* PKI: Add a new leaf_not_after_behavior value to force erroring in all circumstances
- We introduce a new value called `always_enforce_err` for the existing
leaf_not_after_behavior on a PKI issuer. The new value will force we
error out all requests that have a TTL beyond the issuer's NotAfter value.
- This will apply to leaf certificates issued through the API as did err,
but now to CA issuance and ACME requests for which we previously changed
the err configuration to truncate.
* Add cl
* Update UI test
* Fix changelog type
* upgrade ember-data 5.3.2, uninstall legacy compat, upgrade ember-cli, ember-source
* use query instead of findAll for auth methods, update tests
* set mutableId for kmip
* show generated private key data before transitioning to details
* update kv metadata test
* remove deprecated methods from path help service
* add changelog, update readme version matrix
* remove toggle template helper
* rename store to pagination, remove store extension
* initial update of service test
* remove superfluous helper
* replace store with pagination service in main app
* update kmip engine syntax
* add pagination to kmip engine
* update to pagination in config-ui engine
* update sync engine to use pagination service
* use pagination service in kv engine
* use pagination service in ldap engine
* use pagination in pki engine
* update renaming clearDataset functions
* link to jira VAULT-31721
* remove comment
* use alias for router injection
* update @router declarations in engine files
* fix remaining pki router imports
* dynamically set router based on owner
* address replication routers
* update markdown docs
* use non-deprecated import for getOwner
* revert out of scope changes
* add transition-to test
* add auth-config/oidc to openapi model helper
* alphabetize
* update maskedinput selector to be standard data-test-input
* add test
* add changelog
* fix maskedinput test and kv selector
* final textarea selector!
* Track the last PKI auto-tidy time ran for use across nodes
- If the interval time for auto-tidy is longer then say a regularly
scheduled restart of Vault, auto-tidy is never run. This is due to
the time of the last run of tidy is only kept in memory and
initialized on startup to the current time
- Store the last run of any tidy, to maintain previous behavior, to
a cluster local file, which is read in/initialized upon a mount
initialization.
* Add auto-tidy configuration fields for backing off at startup
* Add new auto-tidy fields to UI
* Update api docs for auto-tidy
* Add cl
* Update field description text
* Apply Claire's suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Implementing PR feedback from the UI team
* remove explicit defaults and types so we retrieve from backend, decouple enabling auto tidy from duration, move params to auto settings section
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* rename validators util into model-helpers folder
* move kmip-role-fields to model-helpers
* fill out docs
* Move database-helpers into model-helpers
* broom
* update kmip/role model and adapter
* New KMIP role form component
* cleanup on kmip role adapter/model
* fix role details view
* update tests to check for kmip role form and details validity
* cleanup
* Add kmip-role-fields test
* add headers, remove old component
* Address PR comments
* add capabilities service to replication engine
* fix capabilities paths in route file
* pass updated capabilities using getters
* add changelog
* fix logic so default is based on undefined capabilities (not no mode)
* hide patch action for deleted or destroyed versions
* update jsdoc
* add conditional chaining for CE versions that dont have subkeys
* stub version for CE tests
* add comments
* Update ui/lib/kv/addon/routes/secret.js
* wip control group fix?
* dont rely on models for capabilities;
* Revert "wip control group fix?"
This reverts commit cf3e896ba05d2fdfe1f6287bba5c862df4e5d553.
* make explicit request for data
* remove dangerous triple curlies
* cleanup template logic and reuse each-in
* remove capability checks from model
* update tests to reflect new behavior
* add test coverage
* fix mirage factory, update details tests
* test control groups VAULT-29471
* finish patch test
* alphabetize!
* does await help?
* fix factory
* add conditionals for control group error
* UI: Implement overview page for KV v2 (#28162)
* build json editor patch form
* finish patch component and tests
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add overview tabs to test
* add subtext to overview card
* remaining redirects in secret edit
* remove create new version from popup menu
* fix breadcrumbs for overview
* separate adding capabilities service
* add service to kv engine
* Revert "separate adding capabilities service"
This reverts commit bb70b12ab7dbcde0fbd2d4d81768e5c8b1c420cc.
* Revert "add service to kv engine"
This reverts commit bfa880535ef7d529d7610936b2c1aae55673d23f.
