open-vault/ui/app/models/pki/issuer.js

/**
 * Copyright (c) HashiCorp, Inc.
 * SPDX-License-Identifier: MPL-2.0
 */

import Model, { attr } from '@ember-data/model';
import { withFormFields } from 'vault/decorators/model-form-fields';
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
import { service } from '@ember/service';

const issuerUrls = ['issuingCertificates', 'crlDistributionPoints', 'ocspServers'];
const inputFields = [
  'issuerName',
  'leafNotAfterBehavior',
  'usage',
  'manualChain',
  'revocationSignatureAlgorithm',
  ...issuerUrls,
];
const displayFields = [
  {
    default: ['certificate', 'caChain', 'commonName', 'issuerName', 'issuerId', 'keyId'],
    // also displays parsedCertificate values in the template
  },
  { 'Issuer URLs': issuerUrls },
];
@withFormFields(inputFields, displayFields)
export default class PkiIssuerModel extends Model {
  @service secretMountPath;
  // TODO use openAPI after removing route extension (see pki/roles route for example)
  get useOpenAPI() {
    return false;
  }
  get backend() {
    return this.secretMountPath.currentPath;
  }
  get issuerRef() {
    return this.issuerName || this.issuerId;
  }

  // READ ONLY
  @attr isDefault;
  @attr('string', { label: 'Issuer ID', detailLinkTo: 'issuers.issuer.details' }) issuerId;
  @attr('string', { label: 'Default key ID', detailLinkTo: 'keys.key.details' }) keyId;
  @attr({ label: 'CA Chain', masked: true }) caChain;
  @attr({ masked: true }) certificate;
  @attr('string') serialNumber;

  // parsed from certificate contents in serializer (see parse-pki-cert.js)
  @attr parsedCertificate;
  @attr('string') commonName;
  @attr isRoot;

  @attr subjectSerialNumber; // this is not the UUID serial number field randomly generated by Vault for leaf certificates
  @attr({ label: 'Subject Alternative Names (SANs)' }) altNames;
  @attr({ label: 'IP SANs' }) ipSans;
  @attr({ label: 'URI SANs' }) uriSans;
  @attr({ label: 'Other SANs' }) otherSans;

  // UPDATING
  @attr('string') issuerName;

  @attr({
    label: 'Leaf notAfter behavior',
    subText:
      'What happens when a leaf certificate is issued, but its NotAfter field (and therefore its expiry date) exceeds that of this issuer.',
    docLink: '/vault/api-docs/secret/pki#update-issuer',
    editType: 'yield',
    valueOptions: ['err', 'truncate', 'permit'],
  })
  leafNotAfterBehavior;

  @attr({
    subText: 'Allowed usages for this issuer. It can always be read.',
    editType: 'yield',
    valueOptions: [
      { label: 'Issuing certificates', value: 'issuing-certificates' },
      { label: 'Signing CRLs', value: 'crl-signing' },
      { label: 'Signing OCSPs', value: 'ocsp-signing' },
    ],
  })
  usage;

  @attr('string', {
    subText:
      "An advanced field useful when automatic chain building isn't desired. The first element must be the present issuer's reference.",
  })
  manualChain;

  @attr({
    subText:
      'The signature algorithm to use when building CRLs. The default value (empty string) is for Go to select the signature algorithm automatically, which may not always work.',
    noDefault: true,
    possibleValues: [
      'sha256withrsa',
      'ecdsawithsha384',
      'sha256withrsapss',
      'ed25519',
      'sha384withrsapss',
      'sha512withrsapss',
      'pureed25519',
      'sha384withrsa',
      'sha512withrsa',
      'ecdsawithsha256',
      'ecdsawithsha512',
    ],
  })
  revocationSignatureAlgorithm;

  @attr('string', {
    subText:
      'The URL values for the Issuing Certificate field; these are different URLs for the same resource.',
    editType: 'stringArray',
  })
  issuingCertificates;

  @attr('string', {
    label: 'CRL distribution points',
    subText: 'Specifies the URL values for the CRL Distribution Points field.',
    editType: 'stringArray',
  })
  crlDistributionPoints;

  @attr('string', {
    label: 'OCSP servers',
    subText: 'Specifies the URL values for the OCSP Servers field.',
    editType: 'stringArray',
  })
  ocspServers;

  // IMPORTING
  @attr('string') pemBundle;
  // readonly attrs returned after importing
  @attr importedIssuers;
  @attr importedKeys;
  @attr mapping;

