mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-05 20:36:26 +02:00
Code Issues Projects Releases Wiki Activity

UI: Add max ttl to acme certificates (#26906)

Browse Source 
* add max ttl to acme

* change test title?

* hide toggle

* update sign-intermediate

* add enforce_leaf_not_after_behavior
This commit is contained in:
claire bontempo 2024-05-09 20:44:21 +01:00 committed by GitHub
parent 28612efd26
commit eabb8e10a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 64 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ui/app/models/pki/config/acme.js
View File

@ -66,6 +66,15 @@ export default class PkiConfigAcmeModel extends Model {
})
dnsResolver;
@attr({
label: 'Max TTL',
editType: 'ttl',
hideToggle: true,
helperTextEnabled:
'Specify the maximum TTL for ACME certificates. Role TTL values will be limited to this value.',
})
maxTtl;
@lazyCapabilities(apiPath`${'id'}/config/acme`, 'id')
acmePath;

6
ui/app/models/pki/sign-intermediate.js
View File

@ -19,6 +19,7 @@ const validations = {
'excludeCnFromSans',
'customTtl',
'notBeforeDuration',
'enforceLeafNotAfterBehavior',
'format',
'permittedDnsDomains',
'maxPathLength',
@ -56,6 +57,11 @@ export default class PkiSignIntermediateModel extends PkiCertificateBaseModel {
})
notBeforeDuration;
@attr('boolean', {
subText: "Do not truncate the NotAfter field, use the issuer's configured leaf_not_after_behavior",
})
enforceLeafNotAfterBehavior;
@attr({
label: 'Permitted DNS domains',
subText:

1
ui/lib/pki/addon/components/page/pki-configuration-details.hbs
View File

@ -42,6 +42,7 @@
<InfoTableRow
@label={{or attr.options.label (humanize (dasherize attr.name))}}
@value={{or (get @acme attr.name) "None"}}
@formatTtl={{eq attr.options.editType "ttl"}}
/>
{{/each}}
{{/if}}

67
ui/tests/acceptance/open-api-path-help-test.js
View File

@ -19,46 +19,49 @@ import expectedAuthAttrs from 'vault/tests/helpers/openapi/expected-auth-attrs';
* if it is not updated automatically or is a more involved feature request.
* Marked as enterprise so it only runs periodically
*/
module('Acceptance | OpenAPI provides expected attributes enterprise', function (hooks) {
setupApplicationTest(hooks);
hooks.beforeEach(function () {
this.pathHelp = this.owner.lookup('service:pathHelp');
this.store = this.owner.lookup('service:store');
return authPage.login();
});
// Secret engines that use OpenAPI
['ssh', 'kmip', 'pki'].forEach(function (testCase) {
return module(`${testCase} engine`, function (hooks) {
hooks.beforeEach(async function () {
this.backend = `${testCase}-openapi`;
await runCmd(mountEngineCmd(testCase, this.backend), false);
});
hooks.afterEach(async function () {
await runCmd(deleteEngineCmd(this.backend), false);
});
secretEngineHelper(test, testCase);
module(
'Acceptance | Heads up - backend param changes! Expected OpenAPI attributes enterprise',
function (hooks) {
setupApplicationTest(hooks);
hooks.beforeEach(function () {
this.pathHelp = this.owner.lookup('service:pathHelp');
this.store = this.owner.lookup('service:store');
return authPage.login();
});
});
// All auth backends use OpenAPI except aws
['azure', 'userpass', 'cert', 'gcp', 'github', 'jwt', 'kubernetes', 'ldap', 'okta', 'radius'].forEach(
function (testCase) {
return module(`${testCase} auth`, function (hooks) {
// Secret engines that use OpenAPI
['ssh', 'kmip', 'pki'].forEach(function (testCase) {
return module(`${testCase} engine`, function (hooks) {
hooks.beforeEach(async function () {
this.mount = `${testCase}-openapi`;
await runCmd(mountAuthCmd(testCase, this.mount), false);
this.backend = `${testCase}-openapi`;
await runCmd(mountEngineCmd(testCase, this.backend), false);
});
hooks.afterEach(async function () {
await runCmd(deleteAuthCmd(this.backend), false);
await runCmd(deleteEngineCmd(this.backend), false);
});
authEngineHelper(test, testCase);
secretEngineHelper(test, testCase);
});
}
);
});
});
// All auth backends use OpenAPI except aws
['azure', 'userpass', 'cert', 'gcp', 'github', 'jwt', 'kubernetes', 'ldap', 'okta', 'radius'].forEach(
function (testCase) {
return module(`${testCase} auth`, function (hooks) {
hooks.beforeEach(async function () {
this.mount = `${testCase}-openapi`;
await runCmd(mountAuthCmd(testCase, this.mount), false);
});
hooks.afterEach(async function () {
await runCmd(deleteAuthCmd(this.backend), false);
});
authEngineHelper(test, testCase);
});
}
);
}
);
function secretEngineHelper(test, secretEngine) {
const engineData = expectedSecretAttrs[secretEngine];

12
ui/tests/helpers/openapi/expected-secret-attrs.js
View File

@ -569,6 +569,12 @@ const pki = {
fieldGroup: 'default',
type: 'boolean',
},
maxTtl: {
editType: 'ttl',
fieldGroup: 'default',
helpText:
'Specify the maximum TTL for ACME certificates. Role TTL values will be limited to this value',
},
},
'pki/certificate/generate': {
role: {
@ -1200,6 +1206,12 @@ const pki = {
fieldGroup: 'default',
type: 'string',
},
enforceLeafNotAfterBehavior: {
editType: 'boolean',
fieldGroup: 'default',
helpText: "Do not truncate the NotAfter field, use the issuer's configured leaf_not_after_behavior",
type: 'boolean',
},
excludeCnFromSans: {
editType: 'boolean',
helpText:

2
ui/tests/integration/components/pki/pki-sign-intermediate-form-test.js
View File

@ -47,7 +47,7 @@ module('Integration | Component | pki-sign-intermediate-form', function (hooks)
assert.dom(selectors.form).exists('Form is rendered');
assert.dom(selectors.resultsContainer).doesNotExist('Results display not rendered');
assert.dom('[data-test-field]').exists({ count: 9 }, '9 default fields shown');
assert.dom('[data-test-field]').exists({ count: 10 }, '10 default fields shown');
assert.dom(selectors.toggleSigningOptions).exists();
assert.dom(selectors.toggleSANOptions).exists();
assert.dom(selectors.toggleAdditionalFields).exists();