* PKI: Add a new leaf_not_after_behavior value to force erroring in all circumstances
- We introduce a new value called `always_enforce_err` for the existing
leaf_not_after_behavior on a PKI issuer. The new value will force we
error out all requests that have a TTL beyond the issuer's NotAfter value.
- This will apply to leaf certificates issued through the API as did err,
but now to CA issuance and ACME requests for which we previously changed
the err configuration to truncate.
* Add cl
* Update UI test
* Fix changelog type
* changes then onto tests
* fix wif test failures
* changelog
* clean up
* address pr comments
* only test one wif engine for relevant tests
* add back engine loop for tests that depend on type
* rename store to pagination, remove store extension
* initial update of service test
* remove superfluous helper
* replace store with pagination service in main app
* update kmip engine syntax
* add pagination to kmip engine
* update to pagination in config-ui engine
* update sync engine to use pagination service
* use pagination service in kv engine
* use pagination service in ldap engine
* use pagination in pki engine
* update renaming clearDataset functions
* link to jira VAULT-31721
* remove comment
* fix promise issues on transformation-edit
* fix one test and the transition problem
* cannot call capabilities service directly inside template because its an unresolved promise
* address transit capabilities issues
* remove deprecations line for promise-proxies
* handle hot mess of delete permissions and such
* blah
* update flash message language. It will now show a flash message for each role whose transformationw as not removed.
* small wording change
* one small change to the default flash message
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Update ui/app/components/transformation-edit.js
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* fix policy flow
* fix linting and can't define let outside if block
* fix flashmessage things
* make show and edit use same param
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Track the last PKI auto-tidy time ran for use across nodes
- If the interval time for auto-tidy is longer then say a regularly
scheduled restart of Vault, auto-tidy is never run. This is due to
the time of the last run of tidy is only kept in memory and
initialized on startup to the current time
- Store the last run of any tidy, to maintain previous behavior, to
a cluster local file, which is read in/initialized upon a mount
initialization.
* Add auto-tidy configuration fields for backing off at startup
* Add new auto-tidy fields to UI
* Update api docs for auto-tidy
* Add cl
* Update field description text
* Apply Claire's suggestions from code review
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
* Implementing PR feedback from the UI team
* remove explicit defaults and types so we retrieve from backend, decouple enabling auto tidy from duration, move params to auto settings section
---------
Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: claire bontempo <cbontempo@hashicorp.com>
* Add helper combineOpenApiAttrs + test
* hydrateModel working with upgradeModelSchema
* new registerNewModelWithAttrs method for generated models
* Add newFields to generated models
* copyright
* Glimmerize path-help service
* update generated-item-list adapter and path-help usage of it
* remove unused methods combineAttributes and combineFields
* move expandOpenApiProps to ts helper file
* fix auth test
* fix bug where adding user to second userpass mount saves to first mount
* Add mutableId
* fix ent test
* remove addressed deprecation
* Address PR comments
* [VAULT-31208] remove deprecation early-static from decorator tests
* rename validators util into model-helpers folder
* move kmip-role-fields to model-helpers
* fill out docs
* Move database-helpers into model-helpers
* broom
* update kmip/role model and adapter
* New KMIP role form component
* cleanup on kmip role adapter/model
* fix role details view
* update tests to check for kmip role form and details validity
* cleanup
* Add kmip-role-fields test
* add headers, remove old component
* Address PR comments
* absolute hail mary
* what about this?
* that was not right
* nope
* refactor problematic test
* remove all of the runloop stuff, just chasing flaky tests
* chasing authPage
* move away from page objects for runCmd
* replace existing runCmd function
* add line
* test if removing chrome version helps this time?
* rerun tests
* rerun tests
* Revert "test if removing chrome version helps this time?"
This reverts commit 0b189c4f6978d6c55c283e3fe9fddd03d28c4377.
* remove await
* add trace log
* change test:oss command
* remove log tracing
* wip control group fix?
* dont rely on models for capabilities;
* Revert "wip control group fix?"
This reverts commit cf3e896ba05d2fdfe1f6287bba5c862df4e5d553.
* make explicit request for data
* remove dangerous triple curlies
* cleanup template logic and reuse each-in
* remove capability checks from model
* update tests to reflect new behavior
* add test coverage
* fix mirage factory, update details tests
* test control groups VAULT-29471
* finish patch test
* alphabetize!
* does await help?
* fix factory
* add conditionals for control group error
* UI: Implement overview page for KV v2 (#28162)
* build json editor patch form
* finish patch component and tests
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add overview tabs to test
* add subtext to overview card
* remaining redirects in secret edit
* remove create new version from popup menu
* fix breadcrumbs for overview
* separate adding capabilities service
* add service to kv engine
* Revert "separate adding capabilities service"
This reverts commit bb70b12ab7dbcde0fbd2d4d81768e5c8b1c420cc.
