mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-10-29 17:52:32 +00:00
df66c4d338
* OIDC Config Routing (#16028) * adds oidc config routes * renames oidc applications route to clients * UI/vault 6646/landing page (#16069) * add to sidebar * add landing image and text * add permissions * add permissions to permissions service * remove comment * fix. * UI/OIDC models (#16091) * add models and fix routing * add ClientsCreate route * remove form functions from client model * update comment * address comments, cleanup models * add comment * OIDC Adapters and Serializers (#16120) * adds named-path base adapter * adds oidc adapters with tests * adds oidc serializers * fixes issue with supported_scopes relationship in oidc provider model * make radio card size flex (#16125) * OIDC config details routes (#16126) * adds details routes for oidc config resources * adds details templates for oidc config resources * OIDC parent route and index redirection (#16139) * adds parent oidc route with header and adds redirection if clients have been created * updates learn link * adds findRecord override to named-path adapter (#16145) * OIDC Scope Create/Edit View (#16174) * adds oidc scope-form to create and edit views * moves oidc header set logic from route to controller * OIDC Scope Details View (#16191) * adds oidc scope details view * removes disabled arg from scope delete confirm action * updates oidc scope template params link to use DocLink and adds success message on scope create success * updates oidc scope delete confirm action copy * adds oidc scopes list (#16196) * UI/vault 6655/OIDC create view (#16331) * setup header * wip * wip * wip * validations * error validations * cleanup * wip * fix error * clean up * handle modelValidations * add documentation on the decorator * remove spread attrs * first test and some fixes * halfway with test * fix error where the data object was sending param entiyIds and not entity_ids * validations or situation * fix test * small nit: * test if this fixes the test * fix * cleanup * nit * Assignments Update/Edit View (#16412) * wip * fix * render search-select after promise is fulfilled * add test coverage Co-authored-by: clairebontempo@gmail.com <cbontempo@hashicorp.com> * Added list view for keys (#16454) * Added list view for providers (#16442) * Added list view for providers * Removed check for model data length * Added new line at end of file * Fixed linting issues causing ui tests to fail * Added list view for application (#16469) * UI/remove has many relationship (#16470) * remove hasMany from models * remove relationships from assignments create form * update tests * Assignment list view (#16340) * inital setup * handle default allow all * add learn more link * Fixed the default allow_all for assignment list view to match Figma design * Fixed linting * Fixed hbs file syntax Co-authored-by: linda9379 <linda.jiang@hashicorp.com> * configure mirage and helper (#16482) * UI/OIDC client form (#16131) * WIP client form * wip * still WIP * fix form!; * remove computeds, cache form attrs instead * update scope form component name * add white space validation * add validations, cleanup * add edit form * fix link to in edit form * disable edit form * fix linkto * wip/ search select filter * WIP/search-select bug * fix assignment save * delete old modal js file * glimmerize/create new search select modal component * component cleanup * fix bugginess * fix search select and radio select action * add tests * revert some test changes * oops, removed test tag * add key list to response * fix test * move search select component to separate PR, revert changes * one more revert * remove oidc helper from this pr * remove hasMany relationship * minor cleanup * update assignment form to use fallback * fix allow_all appearing in dropdown on edit (#16508) * UI/ OIDC Application (client) details view (#16507) * fix test * finish details page * finish details view * clean u[ * fix typo * configure oidc mirage handler for tests * remove params, add new route instead * fix headers * remove console.log * remove controller/template reliance on tracked variable * rename variable * UI/Client route acceptance tests - fixed branch (#16654) * WIP client route tests * refactor client form so clientType is not edit-able * fix ttl in client form * wip// more acceptance tests and tags for hbs files * fix typo * fix syntax error * finish tests * fix client form test * resolve commits * update form test * OIDC Assignments Details view. (#16511) * setup * cleanup * view all fix * wip setting up tabs * wip * revert to no queryParam or tabs * add the read more component and styling * rename folder * cleanup * fix * UI/OIDC providers create/edit route (#16612) * update to use DocLink component * provider create form * cleaup * add formt est * revert label text * update doclink test * disallow new scopes from ss * fix test typo * fix provider form flash message * add period * test new form field attr * refactor form input * fix edit portion of issuer field * add test selector to new input field * add comment * Cleanup OIDC Config Mirage handler (#16674) * cleaup mirage * change to .then * pull out into config file * Scope acceptance tests (#16707) * Started writing acceptance tests * Added some more acceptance tests * Added tags for hbs and more tests * Modified variable names in scope form test * Fixed tests and linting * UI/OIDC Provider read view (#16632) * add providers/provider/client route * provider details view * add disabled button and tooltip for default * add toolbar separators * revert unrelated change * query all client records and filter by allowed client id" * refactor adapter to filter for clientId * cleanup adapter method * update test * refactor test * fix tests to accommodate for serializer change * update empty state message * fix linting * metadata for client list view (#16725) * Added metadata for list view in clients * Fixed linting * Fixed failing ui test * fix scopes and clients tests (#16768) * Initial fix of tests * Fixed failing scopes and clients acceptance tests * Fixed linting * UI: Key create/edit form (#16729) * add route models * add forms * add test * remove helperText attr * metadata for provider list view (#16738) * Added meta-data for provider list view * Added comment for serializer * Fixed import path for scopes and clients acceptance test files * UI/Add client ids to search select (#16744) * WIP use clientID instead of name * add client ids to search select * remove provider form component changes * fix search select on edit * cleanup comments and method * fix adapter query method * clean up comments * add test * remove destructuring so linting passes * fix tests * add accidentally deleted param * add clarifying comments * cleanup * change how shouldRenderName is set * cleanup tests * address comments * OIDC Assignment Acceptance tests (#16741) * test and fixes * merge stuff * fix * fixes * add waituntil * inconsistent nav issue * fixes * blah * UI/Key details view (#16776) * add details view * reformat model file * todo for when listing applications * add comment * update key form with refactored search select * add applications list * update test * update test * add names to flash messages * add rollbackAttributes to delete catch (#16796) * UI: Checks if records exists before creating record when URL contains :name (#16823) * check for record existing in createRecord * use error banner instead of flash messages for forms * add inline form message for validations * add error count message to inlinealert * add test for adapter * add tests * remove unused vars * UI: Disable limiting clients when creating key, filter clients when editing (#16926) * add tooltip to disabled radio button * pass query object to search select * update copy * add comment * cleanup console log and comment * fix tests * revert change because addressed in other pr * fix diff * fix test * UI: Add redirect when last client is deleted (#16927) * afterModel redirect if no models exist * fix test * change space * fix incorrect text * UI: Add InfoTooltip to selected 'ghost' client_ids (#16942) * return option if undefined * add info tooltip to search select * change word * add test * UI: OIDC config keys acceptance tests (#16968) * add keys test * update other oidc tests * remove-search select comment * UI: Filter Client providers list view (#17027) * pass param to adapter * add test * UI: OIDC Config Acceptance Tests (#17050) * WIP/provider acceptance tests" * WIP/this commit breaks lots of things * fix tests * update test selectors * combine key and client tests * cleanup clients and keys test * finish tests * small tidying * UI: Remove trailing comma from scopes, provider details page (#17069) * use info table row to cleanup scope logic * infotableitemarray cleanup * tidying * add changelog * teeny little empty state * fix wildcard string helper not working Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Angel Garbarino <argarbarino@gmail.com> Co-authored-by: linda9379 <57650314+linda9379@users.noreply.github.com> Co-authored-by: linda9379 <linda.jiang@hashicorp.com>
203 lines
7.4 KiB
JavaScript
203 lines
7.4 KiB
JavaScript
import Model, { attr } from '@ember-data/model';
|
|
import { computed } from '@ember/object';
|
|
import { alias, or } from '@ember/object/computed';
|
|
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
|
|
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
|
|
import { AVAILABLE_PLUGIN_TYPES } from '../../utils/database-helpers';
|
|
|
|
/**
|
|
* fieldsToGroups helper fn
|
|
* @param {array} arr any subset of "fields" from AVAILABLE_PLUGIN_TYPES
|
|
* @param {*} key item by which to group the fields. If item has no group it will be under "default"
|
|
* @returns array of objects where the key is default or the name of the option group, and the value is an array of attr names
|
|
*/
|
|
const fieldsToGroups = function (arr, key = 'subgroup') {
|
|
const fieldGroups = [];
|
|
const byGroup = arr.reduce(function (rv, x) {
|
|
(rv[x[key]] = rv[x[key]] || []).push(x);
|
|
return rv;
|
|
}, {});
|
|
Object.keys(byGroup).forEach((key) => {
|
|
const attrsArray = byGroup[key].map((obj) => obj.attr);
|
|
const group = key === 'undefined' ? 'default' : key;
|
|
fieldGroups.push({ [group]: attrsArray });
|
|
});
|
|
return fieldGroups;
|
|
};
|
|
|
|
export default Model.extend({
|
|
backend: attr('string', {
|
|
readOnly: true,
|
|
}),
|
|
// required
|
|
name: attr('string', {
|
|
label: 'Connection name',
|
|
}),
|
|
plugin_name: attr('string', {
|
|
label: 'Database plugin',
|
|
possibleValues: AVAILABLE_PLUGIN_TYPES,
|
|
noDefault: true,
|
|
}),
|
|
|
|
// standard
|
|
verify_connection: attr('boolean', {
|
|
label: 'Connection will be verified',
|
|
defaultValue: true,
|
|
}),
|
|
allowed_roles: attr('array', {
|
|
readOnly: true,
|
|
}),
|
|
password_policy: attr('string', {
|
|
label: 'Use custom password policy',
|
|
editType: 'optionalText',
|
|
subText: 'Specify the name of an existing password policy.',
|
|
defaultSubText:
|
|
'Unless a custom policy is specified, Vault will use a default: 20 characters with at least 1 uppercase, 1 lowercase, 1 number, and 1 dash character.',
|
|
defaultShown: 'Default',
|
|
docLink: '/docs/concepts/password-policies',
|
|
}),
|
|
|
|
// common fields
|
|
connection_url: attr('string', {
|
|
label: 'Connection URL',
|
|
subText:
|
|
'The connection string used to connect to the database. This allows for simple templating of username and password of the root user in the {{field_name}} format.',
|
|
}),
|
|
url: attr('string', {
|
|
label: 'URL',
|
|
subText: `The URL for Elasticsearch's API ("https://localhost:9200").`,
|
|
}),
|
|
username: attr('string', {
|
|
subText: `The name of the user to use as the "root" user when connecting to the database.`,
|
|
}),
|
|
password: attr('string', {
|
|
subText: 'The password to use when connecting with the above username.',
|
|
editType: 'password',
|
|
}),
|
|
|
|
// optional
|
|
ca_cert: attr('string', {
|
|
label: 'CA certificate',
|
|
subText: `The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.`,
|
|
}),
|
|
ca_path: attr('string', {
|
|
label: 'CA path',
|
|
subText: `The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.`,
|
|
}),
|
|
client_cert: attr('string', {
|
|
label: 'Client certificate',
|
|
subText: 'The path to the certificate for the Elasticsearch client to present for communication.',
|
|
}),
|
|
client_key: attr('string', {
|
|
subText: 'The path to the key for the Elasticsearch client to use for communication.',
|
|
