
|
}
|