2021-06-15 15:21:54 +00:00
|
|
|
import {
|
|
|
|
click,
|
|
|
|
visit,
|
|
|
|
settled,
|
|
|
|
currentURL,
|
|
|
|
currentRouteName,
|
|
|
|
fillIn,
|
|
|
|
triggerKeyEvent,
|
|
|
|
} from '@ember/test-helpers';
|
2018-11-19 21:47:58 +00:00
|
|
|
import { create } from 'ember-cli-page-object';
|
2018-09-25 16:28:26 +00:00
|
|
|
import { module, test } from 'qunit';
|
|
|
|
import { setupApplicationTest } from 'ember-qunit';
|
2018-04-03 14:16:57 +00:00
|
|
|
import editPage from 'vault/tests/pages/secrets/backend/kv/edit-secret';
|
|
|
|
import showPage from 'vault/tests/pages/secrets/backend/kv/show';
|
|
|
|
import listPage from 'vault/tests/pages/secrets/backend/list';
|
|
|
|
|
2018-04-16 22:18:46 +00:00
|
|
|
import mountSecrets from 'vault/tests/pages/settings/mount-secret-backend';
|
2018-04-20 02:26:25 +00:00
|
|
|
import apiStub from 'vault/tests/helpers/noop-all-api-requests';
|
2018-09-25 16:28:26 +00:00
|
|
|
import authPage from 'vault/tests/pages/auth';
|
2018-12-03 14:22:13 +00:00
|
|
|
import logout from 'vault/tests/pages/logout';
|
2018-11-19 21:47:58 +00:00
|
|
|
import consoleClass from 'vault/tests/pages/components/console/ui-panel';
|
|
|
|
|
|
|
|
const consoleComponent = create(consoleClass);
|
2018-04-16 22:18:46 +00:00
|
|
|
|
2018-12-03 14:22:13 +00:00
|
|
|
let writeSecret = async function(backend, path, key, val) {
|
|
|
|
await listPage.visitRoot({ backend });
|
|
|
|
await listPage.create();
|
|
|
|
return editPage.createSecret(path, key, val);
|
|
|
|
};
|
|
|
|
|
2021-01-04 16:32:52 +00:00
|
|
|
module('Acceptance | secrets/secret/create', function(hooks) {
|
2018-09-25 16:28:26 +00:00
|
|
|
setupApplicationTest(hooks);
|
|
|
|
|
2018-12-03 14:22:13 +00:00
|
|
|
hooks.beforeEach(async function() {
|
2018-04-20 02:26:25 +00:00
|
|
|
this.server = apiStub({ usePassthrough: true });
|
2018-09-25 16:28:26 +00:00
|
|
|
return authPage.login();
|
|
|
|
});
|
|
|
|
|
|
|
|
hooks.afterEach(function() {
|
2018-04-16 22:18:46 +00:00
|
|
|
this.server.shutdown();
|
2018-09-25 16:28:26 +00:00
|
|
|
});
|
2018-04-03 14:16:57 +00:00
|
|
|
|
2018-09-25 16:28:26 +00:00
|
|
|
test('it creates a secret and redirects', async function(assert) {
|
|
|
|
const path = `kv-path-${new Date().getTime()}`;
|
|
|
|
await listPage.visitRoot({ backend: 'secret' });
|
2018-04-03 14:16:57 +00:00
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.list-root', 'navigates to the list page');
|
|
|
|
|
2018-09-25 16:28:26 +00:00
|
|
|
await listPage.create();
|
2018-12-03 14:22:13 +00:00
|
|
|
assert.ok(editPage.hasMetadataFields, 'shows the metadata form');
|
2018-09-25 16:28:26 +00:00
|
|
|
await editPage.createSecret(path, 'foo', 'bar');
|
2018-10-17 04:23:29 +00:00
|
|
|
|
2018-04-03 14:16:57 +00:00
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
2018-11-19 21:47:58 +00:00
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('it can create a secret when check-and-set is required', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
let secretPath = 'foo/bar';
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.enable('kv', enginePath);
|
|
|
|
await consoleComponent.runCommands(`write ${enginePath}/config cas_required=true`);
|
2018-12-03 14:22:13 +00:00
|
|
|
await writeSecret(enginePath, secretPath, 'foo', 'bar');
|
2018-11-19 21:47:58 +00:00
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
2018-04-03 14:16:57 +00:00
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
});
|
2018-04-16 22:18:46 +00:00
|
|
|
|
2021-06-15 15:21:54 +00:00
|
|
|
test('it disables save when validation errors occur', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.enable('kv', enginePath);
|
|
|
|
await click('[data-test-secret-create="true"]');
|
|
|
|
