mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-16 03:27:01 +02:00
0b12cdcfd1
* Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License. Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUS-1.1 * Fix test that expected exact offset on hcl file --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com> Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
164 lines
5.4 KiB
JavaScript
164 lines
5.4 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import Model, { attr } from '@ember-data/model';
|
|
import { alias } from '@ember/object/computed';
|
|
import { computed } from '@ember/object';
|
|
import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';
|
|
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
|
|
|
|
// these arrays define the order in which the fields will be displayed
|
|
// see
|
|
// https://github.com/hashicorp/vault/blob/main/builtin/logical/ssh/path_roles.go#L542 for list of fields for each key type
|
|
const OTP_FIELDS = [
|
|
'name',
|
|
'keyType',
|
|
'defaultUser',
|
|
'adminUser',
|
|
'port',
|
|
'allowedUsers',
|
|
'cidrList',
|
|
'excludeCidrList',
|
|
];
|
|
const CA_FIELDS = [
|
|
'name',
|
|
'keyType',
|
|
'allowUserCertificates',
|
|
'allowHostCertificates',
|
|
'defaultUser',
|
|
'allowedUsers',
|
|
'allowedUsersTemplate',
|
|
'allowedDomains',
|
|
'ttl',
|
|
'maxTtl',
|
|
'allowedCriticalOptions',
|
|
'defaultCriticalOptions',
|
|
'allowedExtensions',
|
|
'defaultExtensions',
|
|
'allowBareDomains',
|
|
'allowSubdomains',
|
|
'allowUserKeyIds',
|
|
'keyIdFormat',
|
|
'notBeforeDuration',
|
|
'algorithmSigner',
|
|
];
|
|
|
|
export default Model.extend({
|
|
useOpenAPI: true,
|
|
getHelpUrl: function (backend) {
|
|
return `/v1/${backend}/roles/example?help=1`;
|
|
},
|
|
zeroAddress: attr('boolean', {
|
|
readOnly: true,
|
|
}),
|
|
backend: attr('string', {
|
|
readOnly: true,
|
|
}),
|
|
name: attr('string', {
|
|
label: 'Role Name',
|
|
fieldValue: 'name',
|
|
readOnly: true,
|
|
}),
|
|
keyType: attr('string', {
|
|
possibleValues: ['ca', 'otp'], //overriding the API which also lists 'dynamic' as a type though it is deprecated
|
|
}),
|
|
adminUser: attr('string', {
|
|
helpText: 'Username of the admin user at the remote host',
|
|
}),
|
|
defaultUser: attr('string', {
|
|
helpText: "Username to use when one isn't specified",
|
|
}),
|
|
allowedUsers: attr('string', {
|
|
helpText:
|
|
'Create a list of users who are allowed to use this key (e.g. `admin, dev`, or use `*` to allow all.)',
|
|
}),
|
|
allowedUsersTemplate: attr('boolean', {
|
|
helpText:
|
|
'Specifies that Allowed users can be templated e.g. {{identity.entity.aliases.mount_accessor_xyz.name}}',
|
|
}),
|
|
allowedDomains: attr('string', {
|
|
helpText:
|
|
'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
|
|
}),
|
|
cidrList: attr('string', {
|
|
helpText: 'List of CIDR blocks for which this role is applicable',
|
|
}),
|
|
excludeCidrList: attr('string', {
|
|
helpText: 'List of CIDR blocks that are not accepted by this role',
|
|
}),
|
|
port: attr('number', {
|
|
helpText: 'Port number for the SSH connection (default is `22`)',
|
|
}),
|
|
allowedCriticalOptions: attr('string', {
|
|
helpText: 'List of critical options that certificates have when signed',
|
|
}),
|
|
defaultCriticalOptions: attr('object', {
|
|
helpText: 'Map of critical options certificates should have if none are provided when signing',
|
|
}),
|
|
allowedExtensions: attr('string', {
|
|
helpText: 'List of extensions that certificates can have when signed',
|
|
}),
|
|
defaultExtensions: attr('object', {
|
|
helpText: 'Map of extensions certificates should have if none are provided when signing',
|
|
}),
|
|
allowUserCertificates: attr('boolean', {
|
|
helpText: 'Specifies if certificates are allowed to be signed for us as a user',
|
|
}),
|
|
allowHostCertificates: attr('boolean', {
|
|
helpText: 'Specifies if certificates are allowed to be signed for us as a host',
|
|
}),
|
|
allowBareDomains: attr('boolean', {
|
|
helpText:
|
|
'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
|
|
}),
|
|
allowSubdomains: attr('boolean', {
|
|
helpText:
|
|
'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
|
|
}),
|
|
allowUserKeyIds: attr('boolean', {
|
|
helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
|
|
}),
|
|
keyIdFormat: attr('string', {
|
|
helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
|
|
}),
|
|
algorithmSigner: attr('string', {
|
|
helpText: 'When supplied, this value specifies a signing algorithm for the key',
|
|
possibleValues: ['default', 'ssh-rsa', 'rsa-sha2-256', 'rsa-sha2-512'],
|
|
}),
|
|
|
|
showFields: computed('keyType', function () {
|
|
const keyType = this.keyType;
|
|
const keys = keyType === 'ca' ? CA_FIELDS.slice(0) : OTP_FIELDS.slice(0);
|
|
return expandAttributeMeta(this, keys);
|
|
}),
|
|
|
|
fieldGroups: computed('keyType', function () {
|
|
const numRequired = this.keyType === 'otp' ? 3 : 4;
|
|
const fields = this.keyType === 'otp' ? [...OTP_FIELDS] : [...CA_FIELDS];
|
|
const defaultFields = fields.splice(0, numRequired);
|
|
const groups = [
|
|
{ default: defaultFields },
|
|
{
|
|
Options: [...fields],
|
|
},
|
|
];
|
|
return fieldToAttrs(this, groups);
|
|
}),
|
|
|
|
updatePath: lazyCapabilities(apiPath`${'backend'}/roles/${'id'}`, 'backend', 'id'),
|
|
canDelete: alias('updatePath.canDelete'),
|
|
canEdit: alias('updatePath.canUpdate'),
|
|
canRead: alias('updatePath.canRead'),
|
|
|
|
generatePath: lazyCapabilities(apiPath`${'backend'}/creds/${'id'}`, 'backend', 'id'),
|
|
canGenerate: alias('generatePath.canUpdate'),
|
|
|
|
signPath: lazyCapabilities(apiPath`${'backend'}/sign/${'id'}`, 'backend', 'id'),
|
|
canSign: alias('signPath.canUpdate'),
|
|
|
|
zeroAddressPath: lazyCapabilities(apiPath`${'backend'}/config/zeroaddress`, 'backend'),
|
|
canEditZeroAddress: alias('zeroAddressPath.canUpdate'),
|
|
});
|