open-vault/ui/app/models/pki/tidy.js

/**
 * Copyright (c) HashiCorp, Inc.
 * SPDX-License-Identifier: MPL-2.0
 */

import Model, { attr } from '@ember-data/model';
import { service } from '@ember/service';
import { withExpandedAttributes } from 'vault/decorators/model-expanded-attributes';

@withExpandedAttributes()
export default class PkiTidyModel extends Model {
  // the backend mount is the model id, only one pki/tidy model will ever persist (the auto-tidy config)
  @service version;

  @attr({
    label: 'Tidy ACME enabled',
    labelDisabled: 'Tidy ACME disabled',
    mapToBoolean: 'tidyAcme',
    helperTextDisabled: 'Tidying of ACME accounts, orders and authorizations is disabled',
    helperTextEnabled:
      'The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of time after being marked revoked or deactivated.',
    detailsLabel: 'ACME account safety buffer',
    formatTtl: true,
  })
  acmeAccountSafetyBuffer;

  @attr('boolean', {
    label: 'Tidy ACME',
    defaultValue: false,
  })
  tidyAcme;

  @attr('boolean', {
    label: 'Automatic tidy enabled',
    defaultValue: false,
  })
  enabled; // auto-tidy only

  @attr({
    label: 'Automatic tidy enabled',
    labelDisabled: 'Automatic tidy disabled',
    mapToBoolean: 'enabled',
    helperTextEnabled:
      'Sets the interval_duration between automatic tidy operations; note that this is from the end of one operation to the start of the next.',
    helperTextDisabled: 'Automatic tidy operations will not run.',
    detailsLabel: 'Automatic tidy duration',
    formatTtl: true,
  })
  intervalDuration; // auto-tidy only

  @attr('string', {
    editType: 'ttl',
    helperTextEnabled:
      'Specifies a duration that issuers should be kept for, past their NotAfter validity period. Defaults to 365 days (8760 hours).',
    hideToggle: true,
    formatTtl: true,
  })
  issuerSafetyBuffer;

  @attr('string', {
    editType: 'ttl',
    helperTextEnabled:
      'Specifies the duration to pause between tidying individual certificates. This releases the revocation lock and allows other operations to continue while tidy is running.',
    hideToggle: true,
    formatTtl: true,
  })
  pauseDuration;

  @attr('string', {
    editType: 'ttl',
    helperTextEnabled:
      'Specifies a duration after which cross-cluster revocation requests will be removed as expired.',
    hideToggle: true,
    formatTtl: true,
  })
  revocationQueueSafetyBuffer; // enterprise only

  @attr('string', {
    editType: 'ttl',
    helperTextEnabled:
      'For a certificate to be expunged, the time must be after the expiration time of the certificate (according to the local clock) plus the safety buffer. Defaults to 72 hours.',
    hideToggle: true,
    formatTtl: true,
  })
  safetyBuffer;

  @attr('boolean', { label: 'Tidy the certificate store' })
  tidyCertStore;

  @attr('boolean', {
    label: 'Tidy cross-cluster revoked certificates',
    subText: 'Remove expired, cross-cluster revocation entries.',
  })
  tidyCrossClusterRevokedCerts; // enterprise only

  @attr('boolean', {
    subText: 'Automatically remove expired issuers after the issuer safety buffer duration has elapsed.',
  })
  tidyExpiredIssuers;

  @attr('boolean', {
    label: 'Tidy legacy CA bundle',
    subText:
      'Backup any legacy CA/issuers bundle (from Vault versions earlier than 1.11) to config/ca_bundle.bak. Migration will only occur after issuer safety buffer has passed.',
  })
  tidyMoveLegacyCaBundle;

  @attr('boolean', {
    label: 'Tidy cross-cluster revocation requests',
  })
  tidyRevocationQueue; // enterprise only

  @attr('boolean', {
    label: 'Tidy revoked certificate issuer associations',
  })
  tidyRevokedCertIssuerAssociations;

  @attr('boolean', {
    label: 'Tidy revoked certificates',
    subText: 'Remove all invalid and expired certificates from storage.',
  })
  tidyRevokedCerts;

  get useOpenAPI() {
    return true;
  }

  getHelpUrl(backend) {
    return `/v1/${backend}/config/auto-tidy?help=1`;
  }

  get allGroups() {
    const groups = [{ autoTidy: ['enabled', 'intervalDuration'] }, ...this.sharedFields];
    return this._expandGroups(groups);
  }