await fillIn('[data-test-secret-path="true"]', 'abc');
|
|
|
|
await fillIn('[data-test-input="maxVersions"]', 'abc');
|
|
|
|
await triggerKeyEvent('[data-test-input="maxVersions"]', 'keyup', 65);
|
|
|
|
await settled();
|
|
|
|
assert.dom('[data-test-secret-save="true"]').isDisabled('Save button is disabled');
|
|
|
|
await fillIn('[data-test-input="maxVersions"]', 20);
|
|
|
|
await triggerKeyEvent('[data-test-input="maxVersions"]', 'keyup', 65);
|
|
|
|
await click('[data-test-secret-save="true"]');
|
|
|
|
assert.equal(currentURL(), `/vault/secrets/${enginePath}/show/abc`, 'navigates to show secret');
|
|
|
|
});
|
|
|
|
|
2018-09-25 16:28:26 +00:00
|
|
|
test('version 1 performs the correct capabilities lookup', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
let secretPath = 'foo/bar';
|
|
|
|
// mount version 1 engine
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.selectType('kv');
|
2019-04-10 14:36:32 +00:00
|
|
|
await mountSecrets
|
|
|
|
.next()
|
|
|
|
.path(enginePath)
|
2021-04-02 20:17:42 +00:00
|
|
|
.toggleOptions()
|
2019-04-10 14:36:32 +00:00
|
|
|
.version(1)
|
|
|
|
.submit();
|
2018-09-25 16:28:26 +00:00
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(secretPath, 'foo', 'bar');
|
2018-10-17 04:23:29 +00:00
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
2018-04-16 22:18:46 +00:00
|
|
|
});
|
2018-06-25 20:30:11 +00:00
|
|
|
|
2018-12-20 19:46:37 +00:00
|
|
|
// https://github.com/hashicorp/vault/issues/5960
|
|
|
|
test('version 1: nested paths creation maintains ability to navigate the tree', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
let secretPath = '1/2/3/4';
|
|
|
|
// mount version 1 engine
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.selectType('kv');
|
2019-04-10 14:36:32 +00:00
|
|
|
await mountSecrets
|
|
|
|
.next()
|
|
|
|
.path(enginePath)
|
2021-04-02 20:17:42 +00:00
|
|
|
.toggleOptions()
|
2019-04-10 14:36:32 +00:00
|
|
|
.version(1)
|
|
|
|
.submit();
|
2018-12-20 19:46:37 +00:00
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(secretPath, 'foo', 'bar');
|
|
|
|
|
|
|
|
// setup an ancestor for when we delete
|
|
|
|
await listPage.visitRoot({ backend: enginePath });
|
|
|
|
await listPage.secrets.filterBy('text', '1/')[0].click();
|
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret('1/2', 'foo', 'bar');
|
|
|
|
|
|
|
|
// lol we have to do this because ember-cli-page-object doesn't like *'s in visitable
|
|
|
|
await listPage.visitRoot({ backend: enginePath });
|
|
|
|
await listPage.secrets.filterBy('text', '1/')[0].click();
|
|
|
|
await listPage.secrets.filterBy('text', '2/')[0].click();
|
|
|
|
await listPage.secrets.filterBy('text', '3/')[0].click();
|
|
|
|
await listPage.create();
|
|
|
|
|
|
|
|
await editPage.createSecret(secretPath + 'a', 'foo', 'bar');
|
|
|
|
await listPage.visitRoot({ backend: enginePath });
|
|
|
|
await listPage.secrets.filterBy('text', '1/')[0].click();
|
|
|
|
await listPage.secrets.filterBy('text', '2/')[0].click();
|
|
|
|
let secretLink = listPage.secrets.filterBy('text', '3/')[0];
|
|
|
|
assert.ok(secretLink, 'link to the 3/ branch displays properly');
|
|
|
|
|
|
|
|
await listPage.secrets.filterBy('text', '3/')[0].click();
|
2019-05-03 22:20:14 +00:00
|
|
|
await listPage.secrets.objectAt(0).menuToggle();
|
2018-12-20 19:46:37 +00:00
|
|
|
await settled();
|
|
|
|
await listPage.delete();
|
|
|
|
await listPage.confirmDelete();
|
|
|
|
await settled();
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.list');
|
|
|
|
assert.equal(currentURL(), `/vault/secrets/${enginePath}/list/1/2/3/`, 'remains on the page');
|
|
|
|
|
2019-05-03 22:20:14 +00:00
|
|
|
await listPage.secrets.objectAt(0).menuToggle();
|
2018-12-20 19:46:37 +00:00
|
|
|
await listPage.delete();
