open-nomad/ui/app/abilities/abstract.js

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

132 lines
3.8 KiB
JavaScript
Raw Normal View History

/**
* Copyright (c) HashiCorp, Inc.
* SPDX-License-Identifier: MPL-2.0
*/
import { Ability } from 'ember-can';
import { inject as service } from '@ember/service';
import { computed, get } from '@ember/object';
import { equal, not } from '@ember/object/computed';
import classic from 'ember-classic-decorator';
@classic
export default class Abstract extends Ability {
@service system;
@service token;
@not('token.aclEnabled') bypassAuthorization;
@equal('token.selfToken.type', 'management') selfTokenIsManagement;
// Pass in a namespace to `can` or `cannot` calls to override
// https://github.com/minutebase/ember-can#additional-attributes
namespace = 'default';
get _namespace() {
if (!this.namespace) return 'default';
if (typeof this.namespace === 'string') return this.namespace;
return get(this.namespace, 'name');
}
@computed('_namespace', 'token.selfTokenPolicies.[]')
get rulesForNamespace() {
let namespace = this._namespace;
2021-12-28 16:08:12 +00:00
return (this.get('token.selfTokenPolicies') || [])
.toArray()
.reduce((rules, policy) => {
let policyNamespaces = get(policy, 'rulesJSON.Namespaces') || [];
let matchingNamespace = this._findMatchingNamespace(
policyNamespaces,
namespace
);
if (matchingNamespace) {
rules.push(
policyNamespaces.find(
(namespace) => namespace.Name === matchingNamespace
)
);
}
2021-12-28 16:08:12 +00:00
return rules;
}, []);
}
@computed('token.selfTokenPolicies.[]')
get capabilitiesForAllNamespaces() {
return (this.get('token.selfTokenPolicies') || [])
.toArray()
.reduce((allCapabilities, policy) => {
2021-12-28 16:08:12 +00:00
(get(policy, 'rulesJSON.Namespaces') || []).forEach(
({ Capabilities }) => {
allCapabilities = allCapabilities.concat(Capabilities);
}
);
return allCapabilities;
}, []);
}
namespaceIncludesCapability(capability) {
2021-12-28 14:45:20 +00:00
return this.rulesForNamespace.some((rules) => {
2020-06-18 05:44:35 +00:00
let capabilities = get(rules, 'Capabilities') || [];
return capabilities.includes(capability);
});
}
@computed('system.features.[]')
get features() {
return this.system.features;
}
featureIsPresent(featureName) {
return this.features.includes(featureName);
}
// Chooses the closest namespace as described at the bottom here:
2020-11-04 23:23:47 +00:00
// https://learn.hashicorp.com/tutorials/nomad/access-control-policies?in=nomad/access-control#namespace-rules
_findMatchingNamespace(policyNamespaces, namespace) {
let namespaceNames = policyNamespaces.mapBy('Name');
if (namespaceNames.includes(namespace)) {
return namespace;
}
2021-12-28 16:08:12 +00:00
let globNamespaceNames = namespaceNames.filter((namespaceName) =>
namespaceName.includes('*')
);
let matchingNamespaceName = globNamespaceNames.reduce(
(mostMatching, namespaceName) => {
// Convert * wildcards to .* for regex matching
2021-12-28 16:08:12 +00:00
let namespaceNameRegExp = new RegExp(
namespaceName.replace(/\*/g, '.*')
);
let characterDifference = namespace.length - namespaceName.length;
if (
characterDifference < mostMatching.mostMatchingCharacterDifference &&
namespace.match(namespaceNameRegExp)
) {
return {
mostMatchingNamespaceName: namespaceName,
mostMatchingCharacterDifference: characterDifference,
};
} else {
return mostMatching;
}
},
2021-12-28 16:08:12 +00:00
{
mostMatchingNamespaceName: null,
mostMatchingCharacterDifference: Number.MAX_SAFE_INTEGER,
}
).mostMatchingNamespaceName;
if (matchingNamespaceName) {
return matchingNamespaceName;
} else if (namespaceNames.includes('default')) {
return 'default';
}
}
}