mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-09-19 12:51:08 +02:00
Code Issues Projects Releases Wiki Activity
vault/ui/app/models/azure/config.js
Angel Garbarino 2631ae67d4
Allow Configuration of Azure Secret Engine, including WIF for enterprise users (#29047) 
* transfer over all changes from original pr

* changelog

* add serialize catch for no empty string environment

* move ttl format logic to parent route

* Update 29047.txt

* clean up some comments

* Update changelog/29047.txt

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>

* Update changelog/29047.txt

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>

* Update ui/app/components/secret-engine/configure-azure.hbs

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>

* first round of addressing pr comments, holding off on the issue save flow for error messaging to keep separate

* Update CODEOWNERS

merge issue

* small clean up tasks

* updates

* test coverage

* small cleanup

* small clean up

* clean up

* clean up getters on model

---------

Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
2024-12-18 16:28:07 -07:00

109 lines
3.6 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: BUSL-1.1
*/
import Model, { attr } from '@ember-data/model';
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
// Note: while the API docs indicate subscriptionId and tenantId are required, the UI does not enforce this because the user may pass these values in as environment variables.
// https://developer.hashicorp.com/vault/api-docs/secret/azure#configure-access
export default class AzureConfig extends Model {
@attr('string') backend; // dynamic path of secret -- set on response from value passed to queryRecord
@attr('string', { label: 'Subscription ID' }) subscriptionId;
@attr('string', { label: 'Tenant ID' }) tenantId;
@attr('string', { label: 'Client ID' }) clientId;
@attr('string', { sensitive: true }) clientSecret; // obfuscated, never returned by API
@attr('string') environment;
@attr('string', {
subText:
'The audience claim value for plugin identity tokens. Must match an allowed audience configured for the target IAM OIDC identity provider.',
})
identityTokenAudience;
@attr({
label: 'Identity token TTL',
helperTextDisabled:
'The TTL of generated tokens. Defaults to 1 hour, turn on the toggle to specify a different value.',
helperTextEnabled: 'The TTL of generated tokens.',
editType: 'ttl',
})
identityTokenTtl;
@attr({
label: 'Root password TTL',
editType: 'ttl',
helperTextDisabled:
'Specifies how long the root password is valid for in Azure when rotate-root generates a new client secret. Defaults to 182 days or 6 months, 1 day and 13 hours.',
})
rootPasswordTtl;
configurableParams = [
'subscriptionId',
'tenantId',
'clientId',
'clientSecret',
'identityTokenAudience',
'identityTokenTtl',
'rootPasswordTtl',
'environment',
];
/* GETTERS used by configure-azure component
these getters help:
1. determine if the model is new or existing
2. if wif or azure attributes have been configured
*/
get isConfigured() {
// if every value is falsy, this engine has not been configured yet
return !this.configurableParams.every((param) => !this[param]);
}
get isWifPluginConfigured() {
return !!this.identityTokenAudience || !!this.identityTokenTtl;
}
get isAzureAccountConfigured() {
// clientSecret is not checked here because it's never return by the API
// however it is an Azure account field
return !!this.rootPasswordTtl;
}
/* GETTERS used to generate array of fields to be displayed in:
1. details view
2. edit/create view
*/
get displayAttrs() {
const formFields = expandAttributeMeta(this, this.configurableParams);
return formFields.filter((attr) => attr.name !== 'clientSecret');
}
// "filedGroupsWif" and "fieldGroupsAzure" are passed to the FormFieldGroups component to determine which group to show in the form (ex: @groupName="fieldGroupsWif")
get fieldGroupsWif() {
return fieldToAttrs(this, this.formFieldGroups('wif'));
}
get fieldGroupsAzure() {
return fieldToAttrs(this, this.formFieldGroups('azure'));
}
formFieldGroups(accessType = 'azure') {
const formFieldGroups = [];
formFieldGroups.push({
default: ['subscriptionId', 'tenantId', 'clientId', 'environment'],
});
if (accessType === 'wif') {
formFieldGroups.push({
default: ['identityTokenAudience', 'identityTokenTtl'],
});
}
if (accessType === 'azure') {
formFieldGroups.push({
default: ['clientSecret', 'rootPasswordTtl'],
});
}
return formFieldGroups;
}
}
Reference in New Issue View Git Blame Copy Permalink