  // shared between auto and manual tidy operations
  get sharedFields() {
    const groups = [
      {
        'Universal operations': [
          'tidyCertStore',
          'tidyRevokedCerts',
          'tidyRevokedCertIssuerAssociations',
          'safetyBuffer',
          'pauseDuration',
        ],
      },
      {
        'ACME operations': ['tidyAcme', 'acmeAccountSafetyBuffer'],
      },
      {
        'Issuer operations': ['tidyExpiredIssuers', 'tidyMoveLegacyCaBundle', 'issuerSafetyBuffer'],
      },
    ];
    if (this.version.isEnterprise) {
      groups.push({
        'Cross-cluster operations': [
          'tidyRevocationQueue',
          'tidyCrossClusterRevokedCerts',
          'revocationQueueSafetyBuffer',
        ],
      });
    }
    return groups;
  }

  get formFieldGroups() {
    return this._expandGroups(this.sharedFields);
  }
}
UI: VAULT-9409 Pki Tidy Form (#20043) 2023-04-11 06:07:26 +00:00			`/**`
			`* Copyright (c) HashiCorp, Inc.`
			`* SPDX-License-Identifier: MPL-2.0`
			`*/`

			`import Model, { attr } from '@ember-data/model';`
UI: pki auto-tidy views (#20685) * UI: plumbing for pki tidy work (#20611) * update tidy model * Dynamic group on tidy based on version * UI: VAULT-16261 PKI autotidy config view (#20641) * UI: VAULT-16203 tidy status page (#20635) * ui: pki tidy form (#20630) * order routes to match tabs * add tidy routes * add tidy-status page component * update routes rename edit to configure, remove manage * add page component to route template * add comment * finish routing * change to queryRecord, delete old tidy file * remove findRecord * fix serializer name * tidy.index only needs controller empty state logic * build form and page components * update tidy model * alphabetize! * revert model changes * finish adapter * move form out of page folder in tests * refactor to accommodate model changes from chelseas pr * WIP tests * reuse shared fields in model * finish tests * update model hook and breadcrumbs * remove subtext for checkbox * fix tests add ACME fields * Update ui/app/adapters/pki/tidy.js * Update ui/app/adapters/pki/tidy.js * refactor intervalDuration using feedback suggested * move errors to second line, inside conditional brackets * add ternary operator to allByKey attr * surface error message * make polling request longer * UI: VAULT-16368 pki tidy custom method (#20696) * ui: adds empty state and updates modal (#20695) * add empty state to status page * update tidy modal * conditionally change cancel transition route for auto tidy form * teeny copy update * organize tidy-status conditoionals * a couple more template cleanups * fix conditional, change to settings * UI: VAULT-16367 VAULT-16378 Tidy acceptance tests + tidy toolbar cleanup (#20698) * update copy * move tidyRevokedCertIssuerAssociations up to applicable section * add tidy info to readme * update copy * UI: Add tidy as a tab to the error route (#20723) * small cleanup items * fix prettier * cancel polling when we leave tidy.index (status view) * revert changes to declaration file * remove space --------- Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com> 2023-05-23 23:05:15 +00:00			`import { service } from '@ember/service';`
			`import { withExpandedAttributes } from 'vault/decorators/model-expanded-attributes';`
UI: VAULT-9409 Pki Tidy Form (#20043) 2023-04-11 06:07:26 +00:00
UI: pki auto-tidy views (#20685) * UI: plumbing for pki tidy work (#20611) * update tidy model * Dynamic group on tidy based on version * UI: VAULT-16261 PKI autotidy config view (#20641) * UI: VAULT-16203 tidy status page (#20635) * ui: pki tidy form (#20630) * order routes to match tabs * add tidy routes * add tidy-status page component * update routes rename edit to configure, remove manage * add page component to route template * add comment * finish routing * change to queryRecord, delete old tidy file * remove findRecord * fix serializer name * tidy.index only needs controller empty state logic * build form and page components * update tidy model * alphabetize! * revert model changes * finish adapter * move form out of page folder in tests * refactor to accommodate model changes from chelseas pr * WIP tests * reuse shared fields in model * finish tests * update model hook and breadcrumbs * remove subtext for checkbox * fix tests add ACME fields * Update ui/app/adapters/pki/tidy.js * Update ui/app/adapters/pki/tidy.js * refactor intervalDuration using feedback suggested * move errors to second line, inside conditional brackets * add ternary operator to allByKey attr * surface error message * make polling request longer * UI: VAULT-16368 pki tidy custom method (#20696) * ui: adds empty state and updates modal (#20695) * add empty state to status page * update tidy modal * conditionally change cancel transition route for auto tidy form * teeny copy update * organize tidy-status conditoionals * a couple more template cleanups * fix conditional, change to settings * UI: VAULT-16367 VAULT-16378 Tidy acceptance tests + tidy toolbar cleanup (#20698) * update copy * move tidyRevokedCertIssuerAssociations up to applicable section * add tidy info to readme * update copy * UI: Add tidy as a tab to the error route (#20723) * small cleanup items * fix prettier * cancel polling when we leave tidy.index (status view) * revert changes to declaration file * remove space --------- Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com> 2023-05-23 23:05:15 +00:00			`@withExpandedAttributes()`
UI: VAULT-9409 Pki Tidy Form (#20043) 2023-04-11 06:07:26 +00:00			`export default class PkiTidyModel extends Model {`
UI: pki auto-tidy views (#20685) * UI: plumbing for pki tidy work (#20611) * update tidy model * Dynamic group on tidy based on version * UI: VAULT-16261 PKI autotidy config view (#20641) * UI: VAULT-16203 tidy status page (#20635) * ui: pki tidy form (#20630) * order routes to match tabs * add tidy routes * add tidy-status page component * update routes rename edit to configure, remove manage * add page component to route template * add comment * finish routing * change to queryRecord, delete old tidy file * remove findRecord * fix serializer name * tidy.index only needs controller empty state logic * build form and page components * update tidy model * alphabetize! * revert model changes * finish adapter * move form out of page folder in tests * refactor to accommodate model changes from chelseas pr * WIP tests * reuse shared fields in model * finish tests * update model hook and breadcrumbs * remove subtext for checkbox * fix tests add ACME fields * Update ui/app/adapters/pki/tidy.js * Update ui/app/adapters/pki/tidy.js * refactor intervalDuration using feedback suggested * move errors to second line, inside conditional brackets * add ternary operator to allByKey attr * surface error message * make polling request longer * UI: VAULT-16368 pki tidy custom method (#20696) * ui: adds empty state and updates modal (#20695) * add empty state to status page * update tidy modal * conditionally change cancel transition route for auto tidy form * teeny copy update * organize tidy-status conditoionals * a couple more template cleanups * fix conditional, change to settings * UI: VAULT-16367 VAULT-16378 Tidy acceptance tests + tidy toolbar cleanup (#20698) * update copy * move tidyRevokedCertIssuerAssociations up to applicable section * add tidy info to readme * update copy * UI: Add tidy as a tab to the error route (#20723) * small cleanup items * fix prettier * cancel polling when we leave tidy.index (status view) * revert changes to declaration file * remove space --------- Co-authored-by: Chelsea Shaw <cshaw@hashicorp.com> Co-authored-by: Chelsea Shaw <82459713+hashishaw@users.noreply.github.com> Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com> 2023-05-23 23:05:15 +00:00			`// the backend mount is the model id, only one pki/tidy model will ever persist (the auto-tidy config)`
			`@service version;`

