mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 19:17:02 +02:00
Code Issues Projects Releases Wiki Activity
bc69ef899a
vault/ui/tests/helpers/policy-generator/kv.js
Chelsea Shaw 9b149c546f
UI: kv-v2 delete workflow tests (#22565)
2023-08-25 23:28:30 +00:00

83 lines
2.3 KiB
JavaScript
Raw Blame History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
const root = ['create', 'read', 'update', 'delete', 'list'];
// returns a string with each capability wrapped in double quotes => ["create", "read"]
const format = (array) => array.map((c) => `"${c}"`).join(', ');
export const adminPolicy = (backend) => {
return `
path "${backend}/*" {
capabilities = [${format(root)}]
},
`;
};
export const dataPolicy = ({ backend, secretPath = '*', capabilities = root }) => {
// "delete" capability on this path can delete latest version
return `
path "${backend}/data/${secretPath}" {
capabilities = [${format(capabilities)}]
}
`;
};
export const metadataPolicy = ({ backend, secretPath = '*', capabilities = root }) => {
// "delete" capability on this path can destroy all versions
return `
path "${backend}/metadata/${secretPath}" {
capabilities = [${format(capabilities)}]
}
`;
};
export const metadataListPolicy = (backend) => {
return `
path "${backend}/metadata" {
capabilities = ["list"]
}
`;
};
export const deleteVersionsPolicy = ({ backend, secretPath = '*' }) => {
return `
path "${backend}/delete/${secretPath}" {
capabilities = ["update"]
}
`;
};
export const undeleteVersionsPolicy = ({ backend, secretPath = '*' }) => {
return `
path "${backend}/undelete/${secretPath}" {
capabilities = ["update"]
}
`;
};
export const destroyVersionsPolicy = ({ backend, secretPath = '*' }) => {
return `
path "${backend}/destroy/${secretPath}" {
capabilities = ["update"]
}
`;
};
// Personas for reuse in workflow tests
export const personas = {
admin: (backend) => adminPolicy(backend),
dataReader: (backend) => dataPolicy({ backend, capabilities: ['read'] }),
dataListReader: (backend) =>
dataPolicy({ backend, capabilities: ['read', 'delete'] }) + metadataListPolicy(backend),
metadataMaintainer: (backend) =>
metadataListPolicy(backend) +
metadataPolicy({ backend, capabilities: ['create', 'read', 'update', 'list'] }) +
deleteVersionsPolicy({ backend }) +
undeleteVersionsPolicy({ backend }) +
destroyVersionsPolicy({ backend }),
secretCreator: (backend) =>
dataPolicy({ backend, capabilities: ['create', 'update'] }) +
metadataPolicy({ backend, capabilities: ['delete'] }),
};
Reference in New Issue View Git Blame Copy Permalink