169 lines
4.3 KiB
JavaScript
169 lines
4.3 KiB
JavaScript
import { Factory } from 'ember-cli-mirage';
|
|
import faker from 'nomad-ui/mirage/faker';
|
|
|
|
export default Factory.extend({
|
|
id: () => faker.random.uuid(),
|
|
accessorId() {
|
|
return this.id;
|
|
},
|
|
secretId: () => faker.random.uuid(),
|
|
name: (i) => `${i === 0 ? 'Manager ' : ''}${faker.name.findName()}`,
|
|
global: () => faker.random.boolean(),
|
|
type: (i) => (i === 0 ? 'management' : 'client'),
|
|
|
|
oneTimeSecret: () => faker.random.uuid(),
|
|
|
|
afterCreate(token, server) {
|
|
const policyIds = Array(faker.random.number({ min: 1, max: 5 }))
|
|
.fill(0)
|
|
.map(() => faker.hacker.verb())
|
|
.uniq();
|
|
|
|
policyIds.forEach((policy) => {
|
|
const dbPolicy = server.db.policies.find(policy);
|
|
if (!dbPolicy) {
|
|
server.create('policy', { id: policy });
|
|
}
|
|
});
|
|
|
|
token.update({ policyIds });
|
|
|
|
// Create a special policy with variables rules in place
|
|
if (token.id === '53cur3-v4r14bl35') {
|
|
const variableMakerPolicy = {
|
|
id: 'Variable Maker',
|
|
rules: `
|
|
# Allow read only access to the default namespace
|
|
namespace "*" {
|
|
policy = "read"
|
|
capabilities = ["list-jobs", "alloc-exec", "read-logs"]
|
|
variables {
|
|
# Base access is to all abilities for all variables
|
|
path "*" {
|
|
capabilities = ["list", "read", "destroy", "create"]
|
|
}
|
|
}
|
|
}
|
|
|
|
node {
|
|
policy = "read"
|
|
}
|
|
`,
|
|
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: '*',
|
|
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
|
|
Variables: {
|
|
Paths: [
|
|
{
|
|
Capabilities: ['write', 'read', 'destroy', 'list'],
|
|
PathSpec: '*',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
},
|
|
};
|
|
server.create('policy', variableMakerPolicy);
|
|
token.policyIds.push(variableMakerPolicy.id);
|
|
}
|
|
if (token.id === 'f3w3r-53cur3-v4r14bl35') {
|
|
const variableViewerPolicy = {
|
|
id: 'Variable Viewer',
|
|
rules: `
|
|
# Allow read only access to the default namespace
|
|
namespace "*" {
|
|
policy = "read"
|
|
capabilities = ["list-jobs", "alloc-exec", "read-logs"]
|
|
variables {
|
|
# Base access is to all abilities for all variables
|
|
path "*" {
|
|
capabilities = ["list"]
|
|
}
|
|
}
|
|
}
|
|
|
|
namespace "namespace-1" {
|
|
policy = "read"
|
|
capabilities = ["list-jobs", "alloc-exec", "read-logs"]
|
|
variables {
|
|
# Base access is to all abilities for all variables
|
|
path "*" {
|
|
capabilities = ["list", "read", "destroy", "create"]
|
|
}
|
|
}
|
|
}
|
|
|
|
namespace "namespace-2" {
|
|
policy = "read"
|
|
capabilities = ["list-jobs", "alloc-exec", "read-logs"]
|
|
variables {
|
|
# Base access is to all abilities for all variables
|
|
path "blue/*" {
|
|
capabilities = ["list", "read", "destroy", "create"]
|
|
}
|
|
path "nomad/jobs/*" {
|
|
capabilities = ["list", "read", "create"]
|
|
}
|
|
}
|
|
}
|
|
|
|
node {
|
|
policy = "read"
|
|
}
|
|
`,
|
|
|
|
rulesJSON: {
|
|
Namespaces: [
|
|
{
|
|
Name: '*',
|
|
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
|
|
Variables: {
|
|
Paths: [
|
|
{
|
|
Capabilities: ['list'],
|
|
PathSpec: '*',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
{
|
|
Name: 'namespace-1',
|
|
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
|
|
Variables: {
|
|
Paths: [
|
|
{
|
|
Capabilities: ['list', 'read', 'destroy', 'create'],
|
|
PathSpec: '*',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
{
|
|
Name: 'namespace-2',
|
|
Capabilities: ['list-jobs', 'alloc-exec', 'read-logs'],
|
|
Variables: {
|
|
Paths: [
|
|
{
|
|
Capabilities: ['list', 'read', 'destroy', 'create'],
|
|
PathSpec: 'blue/*',
|
|
},
|
|
{
|
|
Capabilities: ['list', 'read', 'create'],
|
|
PathSpec: 'nomad/jobs/*',
|
|
},
|
|
],
|
|
},
|
|
},
|
|
],
|
|
},
|
|
};
|
|
server.create('policy', variableViewerPolicy);
|
|
token.policyIds.push(variableViewerPolicy.id);
|
|
}
|
|
},
|
|
});
|