			`@attr({`
			`label: 'Tidy ACME enabled',`
			`labelDisabled: 'Tidy ACME disabled',`
			`mapToBoolean: 'tidyAcme',`
			`helperTextDisabled: 'Tidying of ACME accounts, orders and authorizations is disabled',`
			`helperTextEnabled:`
			`'The amount of time that must pass after creation that an account with no orders is marked revoked, and the amount of time after being marked revoked or deactivated.',`
			`detailsLabel: 'ACME account safety buffer',`
			`formatTtl: true,`
			`})`
			`acmeAccountSafetyBuffer;`

			`@attr('boolean', {`
			`label: 'Tidy ACME',`
			`defaultValue: false,`
			`})`
			`tidyAcme;`

			`@attr('boolean', {`
			`label: 'Automatic tidy enabled',`
			`defaultValue: false,`
			`})`
			`enabled; // auto-tidy only`

			`@attr({`
			`label: 'Automatic tidy enabled',`
			`labelDisabled: 'Automatic tidy disabled',`
			`mapToBoolean: 'enabled',`
			`helperTextEnabled:`
			`'Sets the interval_duration between automatic tidy operations; note that this is from the end of one operation to the start of the next.',`
			`helperTextDisabled: 'Automatic tidy operations will not run.',`
			`detailsLabel: 'Automatic tidy duration',`
			`formatTtl: true,`
			`})`
			`intervalDuration; // auto-tidy only`

