mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 15:11:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/ui/app/adapters/ldap/role.js
claire bontempo 6e3ae793f5
UI: LDAP Hierarchical Library names (#29293) 
* refactor crumbs

* add subdirectory library route and hierarchical nav

* update library breadcrumbs;

* fix role popup menus

* add getter to library model for full path

* cleanup model getters

* add changelog

* add bug fix note

* add transition after deleting

* fix function definition

* update adapter test

* add test coverage

* fix crumb typo
2025-01-07 12:54:36 -06:00

158 lines
5.8 KiB
JavaScript
Raw Permalink Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import ApplicationAdapter from 'vault/adapters/application';
import { encodePath } from 'vault/utils/path-encoding-helpers';
import { service } from '@ember/service';
import AdapterError from '@ember-data/adapter/error';
import { addManyToArray } from 'vault/helpers/add-to-array';
import sortObjects from 'vault/utils/sort-objects';
export const ldapRoleID = (type, name) => `type:${type}::name:${name}`;
export default class LdapRoleAdapter extends ApplicationAdapter {
namespace = 'v1';
@service flashMessages;
// we do this in the adapter because query() requests separate endpoints to fetch static and dynamic roles.
// it also handles some error logic and serializing (some of which is for lazyPaginatedQuery)
// so for consistency formatting the response here
_constructRecord({ backend, name, type }) {
// ID cannot just be the 'name' because static and dynamic roles can have identical names
return { id: ldapRoleID(type, name), backend, name, type };
}
_getURL(backend, path, name) {
const base = `${this.buildURL()}/${encodePath(backend)}/${path}`;
return name ? `${base}/${name}` : base;
}
_pathForRoleType(type, isCred) {
const staticPath = isCred ? 'static-cred' : 'static-role';
const dynamicPath = isCred ? 'creds' : 'role';
return type === 'static' ? staticPath : dynamicPath;
}
_createOrUpdate(store, modelSchema, snapshot) {
const { backend, name, type } = snapshot.record;
const data = snapshot.serialize();
return this.ajax(this._getURL(backend, this._pathForRoleType(type), name), 'POST', {
data,
}).then(() => {
// add ID to response because ember data dislikes 204s...
return { data: this._constructRecord({ backend, name, type }) };
});
}
createRecord() {
return this._createOrUpdate(...arguments);
}
updateRecord() {
return this._createOrUpdate(...arguments);
}
urlForDeleteRecord(id, modelName, snapshot) {
const { backend, type, completeRoleName } = snapshot.record;
return this._getURL(backend, this._pathForRoleType(type), completeRoleName);
}
/*
roleAncestry: { path_to_role: string; type: string };
*/
async query(store, type, query, recordArray, options) {
const { showPartialError, roleAncestry } = options.adapterOptions || {};
const { backend } = query;
if (roleAncestry) {
return this._querySubdirectory(backend, roleAncestry);
}
return this._queryAll(backend, showPartialError);
}
// LIST request for all roles (static and dynamic)
async _queryAll(backend, showPartialError) {
let roles = [];
const errors = [];
for (const roleType of ['static', 'dynamic']) {
const url = this._getURL(backend, this._pathForRoleType(roleType));
try {
const models = await this.ajax(url, 'GET', { data: { list: true } }).then((resp) => {
return resp.data.keys.map((name) => this._constructRecord({ backend, name, type: roleType }));
});
roles = addManyToArray(roles, models);
} catch (error) {
if (error.httpStatus !== 404) {
errors.push(error);
}
}
}
if (errors.length) {
const errorMessages = errors.reduce((errors, e) => {
e.errors.forEach((error) => {
errors.push(`${e.path}: ${error}`);
});
return errors;
}, []);
if (errors.length === 2) {
// throw error as normal if both requests fail
// ignore status code and concat errors to be displayed in Page::Error component with generic message
const errorObject = new AdapterError(errorMessages);
errorObject.message = 'Error fetching roles:';
throw errorObject;
} else if (showPartialError) {
// if only one request fails, surface the error to the user an info level flash message
// this may help for permissions errors where a users policy may be incorrect
this.flashMessages.info(`Error fetching roles from ${errorMessages.join(', ')}`);
}
}
// must return an object in this shape for lazyPaginatedQuery to function
// changing the responsePath or providing the extractLazyPaginatedData serializer method causes normalizeResponse to return data: [undefined]
return { data: { keys: sortObjects(roles, 'name') } };
}
// LIST request for children of a hierarchical role
async _querySubdirectory(backend, roleAncestry) {
// path_to_role is the ancestral path
const { path_to_role, type: roleType } = roleAncestry;
const url = `${this._getURL(backend, this._pathForRoleType(roleType))}/${path_to_role}`;
const roles = await this.ajax(url, 'GET', { data: { list: true } }).then((resp) => {
return resp.data.keys.map((name) => ({
...this._constructRecord({ backend, name, type: roleType }),
path_to_role, // adds path_to_role attr to ldap/role model
}));
});
return { data: { keys: sortObjects(roles, 'name') } };
}
queryRecord(store, type, query) {
const { backend, name, type: roleType } = query;
const url = this._getURL(backend, this._pathForRoleType(roleType), name);
return this.ajax(url, 'GET').then((resp) => ({
...resp.data,
...this._constructRecord({ backend, name, type: roleType }),
}));
}
fetchCredentials(backend, type, name) {
const url = this._getURL(backend, this._pathForRoleType(type, true), name);
return this.ajax(url, 'GET').then((resp) => {
if (type === 'dynamic') {
const { lease_id, lease_duration, renewable } = resp;
return { ...resp.data, lease_id, lease_duration, renewable, type };
}
return { ...resp.data, type };
});
}
rotateStaticPassword(backend, name) {
const url = this._getURL(backend, 'rotate-role', name);
return this.ajax(url, 'POST');
}
}
Reference in New Issue View Git Blame Copy Permalink