|
|
|
|
await listPage.confirmDelete();
|
|
|
|
await settled();
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.list');
|
|
|
|
assert.equal(
|
|
|
|
currentURL(),
|
|
|
|
`/vault/secrets/${enginePath}/list/1/`,
|
|
|
|
'navigates to the ancestor created earlier'
|
|
|
|
);
|
|
|
|
});
|
2019-02-09 00:50:50 +00:00
|
|
|
test('first level secrets redirect properly upon deletion', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
let secretPath = 'test';
|
|
|
|
// mount version 1 engine
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.selectType('kv');
|
2019-04-10 14:36:32 +00:00
|
|
|
await mountSecrets
|
|
|
|
.next()
|
|
|
|
.path(enginePath)
|
2021-04-02 20:17:42 +00:00
|
|
|
.toggleOptions()
|
2019-04-10 14:36:32 +00:00
|
|
|
.version(1)
|
|
|
|
.submit();
|
2019-02-09 00:50:50 +00:00
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(secretPath, 'foo', 'bar');
|
2021-05-19 16:43:55 +00:00
|
|
|
await showPage.deleteSecretV1();
|
2019-02-09 00:50:50 +00:00
|
|
|
assert.equal(
|
|
|
|
currentRouteName(),
|
|
|
|
'vault.cluster.secrets.backend.list-root',
|
|
|
|
'redirected to the list page on delete'
|
|
|
|
);
|
|
|
|
});
|
2018-12-20 19:46:37 +00:00
|
|
|
|
2019-01-10 17:18:29 +00:00
|
|
|
// https://github.com/hashicorp/vault/issues/5994
|
|
|
|
test('version 1: key named keys', async function(assert) {
|
|
|
|
await consoleComponent.runCommands([
|
|
|
|
'vault write sys/mounts/test type=kv',
|
|
|
|
'refresh',
|
|
|
|
'vault write test/a keys=a keys=b',
|
|
|
|
]);
|
|
|
|
await showPage.visit({ backend: 'test', id: 'a' });
|
|
|
|
assert.ok(showPage.editIsPresent, 'renders the page properly');
|
|
|
|
});
|
|
|
|
|
2018-09-25 16:28:26 +00:00
|
|
|
test('it redirects to the path ending in / for list pages', async function(assert) {
|
|
|
|
const path = `foo/bar/kv-path-${new Date().getTime()}`;
|
|
|
|
await listPage.visitRoot({ backend: 'secret' });
|
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(path, 'foo', 'bar');
|
Ember-cli upgrade from ~3.8 to ~3.20 (#9972)
* Update ember-cli to ~3.20
* Remove bad optional-feature
* Remove ember-fetch dep
* re-install ember-fetch
* update model fragments pr
* update ember model fragments correct package name
* update ember composable helpers to solve array helper error
* update ember-concurrency
* add back engine dependencies, automatically removed during ember-cli-upgrade
* make author-form-options component js file otherwise error
* for now comment out withTestWaiter
* add eslint-node and fix if not with unless in templates
* fix linting for tab index of false is now -1 and add type button to all buttons without types
* fix href errors for linting, likely have to come back and fix
* using eslint fix flag to fix all this.gets
* ember modules codemode removed files that had module twice, will fix in next commit
* finish codemode ember-data-codemod needed to rename const model
* more this.get removal codemode did not work
* cont. removal of this.get
* stop mixin rules until figure out how to reconfig them all
* smaller eslint ignores
* get codemode
* testing app small fixes to bring it back after all the changes
* small changes to eslint
* test removal of getProperties
* fix issue with baseKey because value could be unknown needed to add a question mark in nested get
* smaller linting fixes
* get nested fixes
* small linting error fixes
* small linting changes
* working through more small linting changes
* another round of linting modifications
* liniting fixes
* ember module codemod
* quinit dom codemod
* angle bracket codemod
* discovered that components must have js files
* ran all codemods this is all that's left
* small changes to fix get needs two object, should not have been using get.