* update navigation test
* consistently navigate to secret.index route to be explicit
* finish overview navigation tests
* add copyright header
* update delete tests
* fix nav testrs
* cleanup secret edit redirects
* remove redundant async/awaits
* fix create test
* edge case tests
* secret acceptance tests
* final component tests
* rename kvSecretDetails external route to kvSecretOverview
* add comment
* UI: Add patch route and implement Page::Secret::Patch page component (sidebranch) (#28192)
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add patch route and put in page component
* add patch secret action to subkeys card
* fix component name
* add patch capability
* alphabetize computed capabilities
* update links, cleanup selectors
* fix more merge conflict stuff
* add capabilities test
* add models to patch link
* add test for patch route
* rename external route
* add error templates
* make notes about enterprise tests, filter one
* remove errors, transition (redirect) instead
* redirect patch routes
* UI: Move fetching secret data to child route (#28198)
* remove @secret from metadata details
* use metadata model instead of secret in paths page
* put delete back into kv/data adapter
* grant access in control group test
* update metadata route and permissions
* remove secret from parent route, only fetch in details route
* change more permissions to route perms, add tests
* revert overview redirect from list view
* wrap model in conditional for perms
* remove redundant canReadCustomMetadata check
* rename adapter method
* handle overview 404
* remove comment
* add customMetadata as an arg
* update grantAccess in test
* make version param easier to follow
* VAULT-30494 handle 404 jira
* refactor capabilities to return an object
* update create tests
* add test for default truthy capabilities
* remove destroy-all-versions from kv/data adapter
* UI: Add enterprise checks (#28215)
* add enterprise check for subkey card
* add max height and scroll to subkey card
* only fetch subkeys if enterprise
* remove check in overview
* add test
* Update ui/tests/integration/components/kv/page/kv-page-overview-test.js
* fix test failures (#28222)
* add assertion
* add optional chaining
* create/delete versioned secret in each module
* wait for transition
* add another waitUntil
* UI: Add patch latest version to toolbar (#28223)
* add patch latest version action to toolbar
* make isPatchAllowed arg all encompassing
* no longer need model check
* use hash so both promises fire at the same time
* add subkeys to policy
* Update ui/lib/kv/addon/routes/secret.js
* add changelog
* small cleanup items! (#28229)
* add conditional for enterprise checking tabs
* cleanup fetchMultiplePaths method
* add test
* remove todo comment, ticket created and design wants to hold off
* keep transition, update comments
* cleanup tests, add index to breadcrumbs
* add some test coverage
* toggle so value is readable
* manual cherry pick to deal with all the merge things
* changelog
* test fixes
* Update 28148.txt
* fix tests failures after main merge
* fix test failures after main merge
* Add Access Type and conditionally render WIF fields (#28149)
* initial work.
* remove access_type
* better no model logic well kind of
* rollback attrs
* remove defaults
* stopping point
* wip changing back to sidebranch
* hustling shuffling and serializing
* some of the component test coverage
* disable acces type if editing
* test coverage
* hide max retries that sneaky bugger
* cleanup
* cleanup
* Update root-config.js
* remove flash message check, locally passes great but on ci flaky
* clean up
* thank you chelsea
* test clean up per enterprise vs community
* address pr comments
* welp a miss add
* UI (sidebranch) WIF Issuer field (#28187)
* Add type declaration files for aws config models
* use updated task syntax for save method on configure-aws
* fix types on edit route
* fetch issuer on configure edit page if aws + enterprise
* track issuer within configure-aws component
* add placeholder support on form-field
* Add warning if issuer changed from previous value or could not be read
* cleanup
* preliminary tests
* dont use while loop so we can test the modal
* tests
* cleanup
* fix tests
* remove extra tracked value and duplicate changed attrs check
* modal footer
---------
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>
* Display issuer on Configuration details (#28209)
* display issuer on configuration details
* workflow complete, now on to testing
* handle issuer things
* fix all the broken tests things
* add test coveragE:
* cleanup
* rename model/adapter
* Update configure-aws.ts
* Update aws-configuration-test.js
* 90 percent there for pr comments
* last one for tonight
* a few more because why not
* hasDirtyAttributes fixes
* revert back to previous noRead->queryIssuerError
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* add capabilities service
* remove from kv engine for now
* add canRead
* move await helper to addon
* add test
* update capabilities service to accommodate multiple paths
* address comments, make methods more explicit
* remove namespace key
* fix typo in test
* add namespace back!
* round out tests for other methods
* add test
* add comment
* initial changes with no test coverage
* test coverage and fixes
* additional edit config test coverage
* clean up
* clean up
* Address pr feedback
* welp missed an await
* missed
* take back
* Update configure-ssh-test.js
* move date-from-now helper to addon
* make overview cards consistent across engines
* make kv-paths-card component
* remove overview margin all together
* small styling changes for paths card
* small selector additions
* add overview card test
* add overview page and test
* add default timestamp format
* cleanup paths test
* fix dateFromNow import
* fix selectors, cleanup pki selectors
* and more selector cleanup
* make deactivated state single arg
* fix template and remove @isDeleted and @isDestroyed
* add test and hide badge unless deactivated
* address failings from changing selectors
* oops, not ready to show overview tab just yet!