}),
|
|
hosts: attr('string', {}),
|
|
host: attr('string', {}),
|
|
port: attr('string', {}),
|
|
write_concern: attr('string', {
|
|
subText: 'Optional. Must be in JSON. See our documentation for help.',
|
|
allowReset: true,
|
|
editType: 'json',
|
|
theme: 'hashi short',
|
|
defaultShown: 'Default',
|
|
}),
|
|
username_template: attr('string', {
|
|
editType: 'optionalText',
|
|
subText: 'Enter the custom username template to use.',
|
|
defaultSubText:
|
|
'Template describing how dynamic usernames are generated. Vault will use the default for this plugin.',
|
|
docLink: '/docs/concepts/username-templating',
|
|
defaultShown: 'Default',
|
|
}),
|
|
max_open_connections: attr('number', {
|
|
defaultValue: 4,
|
|
}),
|
|
max_idle_connections: attr('number', {
|
|
defaultValue: 0,
|
|
}),
|
|
max_connection_lifetime: attr('string', {
|
|
defaultValue: '0s',
|
|
}),
|
|
insecure: attr('boolean', {
|
|
label: 'Disable SSL verification',
|
|
defaultValue: false,
|
|
}),
|
|
tls: attr('string', {
|
|
label: 'TLS Certificate Key',
|
|
helpText:
|
|
'x509 certificate for connecting to the database. This must be a PEM encoded version of the private key and the certificate combined.',
|
|
editType: 'file',
|
|
}),
|
|
tls_ca: attr('string', {
|
|
label: 'TLS CA',
|
|
helpText:
|
|
'x509 CA file for validating the certificate presented by the MongoDB server. Must be PEM encoded.',
|
|
editType: 'file',
|
|
}),
|
|
tls_server_name: attr('string', {
|
|
label: 'TLS server name',
|
|
subText: 'If set, this name is used to set the SNI host when connecting via 1TLS.',
|
|
}),
|
|
root_rotation_statements: attr({
|
|
subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`,
|
|
editType: 'stringArray',
|
|
defaultShown: 'Default',
|
|
}),
|
|
|
|
isAvailablePlugin: computed('plugin_name', function () {
|
|
return !!AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name);
|
|
}),
|
|
|
|
showAttrs: computed('plugin_name', function () {
|
|
const fields = AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name)
|
|
.fields.filter((f) => f.show !== false)
|
|
.map((f) => f.attr);
|
|
fields.push('allowed_roles');
|
|
return expandAttributeMeta(this, fields);
|
|
}),
|
|
|
|
fieldAttrs: computed('plugin_name', function () {
|
|
// for both create and edit fields
|
|
let fields = ['plugin_name', 'name', 'connection_url', 'verify_connection', 'password_policy'];
|
|
if (this.plugin_name) {
|
|
fields = AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name)
|
|
.fields.filter((f) => !f.group)
|
|
.map((field) => field.attr);
|
|
}
|
|
return expandAttributeMeta(this, fields);
|
|
}),
|
|
|
|
pluginFieldGroups: computed('plugin_name', function () {
|
|
if (!this.plugin_name) {
|
|
return null;
|
|
}
|
|
let pluginFields = AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name).fields.filter(
|
|
(f) => f.group === 'pluginConfig'
|
|
);
|
|
let groups = fieldsToGroups(pluginFields, 'subgroup');
|
|
return fieldToAttrs(this, groups);
|
|
}),
|
|
|
|
statementFields: computed('plugin_name', function () {
|
|
if (!this.plugin_name) {
|
|
return expandAttributeMeta(this, ['root_rotation_statements']);
|
|
}
|
|
let fields = AVAILABLE_PLUGIN_TYPES.find((a) => a.value === this.plugin_name)
|
|
.fields.filter((f) => f.group === 'statements')
|
|
.map((field) => field.attr);
|
|
return expandAttributeMeta(this, fields);
|
|
}),
|
|
|
|
/* CAPABILITIES */
|
|
editConnectionPath: lazyCapabilities(apiPath`${'backend'}/config/${'id'}`, 'backend', 'id'),
|
|
canEdit: alias('editConnectionPath.canUpdate'),
|
|
canDelete: alias('editConnectionPath.canDelete'),
|
|
resetConnectionPath: lazyCapabilities(apiPath`${'backend'}/reset/${'id'}`, 'backend', 'id'),
|
|
canReset: or('resetConnectionPath.canUpdate', 'resetConnectionPath.canCreate'),
|
|
rotateRootPath: lazyCapabilities(apiPath`${'backend'}/rotate-root/${'id'}`, 'backend', 'id'),
|
|
canRotateRoot: or('rotateRootPath.canUpdate', 'rotateRootPath.canCreate'),
|
|
rolePath: lazyCapabilities(apiPath`${'backend'}/role/*`, 'backend'),
|
|
staticRolePath: lazyCapabilities(apiPath`${'backend'}/static-role/*`, 'backend'),
|
|
canAddRole: or('rolePath.canCreate', 'staticRolePath.canCreate'),
|
|
});
|