* fix issue with one input in form field
* fun times with set and onChange from oninput
* fix issue with model not being passed through on secret-edit-display
* fix issue with yarn run test not working, revert without npm run all
* linting and small fix when loading without a selectAuthBackend
* fix failing test with ui-wizard issue
* fix test failure due to model not being asked for correctly with new changes, probably run into this more.
* fix issue with component helper and at props specific to wizard
* rename log to clilog due to conflict with new eslint rule
* small changes for test failures
* component helper at fixes
* Revert to old component style something with new one broke this and can't figure it out for now
* small fishy smelling test fixes will revisit
* small test changes
* more small test changes, appears upgrade treats spaces differently
* comment out code and test that no longer seems relevant but confirm
* clean run on component test though still some potential timing issues on ui-console test
* fixing one auth test issue and timing issue on enable-test
* small mods
* fix this conditional check from upgrade
* linting fixes after master merge
* package updates using yarn upgrade-interactive
* update libraries that did not effect any of the test failures.
* update ember truth helpers library
* settling tests
* Fix ui-panel control group output
* fix features selection test failures
* Fix auth tests (x-vault-token)
* fix shared test
* fix issue with data null on backend
* Revert "Fix auth tests (x-vault-token)"
This reverts commit 89cb174b2f1998efa56d9604d14131415ae65d6f.
* Fix auth tests (x-vault-token) without updating this.set
* Update redirect-to tests
* fix wrapped token test
* skip some flaky test
* fix issue with href and a tags vs buttons
* fix linting
* updates to get tests running (#10409)
* yarn isntall
* increasing resource_class
* whoops
* trying large
* back to xlarge
* Fix param issue on transform item routes
* test fixes
* settle on policies (old) test
* fix browserstack test warning and skips of test confirmed worked
* Fix redirect-to test
* skips
* fix transformation test and skip some kmip
* Skip tests
* Add meep marker to remaining failing tests
* Skip test with failing component
* rever skip on secret-create test
* Skip piece of test that fails due to navigation-input
* fix settings test where can and skip in others after confirming
* fix circle ci test failures
* ssh role settle
* Fix navigate-input and add settled to test
* Remove extra import
* secret cubbyhole and alicloud
* Add settled to gcpkms test
* settles on redirect to test
* Bump browserstack test resource to large
* Update browserstack resource size to xlarge
* update todos
* add back in withTestWaiter
* try and fix credentials conditional action added comment instead
* Update volatile computed properies to get functions
* this step was never reached and we never defined secretType anywhere so I removed
* add settled to policy old test
* Fix navigate-input on policies and leases
* replace ssh test with no var hoping that helps and add settled to other failing tests, unskip console tests
* kmip, transit, role test remove a skip and add in settled
* fix hover copy button, had to remove some testing functionality
* Remove private router service
* remove skip on control ssh and ui panel, fix search select by restructuring how to read the error
* final bit of working through skipped test
* Replace clearNonGlobalModels by linking directly to namespace with href-to
* Remove unused var
* Fix role-ssh id bug by updating form-field-from-model to form-field-group-loop
* Fix transit create id would not update
* Update option toggle selector for ssh-role
* Fix ssh selector
* cleanup pt1
* small clean up
* cleanup part2
* Fix computed on pricing-metrics-form
* small cleanup based on chelseas comments.
Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com>
Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
2020-12-03 23:00:22 +00:00
|
|
|
await settled();
|
2019-03-01 16:08:30 +00:00
|
|
|
// use visit helper here because ids with / in them get encoded
|
|
|
|
await visit('/vault/secrets/secret/list/foo/bar');
|
2018-06-25 20:30:11 +00:00
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.list');
|
|
|
|
assert.ok(currentURL().endsWith('/'), 'redirects to the path ending in a slash');
|
|
|
|
});
|
2018-11-09 20:00:53 +00:00
|
|
|
|
|
|
|
test('it can edit via the JSON input', async function(assert) {
|
|
|
|
let content = JSON.stringify({ foo: 'fa', bar: 'boo' });
|
|
|
|
const path = `kv-path-${new Date().getTime()}`;
|
|
|
|
await listPage.visitRoot({ backend: 'secret' });
|
|
|
|
await listPage.create();
|
|
|
|
await editPage.path(path).toggleJSON();
|
|
|
|
await editPage.editor.fillIn(this, content);
|
|
|
|
await editPage.save();
|
|
|
|
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
assert.equal(
|
|
|
|
showPage.editor.content(this),
|
|
|
|
JSON.stringify({ bar: 'boo', foo: 'fa' }, null, 2),
|
|
|
|
'saves the content'
|
|
|
|
);
|
|
|
|
});
|
2018-12-03 14:22:13 +00:00
|
|
|
|
|
|
|
test('version 2 with restricted policy still allows creation', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
2019-05-22 21:07:42 +00:00
|
|
|
const V2_POLICY = `
|
2018-12-03 14:22:13 +00:00
|
|
|
path "kv-v2/metadata/*" {
|
|
|
|
capabilities = ["list"]
|
|
|
|
}
|
|
|
|
path "kv-v2/data/secret" {
|
|
|
|
capabilities = ["create", "read", "update"]
|
|
|
|
}
|
2019-05-22 21:07:42 +00:00
|
|
|
`;
|
2018-12-03 14:22:13 +00:00
|
|
|
await consoleComponent.runCommands([
|
|
|
|
`write sys/mounts/${backend} type=kv options=version=2`,
|
2019-05-22 21:07:42 +00:00
|
|
|
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
|
2018-12-03 14:22:13 +00:00
|
|
|
// delete any kv previously written here so that tests can be re-run
|
|
|
|
'delete kv-v2/metadata/secret',
|
|
|
|
'write -field=client_token auth/token/create policies=kv-v2-degrade',
|
|
|
|
]);
|
|
|
|
|
|
|
|
let userToken = consoleComponent.lastLogOutput;
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('version 2 with restricted policy still allows edit', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
2019-05-22 21:07:42 +00:00
|
|
|
const V2_POLICY = `
|
2018-12-03 14:22:13 +00:00
|
|
|
path "kv-v2/metadata/*" {
|
|
|
|
capabilities = ["list"]
|
|
|
|
}
|
|
|
|
path "kv-v2/data/secret" {
|
|
|
|
capabilities = ["create", "read", "update"]
|
|
|
|
}
|
2019-05-22 21:07:42 +00:00
|
|
|
`;
|
2018-12-03 14:22:13 +00:00
|
|
|
await consoleComponent.runCommands([
|
|
|
|
`write sys/mounts/${backend} type=kv options=version=2`,
|
2019-05-22 21:07:42 +00:00
|
|
|
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
|
2018-12-03 14:22:13 +00:00
|
|
|
// delete any kv previously written here so that tests can be re-run
|
|
|
|
'delete kv-v2/metadata/secret',
|
|
|
|
'write -field=client_token auth/token/create policies=kv-v2-degrade',
|
|
|
|
]);
|
|
|
|
|
|
|
|
let userToken = consoleComponent.lastLogOutput;
