mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-16 03:27:01 +02:00
Code Issues Projects Releases Wiki Activity
2b51e09bda
vault/ui/app/models/secret-engine.js
Chelsea Shaw 392b907989
KV V2 remove old kv v2 (#22691) 
* Remove component: diff version selector

* delete SecretVersionMenu

* remove secret logic from GetCredentialsCard

* remove DiffVersionSelector hbs file and references

* delete more css for diff version view

* remove diff route

* fix credential card selector

* ui: refactor SecretFormShow (#22723)

* refactor secret form show

* fix selector typo

* remove version route (#22738)

* Remove old KV2 delete things (#23015)

* remove kv2 old delete things

* comment

* Remove old metadata (#22747)

* wip to remove metadata

* review comments

* UI/remove kv2 secret create or update (#23039)

* remove is v2 param

* permissions clean up

* remove version things

* remove excess from form show

* clean up

* created time was never a thing for cubbyhole, confirmed on api

* update tune test

* fix control group tests:

* Remove kv v2 models (#23087)

* remove is v2 param

* permissions clean up

* remove version things

* remove excess from form show

* clean up

* created time was never a thing for cubbyhole, confirmed on api

* update tune test

* fix control group tests:

* remove models

* Update ui/app/models/secret-engine.js

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* blah prettier

---------

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

* UI/config update (#23111)

* sweep through clean up

* remove component

* remove unused selectors

* remove unncessary

---------

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
Co-authored-by: clairebontempo@gmail.com <clairebontempo@gmail.com>
Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com>
Co-authored-by: Angel Garbarino <angel@hashicorp.com>
2023-09-19 09:49:04 -06:00

