mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 11:37:04 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
135 lines
4.0 KiB
JavaScript
135 lines
4.0 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import TransformBase, { addToList, removeFromList } from './transform-edit-base';
|
|
import { inject as service } from '@ember/service';
|
|
|
|
export default TransformBase.extend({
|
|
flashMessages: service(),
|
|
store: service(),
|
|
initialRoles: null,
|
|
|
|
init() {
|
|
this._super(...arguments);
|
|
if (!this.model) return;
|
|
this.set('initialRoles', this.model.allowed_roles);
|
|
},
|
|
|
|
updateOrCreateRole(role, transformationId, backend) {
|
|
return this.store
|
|
.queryRecord('transform/role', {
|
|
backend,
|
|
id: role.id,
|
|
})
|
|
.then((roleStore) => {
|
|
let transformations = roleStore.transformations;
|
|
if (role.action === 'ADD') {
|
|
transformations = addToList(transformations, transformationId);
|
|
} else if (role.action === 'REMOVE') {
|
|
transformations = removeFromList(transformations, transformationId);
|
|
}
|
|
roleStore.setProperties({
|
|
backend,
|
|
transformations,
|
|
});
|
|
return roleStore.save().catch((e) => {
|
|
return {
|
|
errorStatus: e.httpStatus,
|
|
...role,
|
|
};
|
|
});
|
|
})
|
|
.catch((e) => {
|
|
if (e.httpStatus !== 403 && role.action === 'ADD') {
|
|
// If role doesn't yet exist, create it with this transformation attached
|
|
var newRole = this.store.createRecord('transform/role', {
|
|
id: role.id,
|
|
name: role.id,
|
|
transformations: [transformationId],
|
|
backend,
|
|
});
|
|
return newRole.save().catch((e) => {
|
|
return {
|
|
errorStatus: e.httpStatus,
|
|
...role,
|
|
action: 'CREATE',
|
|
};
|
|
});
|
|
}
|
|
|
|
return {
|
|
...role,
|
|
errorStatus: e.httpStatus,
|
|
};
|
|
});
|
|
},
|
|
|
|
handleUpdateRoles(updateRoles, transformationId) {
|
|
if (!updateRoles) return;
|
|
const backend = this.model.backend;
|
|
const promises = updateRoles.map((r) => this.updateOrCreateRole(r, transformationId, backend));
|
|
|
|
Promise.all(promises).then((results) => {
|
|
const hasError = results.find((role) => !!role.errorStatus);
|
|
|
|
if (hasError) {
|
|
let message =
|
|
'The edits to this transformation were successful, but transformations for its roles was not edited due to a lack of permissions.';
|
|
if (results.find((e) => !!e.errorStatus && e.errorStatus !== 403)) {
|
|
// if the errors weren't all due to permissions show generic message
|
|
// eg. trying to update a role with empty array as transformations
|
|
message = `You've edited the allowed_roles for this transformation. However, the corresponding edits to some roles' transformations were not made`;
|
|
}
|
|
this.flashMessages.info(message, {
|
|
sticky: true,
|
|
priority: 300,
|
|
});
|
|
}
|
|
});
|
|
},
|
|
|
|
isWildcard(role) {
|
|
if (typeof role === 'string') {
|
|
return role.indexOf('*') >= 0;
|
|
}
|
|
if (role && role.id) {
|
|
return role.id.indexOf('*') >= 0;
|
|
}
|
|
return false;
|
|
},
|
|
|
|
actions: {
|
|
createOrUpdate(type, event) {
|
|
event.preventDefault();
|
|
|
|
this.applyChanges('save', () => {
|
|
const transformationId = this.model.id || this.model.name;
|
|
const newModelRoles = this.model.allowed_roles || [];
|
|
const initialRoles = this.initialRoles || [];
|
|
|
|
const updateRoles = [...newModelRoles, ...initialRoles]
|
|
.filter((r) => !this.isWildcard(r)) // CBS TODO: expand wildcards into included roles instead
|
|
.map((role) => {
|
|
if (initialRoles.indexOf(role) < 0) {
|
|
return {
|
|
id: role,
|
|
action: 'ADD',
|
|
};
|
|
}
|
|
if (newModelRoles.indexOf(role) < 0) {
|
|
return {
|
|
id: role,
|
|
action: 'REMOVE',
|
|
};
|
|
}
|
|
return null;
|
|
})
|
|
.filter((r) => !!r);
|
|
this.handleUpdateRoles(updateRoles, transformationId);
|
|
});
|
|
},
|
|
},
|
|
});
|