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await editPage.visitEdit({ backend, id: 'secret' });
|
|
|
|
assert.notOk(editPage.hasMetadataFields, 'hides the metadata form');
|
|
|
|
await editPage.editSecret('bar', 'baz');
|
|
|
|
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
});
|
2019-03-01 16:08:30 +00:00
|
|
|
|
2021-05-19 16:43:55 +00:00
|
|
|
test('version 2 with policy with destroy capabilities shows modal', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
|
|
|
const V2_POLICY = `
|
|
|
|
path "kv-v2/destroy/*" {
|
|
|
|
capabilities = ["update"]
|
|
|
|
}
|
|
|
|
path "kv-v2/metadata/*" {
|
|
|
|
capabilities = ["list", "update", "delete"]
|
|
|
|
}
|
|
|
|
path "kv-v2/data/secret" {
|
|
|
|
capabilities = ["create", "read", "update"]
|
|
|
|
}
|
|
|
|
`;
|
|
|
|
await consoleComponent.runCommands([
|
|
|
|
`write sys/mounts/${backend} type=kv options=version=2`,
|
|
|
|
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
|
|
|
|
// delete any kv previously written here so that tests can be re-run
|
|
|
|
'delete kv-v2/metadata/secret',
|
|
|
|
'write -field=client_token auth/token/create policies=kv-v2-degrade',
|
|
|
|
]);
|
|
|
|
|
|
|
|
let userToken = consoleComponent.lastLogOutput;
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
await click('[data-test-delete-open-modal]');
|
|
|
|
await settled();
|
|
|
|
assert.dom('[data-test-delete-modal="destroy-version"]').exists('destroy this version option shows');
|
|
|
|
assert.dom('[data-test-delete-modal="destroy-all-versions"]').exists('destroy all versions option shows');
|
|
|
|
assert.dom('[data-test-delete-modal="delete-version"]').doesNotExist('delete version does not show');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('version 2 with policy with only delete option does not show modal and undelete is an option', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
|
|
|
const V2_POLICY = `
|
|
|
|
path "kv-v2/delete/*" {
|
|
|
|
capabilities = ["update"]
|
|
|
|
}
|
|
|
|
path "kv-v2/undelete/*" {
|
|
|
|
capabilities = ["update"]
|
|
|
|
}
|
|
|
|
path "kv-v2/metadata/*" {
|
|
|
|
capabilities = ["list","read","create","update"]
|
|
|
|
}
|
|
|
|
path "kv-v2/data/secret" {
|
|
|
|
capabilities = ["create", "read"]
|
|
|
|
}
|
|
|
|
`;
|
|
|
|
await consoleComponent.runCommands([
|
|
|
|
`write sys/mounts/${backend} type=kv options=version=2`,
|
|
|
|
`write sys/policies/acl/kv-v2-degrade policy=${btoa(V2_POLICY)}`,
|
|
|
|
// delete any kv previously written here so that tests can be re-run
|
|
|
|
'delete kv-v2/metadata/secret',
|
|
|
|
'write -field=client_token auth/token/create policies=kv-v2-degrade',
|
|
|
|
]);
|
|
|
|
|
|
|
|
let userToken = consoleComponent.lastLogOutput;
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
assert.dom('[data-test-delete-open-modal]').doesNotExist('delete version does not show');
|
|
|
|
assert.dom('[data-test-secret-v2-delete="true"]').exists('drop down delete shows');
|
|
|
|
await showPage.deleteSecretV2();
|
|
|
|
// unable to reload page in test scenario so going to list and back to secret to confirm deletion
|
|
|
|