* add deletionTime to currentSecret metadata getter
* build kv-patch-editor component
* add tests
* use validator helpers in kv-object-editor
* update class name in version-history
* remove is- from css class
* move whitespace warning and non-string values warning messages to validators util
* break editor component into smaller ones
* fix typo
* add docs
* rename files and move to directory, add tests for new templates
* fix some bugs and add tests!
* fix validation bug and update tests
* capitalize item in helper
* remove comment
* and one more comment change
* initial changes
* test selector and duplicate tests clean up
* check for flashDanger
* rename to make it easier to parse
* clean up selector names
* clean up
* add component test coverage
* remove true
* Replace getNewModel with hydrateModel when model exists
* Update getNewModel to only handle nonexistant model types
* Update test
* clarify test
* Fix auth-config models which need hydration not generation
* rename file to match service name
* cleanup + tests
* Add comment about helpUrl method
* remove destructureClientCounts
* Update type and mirage generator
* remove deprecated keys from hardcoded response samples
* Add back destructureClientCounts with updated description
* setup the toggle to display mount configuration options
* whew.. getting there. aws only, borked for ssh
* another round, better than before
* masked things
* changelog
* fix broken oss test
* move to component
* handle ssh things and cleanup
* wip test coverage
* test coverage for the component
* copywrite header miss
* update no model error
* setup configuration aws acceptance tests
* update CONFIURABLE_SECRET_ENGINES
* acceptance tests for aws
* ssh configuration
* clean up
* remove comment
* move to confirm model before destructuring
* pr comments
* fix check for ssh config error
* add message check in api error test
* pr comments
* move non user facing changes to another pr
* remove non-relevant test coverage
* address pr fixes
* Update mountable-secret-engines.js
* Update secrets-engine-mount-config.ts
* clean up
* put back console because of tests and use debug instead
* missed one
* blah fix
* yield all overview card actions
* yield remaining overview card content to the correct block
* close overview card in test
* fix typo
* fix route typo, add selectors where needed
* fix class typo add one more selector
* it works...but does it break everything else?
* Update code-mirror.js
* Update code-mirror.js
* return to original
* changelog
* different approach to move onto parse at create and edit. it breaks things, hopefully fixed in next commits
* use onBlur event on codemirrror
* maybe? lets run the tests and find out
* update comments
* wip for conditional to only compare on kvv2
* remove onblur leftovers
* missed two
* clean up
* test coverage
* try catch logical operator instead
* stringify helper and not native json stringify to maintain object shape
* remove comment
* Update json-editor.js
return brackets do not want issues with backports
* Update json-editor.js
* Update json-editor.js
* Test fix
* maybe
* more specific cursor test
* json-editor test cleanup
* Delete ui/testrun1.txt
* Delete ui/testrun2.txt
* remove non json test it doesn't test anything
* update test and comment for how it's testing non-json content
* test fix
* put shape of json blob back:
* send in original without parsing or stringify
* welp friday things
* initial shuffling of credentials and advanced configuration options
* update all destination models
* wip changelog
* Update 27538.txt
* remove custom_tags from gh
* missed vercel and remove custom_tags from base
* refactor conditional logic on templace
* things
* test coverage and dynamic subText
* add assert to not see enableInput on create
* clean up
* remove extra parens
* test clean up to clarify what the header subtext vs breadcrumb transition are testing
* wip not working on edit view
* changelog
* vercel and fix tests
* need conditional to not break all the things:
* create test coverage and add for other obfustcaed fonts, still missing one.
* Update 27348.txt
* remove meep
* comment
* test coverage
* create page component for mode/index
* add test selector to replication summary
* use new component on replication/mode/index route
* Update flaky test
* copyright headers
* intial changes, haven't tested client counts or done test coverage
* client count rename getter to clairfy
* fix has-permission api-paths
* wip
* wip
* fix: explicitly refresh vault.cluster model to re-fetch activatedFeatures after actication
* tests: fix # of assertions for verifying that activation was called
* tests: tidy overview-test
* add additional api permission path and move fetch back to application
* add test coverage for the service
* cleanup
* remove test that checked for upsell without license or on community
* small comment change
* welp missed component getter
* flaky test fix
* flaky test
* small nit changes from pr reviews
* add defaults to sync mirage handler
* Gate sync overview route for users without access (#27320)
* routes: add redirect if user does not have access to sync
* tests: verify redirect on sync overview page happens
* tests: organize tests modules to ensure enterprise is explicitly set up
* add type enterprise required now because we do a check for this first
* fix oss test
---------
Co-authored-by: Noelle Daley <noelledaley@users.noreply.github.com>
