mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
3d461150b1
* add basic routes for secrets recovery * lint fix no index invocation * hide routes in production * update routes * add missing route js files * add comments and clean up * update tests
67 lines
2.1 KiB
JavaScript
67 lines
2.1 KiB
JavaScript
/**
|
|
* Copyright (c) HashiCorp, Inc.
|
|
* SPDX-License-Identifier: BUSL-1.1
|
|
*/
|
|
|
|
import Component from '@glimmer/component';
|
|
import { service } from '@ember/service';
|
|
import config from 'vault/config/environment';
|
|
|
|
export default class SidebarNavClusterComponent extends Component {
|
|
@service currentCluster;
|
|
@service flags;
|
|
@service version;
|
|
@service auth;
|
|
@service namespace;
|
|
@service permissions;
|
|
|
|
get cluster() {
|
|
return this.currentCluster.cluster;
|
|
}
|
|
|
|
get hasChrootNamespace() {
|
|
return this.cluster?.hasChrootNamespace;
|
|
}
|
|
|
|
get isRootNamespace() {
|
|
// should only return true if we're in the true root namespace
|
|
return this.namespace.inRootNamespace && !this.hasChrootNamespace;
|
|
}
|
|
|
|
get canAccessVaultUsageDashboard() {
|
|
/*
|
|
A user can access Vault Usage if they satisfy the following conditions:
|
|
1) They have access to sys/v1/utilization-report endpoint
|
|
2) They are either
|
|
a) enterprise cluster and root namespace
|
|
b) hvd cluster and /admin namespace
|
|
*/
|
|
|
|
const hasPermission = this.permissions.hasNavPermission('monitoring');
|
|
const isEnterprise = this.version.isEnterprise;
|
|
const isCorrectNamespace = this.isRootNamespace || this.namespace.inHvdAdminNamespace;
|
|
|
|
return hasPermission && isEnterprise && isCorrectNamespace;
|
|
}
|
|
|
|
get showSecretsSync() {
|
|
// always show for HVD managed clusters
|
|
if (this.flags.isHvdManaged) return true;
|
|
|
|
if (this.flags.secretsSyncIsActivated) {
|
|
// activating the feature requires different permissions than using the feature.
|
|
// we want to show the link to allow activation regardless of permissions to sys/sync
|
|
// and only check permissions if the feature has been activated
|
|
return this.permissions.hasNavPermission('sync');
|
|
}
|
|
|
|
// otherwise we show the link depending on whether or not the feature exists
|
|
return this.version.hasSecretsSync;
|
|
}
|
|
|
|
// TODO remove conditional once further feature work for single item recovery for release 1.21 is completed
|
|
get isNotProduction() {
|
|
return config.environment !== 'production';
|
|
}
|
|
}
|