  @lazyCapabilities(apiPath`${'backend'}/issuer/${'issuerId'}`) issuerPath;
  @lazyCapabilities(apiPath`${'backend'}/root/rotate/exported`) rotateExported;
  @lazyCapabilities(apiPath`${'backend'}/root/rotate/internal`) rotateInternal;
  @lazyCapabilities(apiPath`${'backend'}/root/rotate/existing`) rotateExisting;
  @lazyCapabilities(apiPath`${'backend'}/root`, 'backend') deletePath;
  @lazyCapabilities(apiPath`${'backend'}/intermediate/cross-sign`) crossSignPath;
  @lazyCapabilities(apiPath`${'backend'}/issuer/${'issuerId'}/sign-intermediate`) signIntermediate;
  get canRotateIssuer() {
    return (
      this.rotateExported.get('canUpdate') !== false ||
      this.rotateExisting.get('canUpdate') !== false ||
      this.rotateInternal.get('canUpdate') !== false
    );
  }
  get canCrossSign() {
    return this.crossSignPath.get('canUpdate') !== false;
  }
  get canSignIntermediate() {
    return this.signIntermediate.get('canUpdate') !== false;
  }
  get canConfigure() {
    return this.issuerPath.get('canUpdate') !== false;
  }
  get canDeleteAllIssuers() {
    return this.deletePath.get('isLoading') || this.deletePath.get('canDelete') !== false;
  }
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`/**`
			`* Copyright (c) HashiCorp, Inc.`
			`* SPDX-License-Identifier: MPL-2.0`
			`*/`

UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`import Model, { attr } from '@ember-data/model';`
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			`import { withFormFields } from 'vault/decorators/model-form-fields';`
			`import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`import { service } from '@ember/service';`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`const issuerUrls = ['issuingCertificates', 'crlDistributionPoints', 'ocspServers'];`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`const inputFields = [`
			`'issuerName',`
			`'leafNotAfterBehavior',`
			`'usage',`
			`'manualChain',`
			`'revocationSignatureAlgorithm',`
			`...issuerUrls,`
			`];`
			`const displayFields = [`
			`{`
UI: Show parsed certificate data in PKI (#19990) 2023-04-11 21:04:35 +00:00			`default: ['certificate', 'caChain', 'commonName', 'issuerName', 'issuerId', 'keyId'],`
			`// also displays parsedCertificate values in the template`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`},`
			`{ 'Issuer URLs': issuerUrls },`
			`];`
			`@withFormFields(inputFields, displayFields)`
			`export default class PkiIssuerModel extends Model {`
			`@service secretMountPath;`
			`// TODO use openAPI after removing route extension (see pki/roles route for example)`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`get useOpenAPI() {`
			`return false;`
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			`}`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`get backend() {`
			`return this.secretMountPath.currentPath;`
			`}`
UI: add issuerRef getter in case issuer is nameless (#18968) * add issuerRef getter in case issuer is nameless * declare as getter * remove changes to test, oops! 2023-02-03 21:07:59 +00:00			`get issuerRef() {`
			`return this.issuerName \|\| this.issuerId;`
			`}`

UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`// READ ONLY`
			`@attr isDefault;`
UI: pki rotate root cert (#19739) * add rotate root route * add page component * add modal * fix modal image styling * add radio buttons * add jsonToCert function to pki parser * add verify function * add verify to details route * nest rotate-root under issuer/ * copy values from old root ca * pull detail info rows into a separate component * add type declaration files * add parsing error warning to rotate root component file * add comments * add capabilities to controller * update icon * revert issuer details * refactor pki info table rows * add parsedparameters to pki helper * add alert banner * update attrs, fix info rows * add endpoint to action router * update alert banner * hide toolbar from generate root display * add download buttons to toolbar * add banner getter * fix typo in issuer details * fix assertion * move alert banner after generating root to parent * rename issuer index route file * refactor routing so model can be passed from route * add confirmLeave and done button to use existin settings done form * rename serial number to differentiate between two types * fix links, update ids to issuerId not response id * update ts declaration * change variable names add comments * update existing tests * fix comment typo * add download button test * update serializer to change subject_serial_number to serial_number for backend * remove pageTitle getter * remove old arg * round 1 of testing complete.. * finish endpoint tests * finish component tests * move toolbars to parent route * add acceptance test for rotate route * add const to hold radio button string values * remove action, fix link 2023-03-31 21:47:23 +00:00			`@attr('string', { label: 'Issuer ID', detailLinkTo: 'issuers.issuer.details' }) issuerId;`
			`@attr('string', { label: 'Default key ID', detailLinkTo: 'keys.key.details' }) keyId;`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`@attr({ label: 'CA Chain', masked: true }) caChain;`
			`@attr({ masked: true }) certificate;`
UI: VAULT-8429 Update query and serializer so that it includes parsedCertificate (#20246) Co-authored-by: Kianna Quach <kianna.quach@hashicorp.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> 2023-04-28 15:05:12 +00:00			`@attr('string') serialNumber;`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`// parsed from certificate contents in serializer (see parse-pki-cert.js)`
UI: Show parsed certificate data in PKI (#19990) 2023-04-11 21:04:35 +00:00			`@attr parsedCertificate;`
			`@attr('string') commonName;`
UI: VAULT-8429 Update query and serializer so that it includes parsedCertificate (#20246) Co-authored-by: Kianna Quach <kianna.quach@hashicorp.com> Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> 2023-04-28 15:05:12 +00:00			`@attr isRoot;`
UI: Show parsed certificate data in PKI (#19990) 2023-04-11 21:04:35 +00:00
UI: pki rotate root cert (#19739) * add rotate root route * add page component * add modal * fix modal image styling * add radio buttons * add jsonToCert function to pki parser * add verify function * add verify to details route * nest rotate-root under issuer/ * copy values from old root ca * pull detail info rows into a separate component * add type declaration files * add parsing error warning to rotate root component file * add comments * add capabilities to controller * update icon * revert issuer details * refactor pki info table rows * add parsedparameters to pki helper * add alert banner * update attrs, fix info rows * add endpoint to action router * update alert banner * hide toolbar from generate root display * add download buttons to toolbar * add banner getter * fix typo in issuer details * fix assertion * move alert banner after generating root to parent * rename issuer index route file * refactor routing so model can be passed from route * add confirmLeave and done button to use existin settings done form * rename serial number to differentiate between two types * fix links, update ids to issuerId not response id * update ts declaration * change variable names add comments * update existing tests * fix comment typo * add download button test * update serializer to change subject_serial_number to serial_number for backend * remove pageTitle getter * remove old arg * round 1 of testing complete.. * finish endpoint tests * finish component tests * move toolbars to parent route * add acceptance test for rotate route * add const to hold radio button string values * remove action, fix link 2023-03-31 21:47:23 +00:00			`@attr subjectSerialNumber; // this is not the UUID serial number field randomly generated by Vault for leaf certificates`
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`@attr({ label: 'Subject Alternative Names (SANs)' }) altNames;`
			`@attr({ label: 'IP SANs' }) ipSans;`
			`@attr({ label: 'URI SANs' }) uriSans;`
			`@attr({ label: 'Other SANs' }) otherSans;`
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00
UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`// UPDATING`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`@attr('string') issuerName;`

			`@attr({`
			`label: 'Leaf notAfter behavior',`
			`subText:`
			`'What happens when a leaf certificate is issued, but its NotAfter field (and therefore its expiry date) exceeds that of this issuer.',`
			`docLink: '/vault/api-docs/secret/pki#update-issuer',`
			`editType: 'yield',`
			`valueOptions: ['err', 'truncate', 'permit'],`
			`})`
			`leafNotAfterBehavior;`

			`@attr({`
UI: PKI Clean up dirty model on leave (#19058) 2023-02-08 16:42:02 +00:00			`subText: 'Allowed usages for this issuer. It can always be read.',`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`editType: 'yield',`
			`valueOptions: [`
			`{ label: 'Issuing certificates', value: 'issuing-certificates' },`
			`{ label: 'Signing CRLs', value: 'crl-signing' },`
			`{ label: 'Signing OCSPs', value: 'ocsp-signing' },`
			`],`
			`})`
			`usage;`

			`@attr('string', {`
			`subText:`
			`"An advanced field useful when automatic chain building isn't desired. The first element must be the present issuer's reference.",`
			`})`
			`manualChain;`

UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`@attr({`
			`subText:`
			`'The signature algorithm to use when building CRLs. The default value (empty string) is for Go to select the signature algorithm automatically, which may not always work.',`
			`noDefault: true,`
			`possibleValues: [`
			`'sha256withrsa',`
			`'ecdsawithsha384',`
			`'sha256withrsapss',`
			`'ed25519',`
			`'sha384withrsapss',`
			`'sha512withrsapss',`
			`'pureed25519',`
			`'sha384withrsa',`
			`'sha512withrsa',`
			`'ecdsawithsha256',`
			`'ecdsawithsha512',`
			`],`
			`})`
			`revocationSignatureAlgorithm;`

PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`@attr('string', {`
			`subText:`
UI: remove references to comma separation for string array edit types (#20163) * remove intercepting helpText * add subtext directly to StringList input component * update tests and add coverage for new openapi-attrs util * update test * add warning validation to input * lol is this right i dont know go * literally no idea what im doing * add Description to display attrs struct * update struct comment * add descriptions to remaining go fields * add missing comma * remaining commas..." * add description to display attrs * update tests * update tests * add changelog; * Update ui/app/utils/openapi-to-attrs.js * update tests following backend changes * clearly name variable * format files * no longer need to test for modified tooltip since coming from backend now 2023-04-19 16:16:30 +00:00			`'The URL values for the Issuing Certificate field; these are different URLs for the same resource.',`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`editType: 'stringArray',`
			`})`
			`issuingCertificates;`

			`@attr('string', {`
			`label: 'CRL distribution points',`
			`subText: 'Specifies the URL values for the CRL Distribution Points field.',`
UI: VAULT-13044 pki cleanup attributes (#18954) * Update form model attributes to be stringArray * Update pki certificate sign to be string * Update organization, ou, name to stringArray * More organization, ou update to stringArray * VAULT-13123 Update missing field attributes in create/role * Fix formatting * Revert "VAULT-13123 Update missing field attributes in create/role" This reverts commit 6da5cb508588488789dc6cde412880e45425cce4. * Fix failing test * Add string array for SAN * Update pki issuer uriSAN label 2023-02-02 17:23:15 +00:00			`editType: 'stringArray',`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`})`
			`crlDistributionPoints;`

			`@attr('string', {`
			`label: 'OCSP servers',`
			`subText: 'Specifies the URL values for the OCSP Servers field.',`
UI: VAULT-13044 pki cleanup attributes (#18954) * Update form model attributes to be stringArray * Update pki certificate sign to be string * Update organization, ou, name to stringArray * More organization, ou update to stringArray * VAULT-13123 Update missing field attributes in create/role * Fix formatting * Revert "VAULT-13123 Update missing field attributes in create/role" This reverts commit 6da5cb508588488789dc6cde412880e45425cce4. * Fix failing test * Add string array for SAN * Update pki issuer uriSAN label 2023-02-02 17:23:15 +00:00			`editType: 'stringArray',`
PKI Issuer Edit (#18687) * adds pki issuer edit view * updates pki issuer details test and fixes styling issue in issuer edit form * addresses feedback 2023-01-12 23:33:14 +00:00			`})`
			`ocspServers;`

UI: Pki model attribute consolidation (#19281) 2023-02-24 15:56:12 +00:00			`// IMPORTING`
			`@attr('string') pemBundle;`
			`// readonly attrs returned after importing`
			`@attr importedIssuers;`
			`@attr importedKeys;`
			`@attr mapping;`

UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			@lazyCapabilities(apiPath`${'backend'}/issuer/${'issuerId'}`) issuerPath;
			@lazyCapabilities(apiPath`${'backend'}/root/rotate/exported`) rotateExported;
			@lazyCapabilities(apiPath`${'backend'}/root/rotate/internal`) rotateInternal;
			@lazyCapabilities(apiPath`${'backend'}/root/rotate/existing`) rotateExisting;
UI: VAULT-9408 Delete all issuers toolbar action + modal (#19756) 2023-04-05 21:25:55 +00:00			@lazyCapabilities(apiPath`${'backend'}/root`, 'backend') deletePath;
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			@lazyCapabilities(apiPath`${'backend'}/intermediate/cross-sign`) crossSignPath;
			@lazyCapabilities(apiPath`${'backend'}/issuer/${'issuerId'}/sign-intermediate`) signIntermediate;
			`get canRotateIssuer() {`
			`return (`
			`this.rotateExported.get('canUpdate') !== false \|\|`
			`this.rotateExisting.get('canUpdate') !== false \|\|`
			`this.rotateInternal.get('canUpdate') !== false`
			`);`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00			`}`
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			`get canCrossSign() {`
			`return this.crossSignPath.get('canUpdate') !== false;`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00			`}`
UI: PKI Issuer details (#18495) 2022-12-21 16:30:24 +00:00			`get canSignIntermediate() {`
			`return this.signIntermediate.get('canUpdate') !== false;`
			`}`
			`get canConfigure() {`
			`return this.issuerPath.get('canUpdate') !== false;`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00			`}`
UI: VAULT-9408 Delete all issuers toolbar action + modal (#19756) 2023-04-05 21:25:55 +00:00			`get canDeleteAllIssuers() {`
			`return this.deletePath.get('isLoading') \|\| this.deletePath.get('canDelete') !== false;`
			`}`
PKI Issuer List view (#17210) * initial setup for issuers toolbar and some slight changes to roles model after discussion with design. * wip * wip ... :/ * finalizes serializer and linkedblock iteration of is_default * clean up * fix * forgot this bit * pr comments amendments: * small PR comment changes 2022-09-20 15:25:57 +00:00			`}`