* Revert "add service to kv engine"
This reverts commit bfa880535ef7d529d7610936b2c1aae55673d23f.
* update navigation test
* consistently navigate to secret.index route to be explicit
* finish overview navigation tests
* add copyright header
* update delete tests
* fix nav testrs
* cleanup secret edit redirects
* remove redundant async/awaits
* fix create test
* edge case tests
* secret acceptance tests
* final component tests
* rename kvSecretDetails external route to kvSecretOverview
* add comment
* UI: Add patch route and implement Page::Secret::Patch page component (sidebranch) (#28192)
* add tab to each route
* and path route
* add overview tab to tests
* update overview to use updated_time instead of created_time
* redirect relevant secret.details to secret.index
* compute secretState in component instead of pass as arg
* add capabilities service
* add error handling to fetchSubkeys adapter request
* add patch route and put in page component
* add patch secret action to subkeys card
* fix component name
* add patch capability
* alphabetize computed capabilities
* update links, cleanup selectors
* fix more merge conflict stuff
* add capabilities test
* add models to patch link
* add test for patch route
* rename external route
* add error templates
* make notes about enterprise tests, filter one
* remove errors, transition (redirect) instead
* redirect patch routes
* UI: Move fetching secret data to child route (#28198)
* remove @secret from metadata details
* use metadata model instead of secret in paths page
* put delete back into kv/data adapter
* grant access in control group test
* update metadata route and permissions
* remove secret from parent route, only fetch in details route
* change more permissions to route perms, add tests
* revert overview redirect from list view
* wrap model in conditional for perms
* remove redundant canReadCustomMetadata check
* rename adapter method
* handle overview 404
* remove comment
* add customMetadata as an arg
* update grantAccess in test
* make version param easier to follow
* VAULT-30494 handle 404 jira
* refactor capabilities to return an object
* update create tests
* add test for default truthy capabilities
* remove destroy-all-versions from kv/data adapter
* UI: Add enterprise checks (#28215)
* add enterprise check for subkey card
* add max height and scroll to subkey card
* only fetch subkeys if enterprise
* remove check in overview
* add test
* Update ui/tests/integration/components/kv/page/kv-page-overview-test.js
* fix test failures (#28222)
* add assertion
* add optional chaining
* create/delete versioned secret in each module
* wait for transition
* add another waitUntil
* UI: Add patch latest version to toolbar (#28223)
* add patch latest version action to toolbar
* make isPatchAllowed arg all encompassing
* no longer need model check
* use hash so both promises fire at the same time
* add subkeys to policy
* Update ui/lib/kv/addon/routes/secret.js
* add changelog
* small cleanup items! (#28229)
* add conditional for enterprise checking tabs
* cleanup fetchMultiplePaths method
* add test
* remove todo comment, ticket created and design wants to hold off
* keep transition, update comments
* cleanup tests, add index to breadcrumbs
* add some test coverage
* toggle so value is readable
* manual cherry pick to deal with all the merge things
* changelog
* test fixes
* Update 28148.txt
* fix tests failures after main merge
* fix test failures after main merge
* Add Access Type and conditionally render WIF fields (#28149)
* initial work.
* remove access_type
* better no model logic well kind of
* rollback attrs
* remove defaults
* stopping point
* wip changing back to sidebranch
* hustling shuffling and serializing
* some of the component test coverage
* disable acces type if editing
* test coverage
* hide max retries that sneaky bugger
* cleanup
* cleanup
* Update root-config.js
* remove flash message check, locally passes great but on ci flaky
* clean up
* thank you chelsea
* test clean up per enterprise vs community
* address pr comments
* welp a miss add
* UI (sidebranch) WIF Issuer field (#28187)
* Add type declaration files for aws config models
* use updated task syntax for save method on configure-aws
* fix types on edit route
* fetch issuer on configure edit page if aws + enterprise
* track issuer within configure-aws component
* add placeholder support on form-field
* Add warning if issuer changed from previous value or could not be read
* cleanup
* preliminary tests
* dont use while loop so we can test the modal
* tests
* cleanup
* fix tests
* remove extra tracked value and duplicate changed attrs check
* modal footer
---------
Co-authored-by: Angel Garbarino <argarbarino@gmail.com>
* Display issuer on Configuration details (#28209)
* display issuer on configuration details
* workflow complete, now on to testing
* handle issuer things
* fix all the broken tests things
* add test coveragE:
* cleanup
* rename model/adapter
* Update configure-aws.ts
* Update aws-configuration-test.js
* 90 percent there for pr comments
* last one for tonight
* a few more because why not
* hasDirtyAttributes fixes
* revert back to previous noRead->queryIssuerError
---------
Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
* initial changes with no test coverage
* test coverage and fixes
* additional edit config test coverage
* clean up
* clean up
* Address pr feedback
* welp missed an await
* missed
* take back
* Update configure-ssh-test.js
* move date-from-now helper to addon
* make overview cards consistent across engines
* make kv-paths-card component
* remove overview margin all together
* small styling changes for paths card
* small selector additions
* add overview card test
* add overview page and test
* add default timestamp format
* cleanup paths test
* fix dateFromNow import
* fix selectors, cleanup pki selectors
* and more selector cleanup
* make deactivated state single arg
* fix template and remove @isDeleted and @isDestroyed
* add test and hide badge unless deactivated
* address failings from changing selectors
* oops, not ready to show overview tab just yet!
