mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-19 13:41:10 +02:00
3abca46464
* manual cherry pick to deal with all the merge things * changelog * test fixes * Update 28148.txt * fix tests failures after main merge * fix test failures after main merge * Add Access Type and conditionally render WIF fields (#28149) * initial work. * remove access_type * better no model logic well kind of * rollback attrs * remove defaults * stopping point * wip changing back to sidebranch * hustling shuffling and serializing * some of the component test coverage * disable acces type if editing * test coverage * hide max retries that sneaky bugger * cleanup * cleanup * Update root-config.js * remove flash message check, locally passes great but on ci flaky * clean up * thank you chelsea * test clean up per enterprise vs community * address pr comments * welp a miss add * UI (sidebranch) WIF Issuer field (#28187) * Add type declaration files for aws config models * use updated task syntax for save method on configure-aws * fix types on edit route * fetch issuer on configure edit page if aws + enterprise * track issuer within configure-aws component * add placeholder support on form-field * Add warning if issuer changed from previous value or could not be read * cleanup * preliminary tests * dont use while loop so we can test the modal * tests * cleanup * fix tests * remove extra tracked value and duplicate changed attrs check * modal footer --------- Co-authored-by: Angel Garbarino <argarbarino@gmail.com> * Display issuer on Configuration details (#28209) * display issuer on configuration details * workflow complete, now on to testing * handle issuer things * fix all the broken tests things * add test coveragE: * cleanup * rename model/adapter * Update configure-aws.ts * Update aws-configuration-test.js * 90 percent there for pr comments * last one for tonight * a few more because why not * hasDirtyAttributes fixes * revert back to previous noRead->queryIssuerError --------- Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>
91 lines
2.8 KiB
JavaScript
91 lines
2.8 KiB
JavaScript
/**
|
||
* Copyright (c) HashiCorp, Inc.
|
||
* SPDX-License-Identifier: BUSL-1.1
|
||
*/
|
||
|
||
import Model, { attr } from '@ember-data/model';
|
||
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
|
||
import { regions } from 'vault/helpers/aws-regions';
|
||
|
||
export default class AwsRootConfig extends Model {
|
||
@attr('string') backend; // dynamic path of secret -- set on response from value passed to queryRecord
|
||
|
||
// IAM only fields
|
||
@attr('string') accessKey;
|
||
@attr('string', { sensitive: true }) secretKey; // obfuscated, never returned by API
|
||
|
||
// WIF only fields
|
||
@attr('string', {
|
||
label: 'Role ARN',
|
||
subText: 'Role ARN to assume for plugin workload identity federation.',
|
||
})
|
||
roleArn;
|
||
@attr('string', {
|
||
subText:
|
||
'The audience claim value for plugin identity tokens. Must match an allowed audience configured for the target IAM OIDC identity provider.',
|
||
})
|
||
identityTokenAudience;
|
||
@attr({
|
||
label: 'Identity token TTL',
|
||
helperTextDisabled:
|
||
'The TTL of generated tokens. Defaults to 1 hour, turn on the toggle to specify a different value.',
|
||
helperTextEnabled: 'The TTL of generated tokens.',
|
||
subText: '',
|
||
editType: 'ttl',
|
||
})
|
||
identityTokenTtl;
|
||
|
||
// Fields that show regardless of access type
|
||
@attr('string', {
|
||
possibleValues: regions(),
|
||
subText:
|
||
'Specifies the AWS region. If not set it will use the AWS_REGION env var, AWS_DEFAULT_REGION env var, or us-east-1 in that order.',
|
||
})
|
||
region;
|
||
@attr('string', { label: 'IAM endpoint' })
|
||
iamEndpoint;
|
||
@attr('string', { label: 'STS endpoint' }) stsEndpoint;
|
||
@attr('number', {
|
||
label: 'Maximum retries',
|
||
subText: 'Number of max retries the client should use for recoverable errors. Default is -1.',
|
||
})
|
||
maxRetries;
|
||
|
||
get attrs() {
|
||
const keys = [
|
||
'roleArn',
|
||
'identityTokenAudience',
|
||
'identityTokenTtl',
|
||
'accessKey',
|
||
'region',
|
||
'iamEndpoint',
|
||
'stsEndpoint',
|
||
'maxRetries',
|
||
];
|
||
return expandAttributeMeta(this, keys);
|
||
}
|
||
|
||
// "filedGroupsWif" and "fieldGroupsIam" are passed to the FormFieldGroups component to determine which group to show in the form (ex: @groupName="fieldGroupsWif")
|
||
get fieldGroupsWif() {
|
||
return fieldToAttrs(this, this.formFieldGroups('wif'));
|
||
}
|
||
|
||
get fieldGroupsIam() {
|
||
return fieldToAttrs(this, this.formFieldGroups('iam'));
|
||
}
|
||
|
||
formFieldGroups(accessType = 'iam') {
|
||
const formFieldGroups = [];
|
||
if (accessType === 'wif') {
|
||
formFieldGroups.push({ default: ['roleArn', 'identityTokenAudience', 'identityTokenTtl'] });
|
||
}
|
||
if (accessType === 'iam') {
|
||
formFieldGroups.push({ default: ['accessKey', 'secretKey'] });
|
||
}
|
||
formFieldGroups.push({
|
||
'Root config options': ['region', 'iamEndpoint', 'stsEndpoint', 'maxRetries'],
|
||
});
|
||
return formFieldGroups;
|
||
}
|
||
}
|