mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-06 22:57:02 +02:00
f634808ed4
* UI: Implement overview page for KV v2 (#28162) * build json editor patch form * finish patch component and tests * add tab to each route * and path route * add overview tab to tests * update overview to use updated_time instead of created_time * redirect relevant secret.details to secret.index * compute secretState in component instead of pass as arg * add capabilities service * add error handling to fetchSubkeys adapter request * add overview tabs to test * add subtext to overview card * remaining redirects in secret edit * remove create new version from popup menu * fix breadcrumbs for overview * separate adding capabilities service * add service to kv engine * Revert "separate adding capabilities service" This reverts commitbb70b12ab7. * Revert "add service to kv engine" This reverts commitbfa880535e. * update navigation test * consistently navigate to secret.index route to be explicit * finish overview navigation tests * add copyright header * update delete tests * fix nav testrs * cleanup secret edit redirects * remove redundant async/awaits * fix create test * edge case tests * secret acceptance tests * final component tests * rename kvSecretDetails external route to kvSecretOverview * add comment * UI: Add patch route and implement Page::Secret::Patch page component (sidebranch) (#28192) * add tab to each route * and path route * add overview tab to tests * update overview to use updated_time instead of created_time * redirect relevant secret.details to secret.index * compute secretState in component instead of pass as arg * add capabilities service * add error handling to fetchSubkeys adapter request * add patch route and put in page component * add patch secret action to subkeys card * fix component name * add patch capability * alphabetize computed capabilities * update links, cleanup selectors * fix more merge conflict stuff * add capabilities test * add models to patch link * add test for patch route * rename external route * add error templates * make notes about enterprise tests, filter one * remove errors, transition (redirect) instead * redirect patch routes * UI: Move fetching secret data to child route (#28198) * remove @secret from metadata details * use metadata model instead of secret in paths page * put delete back into kv/data adapter * grant access in control group test * update metadata route and permissions * remove secret from parent route, only fetch in details route * change more permissions to route perms, add tests * revert overview redirect from list view * wrap model in conditional for perms * remove redundant canReadCustomMetadata check * rename adapter method * handle overview 404 * remove comment * add customMetadata as an arg * update grantAccess in test * make version param easier to follow * VAULT-30494 handle 404 jira * refactor capabilities to return an object * update create tests * add test for default truthy capabilities * remove destroy-all-versions from kv/data adapter * UI: Add enterprise checks (#28215) * add enterprise check for subkey card * add max height and scroll to subkey card * only fetch subkeys if enterprise * remove check in overview * add test * Update ui/tests/integration/components/kv/page/kv-page-overview-test.js * fix test failures (#28222) * add assertion * add optional chaining * create/delete versioned secret in each module * wait for transition * add another waitUntil * UI: Add patch latest version to toolbar (#28223) * add patch latest version action to toolbar * make isPatchAllowed arg all encompassing * no longer need model check * use hash so both promises fire at the same time * add subkeys to policy * Update ui/lib/kv/addon/routes/secret.js * add changelog * small cleanup items! (#28229) * add conditional for enterprise checking tabs * cleanup fetchMultiplePaths method * add test * remove todo comment, ticket created and design wants to hold off * keep transition, update comments * cleanup tests, add index to breadcrumbs * add some test coverage * toggle so value is readable
60 lines
1.8 KiB
JavaScript
60 lines
1.8 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
// This model represents the capabilities on a given `path`
|
|
// `path` is also the primaryId
|
|
// https://developer.hashicorp.com/vault/docs/concepts/policies#capabilities
|
|
|
|
import Model, { attr } from '@ember-data/model';
|
|
|
|
import { computed } from '@ember/object';
|
|
|
|
const SUDO_PATHS = [
|
|
'sys/seal',
|
|
'sys/replication/performance/primary/secondary-token',
|
|
'sys/replication/dr/primary/secondary-token',
|
|
'sys/replication/reindex',
|
|
'sys/leases/lookup/',
|
|
];
|
|
|
|
const SUDO_PATH_PREFIXES = ['sys/leases/revoke-prefix', 'sys/leases/revoke-force'];
|
|
|
|
export { SUDO_PATHS, SUDO_PATH_PREFIXES };
|
|
|
|
const computedCapability = function (capability) {
|
|
return computed('path', 'capabilities', 'capabilities.[]', function () {
|
|
const capabilities = this.capabilities;
|
|
const path = this.path;
|
|
if (!capabilities) {
|
|
return false;
|
|
}
|
|
if (capabilities.includes('root')) {
|
|
return true;
|
|
}
|
|
if (capabilities.includes('deny')) {
|
|
return false;
|
|
}
|
|
// if the path is sudo protected, they'll need sudo + the appropriate capability
|
|
if (SUDO_PATHS.includes(path) || SUDO_PATH_PREFIXES.find((item) => path.startsWith(item))) {
|
|
return capabilities.includes('sudo') && capabilities.includes(capability);
|
|
}
|
|
return capabilities.includes(capability);
|
|
});
|
|
};
|
|
|
|
export default Model.extend({
|
|
path: attr('string'),
|
|
capabilities: attr('array'),
|
|
allowedParameters: attr(),
|
|
deniedParameters: attr(),
|
|
canCreate: computedCapability('create'),
|
|
canDelete: computedCapability('delete'),
|
|
canList: computedCapability('list'),
|
|
canPatch: computedCapability('patch'),
|
|
canRead: computedCapability('read'),
|
|
canSudo: computedCapability('sudo'),
|
|
canUpdate: computedCapability('update'),
|
|
});
|