			`@attr('string', {`
			`editType: 'ttl',`
			`helperTextEnabled:`
			`'Specifies a duration that issuers should be kept for, past their NotAfter validity period. Defaults to 365 days (8760 hours).',`
			`hideToggle: true,`
			`formatTtl: true,`
			`})`
			`issuerSafetyBuffer;`

			`@attr('string', {`
			`editType: 'ttl',`
			`helperTextEnabled:`
			`'Specifies the duration to pause between tidying individual certificates. This releases the revocation lock and allows other operations to continue while tidy is running.',`
			`hideToggle: true,`
			`formatTtl: true,`
			`})`
			`pauseDuration;`

			`@attr('string', {`
			`editType: 'ttl',`
			`helperTextEnabled:`
			`'Specifies a duration after which cross-cluster revocation requests will be removed as expired.',`
			`hideToggle: true,`
			`formatTtl: true,`
			`})`
			`revocationQueueSafetyBuffer; // enterprise only`

			`@attr('string', {`
			`editType: 'ttl',`
			`helperTextEnabled:`
			`'For a certificate to be expunged, the time must be after the expiration time of the certificate (according to the local clock) plus the safety buffer. Defaults to 72 hours.',`
			`hideToggle: true,`
			`formatTtl: true,`
			`})`
			`safetyBuffer;`

			`@attr('boolean', { label: 'Tidy the certificate store' })`
			`tidyCertStore;`

			`@attr('boolean', {`
			`label: 'Tidy cross-cluster revoked certificates',`
			`subText: 'Remove expired, cross-cluster revocation entries.',`
			`})`
			`tidyCrossClusterRevokedCerts; // enterprise only`

			`@attr('boolean', {`
			`subText: 'Automatically remove expired issuers after the issuer safety buffer duration has elapsed.',`
			`})`
			`tidyExpiredIssuers;`

			`@attr('boolean', {`
			`label: 'Tidy legacy CA bundle',`
			`subText:`
			`'Backup any legacy CA/issuers bundle (from Vault versions earlier than 1.11) to config/ca_bundle.bak. Migration will only occur after issuer safety buffer has passed.',`
			`})`
			`tidyMoveLegacyCaBundle;`

			`@attr('boolean', {`
			`label: 'Tidy cross-cluster revocation requests',`
			`})`
			`tidyRevocationQueue; // enterprise only`

			`@attr('boolean', {`
			`label: 'Tidy revoked certificate issuer associations',`
			`})`
			`tidyRevokedCertIssuerAssociations;`

			`@attr('boolean', {`
			`label: 'Tidy revoked certificates',`
			`subText: 'Remove all invalid and expired certificates from storage.',`
			`})`
			`tidyRevokedCerts;`

			`get useOpenAPI() {`
			`return true;`
			`}`

			`getHelpUrl(backend) {`
			return `/v1/${backend}/config/auto-tidy?help=1`;
			`}`

			`get allGroups() {`
			`const groups = [{ autoTidy: ['enabled', 'intervalDuration'] }, ...this.sharedFields];`
			`return this._expandGroups(groups);`
			`}`

			`// shared between auto and manual tidy operations`
			`get sharedFields() {`
			`const groups = [`
			`{`
			`'Universal operations': [`
			`'tidyCertStore',`
			`'tidyRevokedCerts',`
			`'tidyRevokedCertIssuerAssociations',`
			`'safetyBuffer',`
			`'pauseDuration',`
			`],`
			`},`
			`{`
			`'ACME operations': ['tidyAcme', 'acmeAccountSafetyBuffer'],`
			`},`
			`{`
			`'Issuer operations': ['tidyExpiredIssuers', 'tidyMoveLegacyCaBundle', 'issuerSafetyBuffer'],`
			`},`
			`];`
			`if (this.version.isEnterprise) {`
			`groups.push({`
			`'Cross-cluster operations': [`
			`'tidyRevocationQueue',`
			`'tidyCrossClusterRevokedCerts',`
			`'revocationQueueSafetyBuffer',`
			`],`
			`});`
			`}`
			`return groups;`
			`}`

			`get formFieldGroups() {`
			`return this._expandGroups(this.sharedFields);`
			`}`
UI: VAULT-9409 Pki Tidy Form (#20043) 2023-04-11 06:07:26 +00:00			`}`