let url = `/vault/secrets/${backend}/list`;
|
|
|
|
await visit(url);
|
|
|
|
await click('[data-test-secret-link="secret"]');
|
|
|
|
assert.dom('[data-test-component="empty-state"]').exists('secret has been deleted');
|
|
|
|
assert.dom('[data-test-secret-undelete]').exists('undelete button shows');
|
|
|
|
});
|
|
|
|
|
2019-03-01 16:08:30 +00:00
|
|
|
test('paths are properly encoded', async function(assert) {
|
|
|
|
let backend = 'kv';
|
|
|
|
let paths = [
|
|
|
|
'(',
|
|
|
|
')',
|
2019-08-01 22:12:04 +00:00
|
|
|
'"',
|
2019-03-01 16:08:30 +00:00
|
|
|
//"'",
|
|
|
|
'!',
|
|
|
|
'#',
|
|
|
|
'$',
|
|
|
|
'&',
|
|
|
|
'*',
|
|
|
|
'+',
|
|
|
|
'@',
|
|
|
|
'{',
|
|
|
|
'|',
|
|
|
|
'}',
|
|
|
|
'~',
|
|
|
|
'[',
|
|
|
|
'\\',
|
|
|
|
']',
|
|
|
|
'^',
|
|
|
|
'_',
|
|
|
|
].map(char => `${char}some`);
|
|
|
|
assert.expect(paths.length * 2);
|
|
|
|
let secretName = '2';
|
2019-08-01 22:12:04 +00:00
|
|
|
let commands = paths.map(path => `write '${backend}/${path}/${secretName}' 3=4`);
|
2019-03-01 16:08:30 +00:00
|
|
|
await consoleComponent.runCommands(['write sys/mounts/kv type=kv', ...commands]);
|
|
|
|
for (let path of paths) {
|
|
|
|
await listPage.visit({ backend, id: path });
|
|
|
|
assert.ok(listPage.secrets.filterBy('text', '2')[0], `${path}: secret is displayed properly`);
|
|
|
|
await listPage.secrets.filterBy('text', '2')[0].click();
|
|
|
|
assert.equal(
|
|
|
|
currentRouteName(),
|
|
|
|
'vault.cluster.secrets.backend.show',
|
|
|
|
`${path}: show page renders correctly`
|
|
|
|
);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2021-01-04 16:32:52 +00:00
|
|
|
test('create secret with space shows version data', async function(assert) {
|
|
|
|
let enginePath = `kv-${new Date().getTime()}`;
|
|
|
|
let secretPath = 'space space';
|
|
|
|
// mount version 2
|
|
|
|
await mountSecrets.visit();
|
|
|
|
await mountSecrets.selectType('kv');
|
|
|
|
await mountSecrets
|
|
|
|
.next()
|
|
|
|
.path(enginePath)
|
|
|
|
.submit();
|
|
|
|
await settled();
|
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(secretPath, 'foo', 'bar');
|
|
|
|
await settled();
|
2021-05-19 16:43:55 +00:00
|
|
|
await click('[data-test-popup-menu-trigger="version"]');
|
2021-01-04 16:32:52 +00:00
|
|
|
await settled();
|
|
|
|
await click('[data-test-version-history]');
|
|
|
|
await settled();
|
|
|
|
assert.dom('[data-test-list-item-content]').exists('renders the version and not an error state');
|
|
|
|
// click on version
|
|
|
|
await click('[data-test-popup-menu-trigger="true"]');
|
|
|
|
await click('[data-test-version]');
|
|
|
|
await settled();
|
|
|
|
// perform encode function that should be done by the encodePath
|
|
|
|
let encodedSecretPath = secretPath.replace(/ /g, '%20');
|
|
|
|
assert.equal(currentURL(), `/vault/secrets/${enginePath}/show/${encodedSecretPath}?version=1`);
|
|
|
|
});
|
|
|
|
|
2019-05-22 21:07:42 +00:00
|
|
|
// the web cli does not handle a quote as part of a path, so we test it here via the UI
|
|
|
|
test('creating a secret with a single or double quote works properly', async function(assert) {
|
2019-03-01 16:08:30 +00:00
|
|
|