280 lines
8.5 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import Model, { attr, belongsTo } from '@ember-data/model';
import { computed } from '@ember/object'; // eslint-disable-line
import { equal } from '@ember/object/computed'; // eslint-disable-line
import { withModelValidations } from 'vault/decorators/model-validations';
import { withExpandedAttributes } from 'vault/decorators/model-expanded-attributes';
import { supportedSecretBackends } from 'vault/helpers/supported-secret-backends';
import { isAddonEngine, allEngines } from 'vault/helpers/mountable-secret-engines';
const LINKED_BACKENDS = supportedSecretBackends();
// identity will be managed separately and the inclusion
// of the system backend is an implementation detail
const LIST_EXCLUDED_BACKENDS = ['system', 'identity'];
const validations = {
path: [
{ type: 'presence', message: "Path can't be blank." },
{
type: 'containsWhiteSpace',
message:
"Path contains whitespace. If this is desired, you'll need to encode it with %20 in API requests.",
level: 'warn',
},
],
maxVersions: [
{ type: 'number', message: 'Maximum versions must be a number.' },
{ type: 'length', options: { min: 1, max: 16 }, message: 'You cannot go over 16 characters.' },
],
};
@withModelValidations(validations)
@withExpandedAttributes()
export default class SecretEngineModel extends Model {
@attr('string') path;
@attr('string') type;
@attr('string', {
editType: 'textarea',
})
description;
@belongsTo('mount-config', { async: false, inverse: null }) config;
// Enterprise options (still available on OSS)
@attr('boolean', {
helpText:
'When Replication is enabled, a local mount will not be replicated across clusters. This can only be specified at mount time.',
})
local;
@attr('boolean', {
helpText:
'When enabled - if a seal supporting seal wrapping is specified in the configuration, all critical security parameters (CSPs) in this backend will be seal wrapped. (For K/V mounts, all values will be seal wrapped.) This can only be specified at mount time.',
})
sealWrap;
@attr('boolean') externalEntropyAccess;
// options.version
@attr('number', {
label: 'Version',
helpText:
'The KV Secrets Engine can operate in different modes. Version 1 is the original generic Secrets Engine the allows for storing of static key/value pairs. Version 2 added more features including data versioning, TTLs, and check and set.',
possibleValues: [2, 1],
// This shouldn't be defaultValue because if no version comes back from API we should assume it's v1
defaultFormValue: 2, // Set the form to 2 by default
})
version;
// SSH specific attributes
@attr('string') privateKey;
@attr('string') publicKey;
@attr('boolean', {
defaultValue: true,
})
generateSigningKey;
// AWS specific attributes
@attr('string') lease;
@attr('string') leaseMax;
// Returned from API response
@attr('string') accessor;
// KV 2 additional config default options
@attr('number', {
defaultValue: 0,
label: 'Maximum number of versions',
subText:
'The number of versions to keep per key. Once the number of keys exceeds the maximum number set here, the oldest version will be permanently deleted. This value applies to all keys, but a keys metadata settings can overwrite this value. When 0 is used or the value is unset, Vault will keep 10 versions.',
})
maxVersions;
@attr('boolean', {
defaultValue: false,
label: 'Require Check and Set',
subText:
'If checked, all keys will require the cas parameter to be set on all write requests. A keys metadata settings can overwrite this value.',
})
casRequired;
@attr({
defaultValue: 0,
editType: 'ttl',
label: 'Automate secret deletion',
helperTextDisabled: 'A secrets version must be manually deleted.',
helperTextEnabled: 'Delete all new versions of this secret after',
})
deleteVersionAfter;
/* GETTERS */
get isV2KV() {
return this.version === 2 && (this.engineType === 'kv' || this.engineType === 'generic');
}
get attrs() {
return this.formFields.map((fieldName) => {
return this.allByKey[fieldName];
});
}
get fieldGroups() {
return this._expandGroups(this.formFieldGroups);
}
get icon() {
const defaultIcon = this.engineType || 'secrets';
return (
{
keymgmt: 'key',
kmip: 'secrets',
ldap: 'folder-users',
}[this.engineType] || defaultIcon
);
}
get engineType() {
return (this.type || '').replace(/^ns_/, '');
}
get shouldIncludeInList() {
return !LIST_EXCLUDED_BACKENDS.includes(this.engineType);
}
get isSupportedBackend() {
return LINKED_BACKENDS.includes(this.engineType);
}
get backendLink() {
if (this.engineType === 'database') {
return 'vault.cluster.secrets.backend.overview';
}
if (isAddonEngine(this.engineType, this.version)) {
const { engineRoute } = allEngines().findBy('type', this.engineType);
return `vault.cluster.secrets.backend.${engineRoute}`;
}
return `vault.cluster.secrets.backend.list-root`;
}
get localDisplay() {
return this.local ? 'local' : 'replicated';
}
get formFields() {
const type = this.engineType;
const fields = ['type', 'path', 'description', 'accessor', 'local', 'sealWrap'];
// no ttl options for keymgmt
if (type !== 'keymgmt') {
fields.push('config.defaultLeaseTtl', 'config.maxLeaseTtl');
}
fields.push(
'config.allowedManagedKeys',
'config.auditNonHmacRequestKeys',
'config.auditNonHmacResponseKeys',
'config.passthroughRequestHeaders',
'config.allowedResponseHeaders'
);
if (type === 'kv' || type === 'generic') {
fields.push('version');
}
// version comes in as number not string
if (type === 'kv' && parseInt(this.version, 10) === 2) {
fields.push('casRequired', 'deleteVersionAfter', 'maxVersions');
}
return fields;
}
get formFieldGroups() {
let defaultFields = ['path'];
let optionFields;
const CORE_OPTIONS = ['description', 'config.listingVisibility', 'local', 'sealWrap'];
const STANDARD_CONFIG = [
'config.auditNonHmacRequestKeys',
'config.auditNonHmacResponseKeys',
'config.passthroughRequestHeaders',
'config.allowedResponseHeaders',
];
switch (this.engineType) {
case 'kv':
defaultFields = ['path', 'maxVersions', 'casRequired', 'deleteVersionAfter'];
optionFields = [
'version',
...CORE_OPTIONS,
'config.defaultLeaseTtl',
'config.maxLeaseTtl',
'config.allowedManagedKeys',
...STANDARD_CONFIG,
];
break;
case 'generic':
optionFields = [
'version',
...CORE_OPTIONS,
'config.defaultLeaseTtl',
'config.maxLeaseTtl',
'config.allowedManagedKeys',
...STANDARD_CONFIG,
];
break;
case 'database':
// Highlight TTLs in default
defaultFields = ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl'];
optionFields = [...CORE_OPTIONS, 'config.allowedManagedKeys', ...STANDARD_CONFIG];
break;
case 'pki':
defaultFields = ['path', 'config.defaultLeaseTtl', 'config.maxLeaseTtl', 'config.allowedManagedKeys'];
optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
break;
case 'keymgmt':
// no ttl options for keymgmt
optionFields = [...CORE_OPTIONS, 'config.allowedManagedKeys', ...STANDARD_CONFIG];
break;
default:
defaultFields = ['path'];
optionFields = [
...CORE_OPTIONS,
'config.defaultLeaseTtl',
'config.maxLeaseTtl',
'config.allowedManagedKeys',
...STANDARD_CONFIG,
];
break;
}
return [
{ default: defaultFields },
{
'Method Options': optionFields,
},
];
}
/* ACTIONS */
saveCA(options) {
if (this.type !== 'ssh') {
return;
}
if (options.isDelete) {
this.privateKey = null;
this.publicKey = null;
this.generateSigningKey = false;
}
return this.save({
adapterOptions: {
options: options,
apiPath: 'config/ca',
attrsToSend: ['privateKey', 'publicKey', 'generateSigningKey'],
},
});
}
saveZeroAddressConfig() {
return this.save({
adapterOptions: {
adapterMethod: 'saveZeroAddressConfig',
},
});
}
}
Reference in New Issue View Git Blame Copy Permalink