mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 15:11:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/ui/app/models/auth-method.js
Dan Rivera 008835ba36
UI: Surface plugin version & cleanup utils (#31001) 
* surface plugin version & removing mountable-auth-methods.js

* UI: Removing mountable-secret-engines.js (#30950)

* first pass, removing all related imports

* fix usage

* fix category

* fix typos

* fix more tests

* fix more tests pt2

* attempting WIF const removal

* fix wif tests, removing config consts

* fixing tests

* please

* removing fallback

* cleanup

* fix type ent test

* remove isaddon

* Revert "remove isaddon"

This reverts commit ee114197b7299711e35e3c8e5aca9694063726eb.

* adding tab click

* update case

* fix case, rename to isOnlyMountable

* fix backend form

* more test fix

* adding changelog

* pr comments

* renaming params, adding requiresADP

* updates

* updates and pr comments

* perhaps update the test
2025-06-19 15:10:09 -04:00

170 lines
5.3 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import Model, { belongsTo, hasMany, attr } from '@ember-data/model';
import { service } from '@ember/service';
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
import apiPath from 'vault/utils/api-path';
import { withModelValidations } from 'vault/decorators/model-validations';
import lazyCapabilities from 'vault/macros/lazy-capabilities';
import { action } from '@ember/object';
import { camelize } from '@ember/string';
import { WHITESPACE_WARNING } from 'vault/utils/forms/validators';
import { supportedTypes } from 'vault/utils/supported-login-methods';
import engineDisplayData from 'vault/helpers/engines-display-data';
const validations = {
path: [
{ type: 'presence', message: "Path can't be blank." },
{
type: 'containsWhiteSpace',
message: WHITESPACE_WARNING('path'),
level: 'warn',
},
],
};
@withModelValidations(validations)
export default class AuthMethodModel extends Model {
@service namespace;
@service store;
@service version;
@belongsTo('mount-config', { async: false, inverse: null }) config; // one-to-none that replaces former fragment
@hasMany('auth-config', { polymorphic: true, inverse: 'backend', async: false }) authConfigs;
@attr('string') path;
@attr('string') accessor;
@attr('string') name;
@attr('string') type;
// namespaces introduced types with a `ns_` prefix for built-in engines
// so we need to strip that to normalize the type
get methodType() {
return this.type.replace(/^ns_/, '');
}
get icon() {
// methodType refers to the backend type (e.g., "aws", "azure") and is set on a getter.
const engineData = engineDisplayData(this.methodType);
return engineData?.glyph || 'users';
}
get directLoginLink() {
const ns = this.namespace.path;
const nsQueryParam = ns ? `namespace=${encodeURIComponent(ns)}&` : '';
const isSupported = supportedTypes(this.version.isEnterprise).includes(this.methodType);
return isSupported
? `${window.origin}/ui/vault/auth?${nsQueryParam}with=${encodeURIComponent(this.path)}`
: '';
}
@attr('string', {
editType: 'textarea',
})
description;
@attr('boolean', {
helpText:
'When Replication is enabled, a local mount will not be replicated across clusters. This can only be specified at mount time.',
})
local;
@attr('boolean', {
helpText:
'When enabled - if a seal supporting seal wrapping is specified in the configuration, all critical security parameters (CSPs) in this backend will be seal wrapped. (For KV mounts, all values will be seal wrapped.) This can only be specified at mount time.',
})
sealWrap;
// used when the `auth` prefix is important,
// currently only when setting perf mount filtering
get apiPath() {
return `auth/${this.path}`;
}
get localDisplay() {
return this.local ? 'local' : 'replicated';
}
get supportsUserLockoutConfig() {
return ['approle', 'ldap', 'userpass'].includes(this.methodType);
}
userLockoutConfig = {
modelAttrs: [
'config.lockoutThreshold',
'config.lockoutDuration',
'config.lockoutCounterReset',
'config.lockoutDisable',
],
apiParams: ['lockout_threshold', 'lockout_duration', 'lockout_counter_reset', 'lockout_disable'],
};
get tuneAttrs() {
// order here determines order tune fields render
const tuneAttrs = [
'listingVisibility',
'defaultLeaseTtl',
'maxLeaseTtl',
...(this.methodType === 'token' ? [] : ['tokenType']),
'auditNonHmacRequestKeys',
'auditNonHmacResponseKeys',
'passthroughRequestHeaders',
'allowedResponseHeaders',
'pluginVersion',
...(this.supportsUserLockoutConfig ? this.userLockoutConfig.apiParams.map((a) => camelize(a)) : []),
];
return expandAttributeMeta(this, ['description', `config.{${tuneAttrs.join(',')}}`]);
}
get formFields() {
return [
'type',
'path',
'description',
'accessor',
'local',
'sealWrap',
'config.{listingVisibility,defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders,pluginVersion}',
];
}
get formFieldGroups() {
return [
{ default: ['path'] },
{
'Method Options': [
'description',
'config.listingVisibility',
'local',
'sealWrap',
'config.{defaultLeaseTtl,maxLeaseTtl,tokenType,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders,pluginVersion}',
],
},
];
}
get attrs() {
return expandAttributeMeta(this, this.formFields);
}
get fieldGroups() {
return fieldToAttrs(this, this.formFieldGroups);
}
@lazyCapabilities(apiPath`sys/auth/${'id'}`, 'id') deletePath;
@lazyCapabilities(apiPath`auth/${'id'}/config`, 'id') configPath;
@lazyCapabilities(apiPath`auth/${'id'}/config/client`, 'id') awsConfigPath;
get canDisable() {
return this.deletePath.get('canDelete') !== false;
}
get canEdit() {
return this.configPath.get('canUpdate') !== false;
}
get canEditAws() {
return this.awsConfigPath.get('canUpdate') !== false;
}
@action
tune(data) {
return this.store.adapterFor('auth-method').tune(this.path, data);
}
}
Reference in New Issue View Git Blame Copy Permalink