open-vault/ui/app/components/modal-form/policy-template.js

/**
 * Copyright (c) HashiCorp, Inc.
 * SPDX-License-Identifier: MPL-2.0
 */

import Component from '@glimmer/component';
import { action } from '@ember/object';
import { inject as service } from '@ember/service';
import { tracked } from '@glimmer/tracking';

/**
 * @module ModalForm::PolicyTemplate
 * ModalForm::PolicyTemplate components are meant to render within a modal for creating a new policy of unknown type.
 *
 * @example
 *  <ModalForm::PolicyTemplate
 *    @nameInput="new-item-name"
 *    @onSave={{this.closeModal}}
 *    @onCancel={{this.closeModal}}
 *  />
 * ```
 * @callback onCancel - callback triggered when cancel button is clicked
 * @callback onSave - callback triggered when save button is clicked
 * @param {string} nameInput - the name of the newly created policy
 */

export default class PolicyTemplate extends Component {
  @service store;
  @service version;

  @tracked policy = null; // model record passed to policy-form
  @tracked showExamplePolicy = false;

  get policyOptions() {
    return [
      { label: 'ACL Policy', value: 'acl', isDisabled: false },
      { label: 'Role Governing Policy', value: 'rgp', isDisabled: !this.version.hasSentinel },
    ];
  }
  // formatting here is purposeful so that whitespace renders correctly in JsonEditor
  policyTemplates = {
    acl: `
# Grant 'create', 'read' , 'update', and ‘list’ permission
# to paths prefixed by 'secret/*'
path "secret/*" {
  capabilities = [ "create", "read", "update", "list" ]
}

# Even though we allowed secret/*, this line explicitly denies
# secret/super-secret. This takes precedence.
path "secret/super-secret" {
  capabilities = ["deny"]
}
`,
    rgp: `
# Import strings library that exposes common string operations
import "strings"

# Conditional rule (precond) checks the incoming request endpoint
# targeted to sys/policies/acl/admin
precond = rule {
    strings.has_prefix(request.path, "sys/policies/admin")
}

# Vault checks to see if the request was made by an entity
# named James Thomas or Team Lead role defined as its metadata
main = rule when precond {
    identity.entity.metadata.role is "Team Lead" or
      identity.entity.name is "James Thomas"
}
`,
  };

  @action
  setPolicyType(type) {
    if (this.policy) this.policy.unloadRecord(); // if user selects a different type, clear from store before creating a new record
    // Create form model once type is chosen
    this.policy = this.store.createRecord(`policy/${type}`, { name: this.args.nameInput });
  }

  @action
  onSave(policyModel) {
    this.args.onSave(policyModel);
    // Reset component policy for next use
    this.policy = null;
  }
}
-												adding copyright header (#19555)

* adding copyright header

* fix fmt and a test

											
										
										
											2023-03-15 16:00:52 +00:00
+								/**
 								 * Copyright (c) HashiCorp, Inc.
 								 * SPDX-License-Identifier: MPL-2.0
 								 */
-												UI: Implement new policy SS + modal designs (#17749)

* refactor ss+modal to accept multiple models

* create policy form

* cleanup and fix test

* add tabs to policy modal form

* add search select with modal to entity form

* update group form;

* allow modal to fit-content

* add changelog

* add check for policy create ability

* add id so tests pass

* filter out root option

* fix test

* add cleanup method

* add ACL policy link

* cleanup from comments

* refactor sending action to parent

* refactor, data down actions up!

* cleanup comments

* form field refactor

* add ternary to options

* update tests

* Remodel component structure for clearer logic

Includes fixing the wizard

* address comments

* cleanup args

* refactor inline oidc assignment form

* add line break

* cleanup comments

* fix tests

* add policy template to ss+modal test

* cleanup =true from test

* final cleanup!!!!!!

* actual final cleanup

* fix typo, please be done

Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com>

											
										
										
											2022-11-19 01:29:04 +00:00
+								import Component from '@glimmer/component';
 								import { action } from '@ember/object';
 								import { inject as service } from '@ember/service';
 								import { tracked } from '@glimmer/tracking';
 								/**
 								 * @module ModalForm::PolicyTemplate
 								 * ModalForm::PolicyTemplate components are meant to render within a modal for creating a new policy of unknown type.
 								 *
 								 * @example
 								 *  <ModalForm::PolicyTemplate
 								 *    @nameInput="new-item-name"
 								 *    @onSave={{this.closeModal}}
 								 *    @onCancel={{this.closeModal}}
 								 *  />
 								 * ```
 								 * @callback onCancel - callback triggered when cancel button is clicked
 								 * @callback onSave - callback triggered when save button is clicked
 								 * @param {string} nameInput - the name of the newly created policy
 								 */
 								export default class PolicyTemplate extends Component {
 								  @service store;
 								  @service version;
 								  @tracked policy = null; // model record passed to policy-form
 								  @tracked showExamplePolicy = false;
 								  get policyOptions() {
 								    return [
 								      { label: 'ACL Policy', value: 'acl', isDisabled: false },
 								      { label: 'Role Governing Policy', value: 'rgp', isDisabled: !this.version.hasSentinel },
 								    ];
 								  }
 								  // formatting here is purposeful so that whitespace renders correctly in JsonEditor
 								  policyTemplates = {
 								    acl: `
 								# Grant 'create', 'read' , 'update', and ‘list’ permission
 								# to paths prefixed by 'secret/*'
 								path "secret/*" {
 								  capabilities = [ "create", "read", "update", "list" ]
 								}
 								# Even though we allowed secret/*, this line explicitly denies
 								# secret/super-secret. This takes precedence.
 								path "secret/super-secret" {
 								  capabilities = ["deny"]
 								}
 								`,
 								    rgp: `
 								# Import strings library that exposes common string operations
 								import "strings"
 								# Conditional rule (precond) checks the incoming request endpoint
 								# targeted to sys/policies/acl/admin
 								precond = rule {
 								    strings.has_prefix(request.path, "sys/policies/admin")
 								}
 								# Vault checks to see if the request was made by an entity
 								# named James Thomas or Team Lead role defined as its metadata
 								main = rule when precond {
 								    identity.entity.metadata.role is "Team Lead" or
 								      identity.entity.name is "James Thomas"
 								}
 								`,
 								  };
 								  @action
 								  setPolicyType(type) {
 								    if (this.policy) this.policy.unloadRecord(); // if user selects a different type, clear from store before creating a new record
 								    // Create form model once type is chosen
 								    this.policy = this.store.createRecord(`policy/${type}`, { name: this.args.nameInput });
 								  }
 								  @action
 								  onSave(policyModel) {
 								    this.args.onSave(policyModel);
 								    // Reset component policy for next use
 								    this.policy = null;
 								  }
 								}