* add deletionTime to currentSecret metadata getter
* add patch to kv adapter
* use query-param-string helper in fetchSubkeys
* one more whitespace helper
* move method because git diff was strange
* update path util tests
* build kv-patch-editor component
* add tests
* use validator helpers in kv-object-editor
* update class name in version-history
* remove is- from css class
* move whitespace warning and non-string values warning messages to validators util
* break editor component into smaller ones
* fix typo
* add docs
* rename files and move to directory, add tests for new templates
* fix some bugs and add tests!
* fix validation bug and update tests
* capitalize item in helper
* remove comment
* and one more comment change
* move files around
* move fetches to config to the configuration.index route
* working... for aws, lots of clean up left
* move error handling to parent route
* standarize configModel param
* add test coverage
* welp a miss for non configurable engines
* pr comments
* remove mirage interrupts and test actual api
* update configuration details test to test for template only things
* api error coverage
* setup the toggle to display mount configuration options
* whew.. getting there. aws only, borked for ssh
* another round, better than before
* masked things
* changelog
* fix broken oss test
* move to component
* handle ssh things and cleanup
* wip test coverage
* test coverage for the component
* copywrite header miss
* update no model error
* setup configuration aws acceptance tests
* update CONFIURABLE_SECRET_ENGINES
* acceptance tests for aws
* ssh configuration
* clean up
* remove comment
* move to confirm model before destructuring
* pr comments
* fix check for ssh config error
* add message check in api error test
* pr comments
* Add map between model types and helpUrls, update tests
* replace modelProto.getHelpUrl with new helper util
* Remove all useOpenApi and getHelpUrl instances from models
* Add missing auth config model type
* initial shuffling of credentials and advanced configuration options
* update all destination models
* wip changelog
* Update 27538.txt
* remove custom_tags from gh
* missed vercel and remove custom_tags from base
* refactor conditional logic on templace
* things
* test coverage and dynamic subText
* add assert to not see enableInput on create
* clean up
* remove extra parens
* test clean up to clarify what the header subtext vs breadcrumb transition are testing
* wip not working on edit view
* changelog
* vercel and fix tests
* need conditional to not break all the things:
* create test coverage and add for other obfustcaed fonts, still missing one.
* Update 27348.txt
* remove meep
* comment
* test coverage
* Update generic upgrade test to reflect user behavior
* Fix backend link for generic v2
* Add redirect for generic v2
* more test coverage
* Add changelog
* use router for transitions within replication engine
* fix inverse value on group-alias belongsTo relationship
* Always call super.willDestroy after custom hooks
* fix deprecation ember-engines.deprecation-camelized-engine-names
* graceful fallback on message-error if adapterError does not include errors
* use router.replaceWith during tests on logout
* fix more links
* Update add-to-array and remove-from-array helpers
* remove search-select-has-many, moved logic directly into mfa-login-enforcement-form (see #16470)
* Replace add/remove object in MFA files - All MFA tests pass
* Replace in PKI components (pki tests all passing)
* Replace in core addon where applicable
* glimmerize console service -- console tests pass
* more replacements
* update string-list, add comment to vertical-bar-chart
* Refactor CSP Event service
- only used one place (auth-form) so simplified that usage
- glimmerize and refactor so that the tests work
* small updates
* more cleanup
* Fix tests
* Remove objectAt from console-helpers
* Address PR comments
* move commandIndex clearing back
* Remove extra model set
* update model so only supported methods add user_lockout_config params
* update auth config form to only show user lockout config for supported methods
* add changelog
* add allowed_response_headers and plugin_version to auth method config
* add user_lockout_config to auth tune
* add changelog;
* update test
* add test
* add default granularity depending on type
* move default setting to helper
* add test coverage for default granularity
* update mirage
* update secret name template
* remove has-text-black class which was making help tooltip black as well
* normalizes sync destination granularity key in serializer
* adds new fields to aws and gcp sync destinations
* updates sync destination delete action from destinations list view to route to overview on success
* updates destination serializer normalize to check if options is defined