await consoleComponent.runCommands('write sys/mounts/kv type=kv');
|
2019-05-22 21:07:42 +00:00
|
|
|
let paths = ["'some", '"some'];
|
|
|
|
for (let path of paths) {
|
|
|
|
await listPage.visitRoot({ backend: 'kv' });
|
|
|
|
await listPage.create();
|
|
|
|
await editPage.createSecret(`${path}/2`, 'foo', 'bar');
|
|
|
|
await listPage.visit({ backend: 'kv', id: path });
|
|
|
|
assert.ok(listPage.secrets.filterBy('text', '2')[0], `${path}: secret is displayed properly`);
|
|
|
|
await listPage.secrets.filterBy('text', '2')[0].click();
|
|
|
|
assert.equal(
|
|
|
|
currentRouteName(),
|
|
|
|
'vault.cluster.secrets.backend.show',
|
|
|
|
`${path}: show page renders correctly`
|
|
|
|
);
|
|
|
|
}
|
2019-03-01 16:08:30 +00:00
|
|
|
});
|
2019-04-02 16:26:58 +00:00
|
|
|
|
|
|
|
test('filter clears on nav', async function(assert) {
|
|
|
|
await consoleComponent.runCommands([
|
|
|
|
'vault write sys/mounts/test type=kv',
|
|
|
|
'refresh',
|
|
|
|
'vault write test/filter/foo keys=a keys=b',
|
|
|
|
'vault write test/filter/foo1 keys=a keys=b',
|
|
|
|
'vault write test/filter/foo2 keys=a keys=b',
|
|
|
|
]);
|
|
|
|
await listPage.visit({ backend: 'test', id: 'filter' });
|
|
|
|
assert.equal(listPage.secrets.length, 3, 'renders three secrets');
|
|
|
|
await listPage.filterInput('filter/foo1');
|
|
|
|
assert.equal(listPage.secrets.length, 1, 'renders only one secret');
|
2019-05-03 22:20:14 +00:00
|
|
|
await listPage.secrets.objectAt(0).click();
|
2019-04-02 16:26:58 +00:00
|
|
|
await showPage.breadcrumbs.filterBy('text', 'filter')[0].click();
|
|
|
|
assert.equal(listPage.secrets.length, 3, 'renders three secrets');
|
|
|
|
assert.equal(listPage.filterInputValue, 'filter/', 'pageFilter has been reset');
|
|
|
|
});
|
2019-04-16 20:27:23 +00:00
|
|
|
|
|
|
|
let setupNoRead = async function(backend, canReadMeta = false) {
|
2019-05-22 21:07:42 +00:00
|
|
|
const V2_WRITE_ONLY_POLICY = `
|
2019-04-16 20:27:23 +00:00
|
|
|
path "${backend}/+/+" {
|
|
|
|
capabilities = ["create", "update", "list"]
|
|
|
|
}
|
|
|
|
path "${backend}/+" {
|
|
|
|
capabilities = ["list"]
|
|
|
|
}
|
2019-05-22 21:07:42 +00:00
|
|
|
`;
|
2019-04-16 20:27:23 +00:00
|
|
|
|
2019-05-22 21:07:42 +00:00
|
|
|
const V2_WRITE_WITH_META_READ_POLICY = `
|
2019-04-16 20:27:23 +00:00
|
|
|
path "${backend}/+/+" {
|
|
|
|
capabilities = ["create", "update", "list"]
|
|
|
|
}
|
|
|
|
path "${backend}/metadata/+" {
|
|
|
|
capabilities = ["read"]
|
|
|
|
}
|
|
|
|
path "${backend}/+" {
|
|
|
|
capabilities = ["list"]
|
|
|
|
}
|
2019-05-22 21:07:42 +00:00
|
|
|
`;
|
|
|
|
const V1_WRITE_ONLY_POLICY = `
|
2019-04-16 20:27:23 +00:00
|
|
|
path "${backend}/+" {
|
|
|
|
capabilities = ["create", "update", "list"]
|
|
|
|
}
|
2019-05-22 21:07:42 +00:00
|
|
|
`;
|
2019-04-16 20:27:23 +00:00
|
|
|
|
|
|
|
let policy;
|
|
|
|
if (backend === 'kv-v2' && canReadMeta) {
|
|
|
|
policy = V2_WRITE_WITH_META_READ_POLICY;
|
|
|
|
} else if (backend === 'kv-v2') {
|
|
|
|
policy = V2_WRITE_ONLY_POLICY;
|
|
|
|
} else if (backend === 'kv-v1') {
|
|
|
|
policy = V1_WRITE_ONLY_POLICY;
|
|
|
|
}
|
|
|
|
await consoleComponent.runCommands([
|
|
|
|
// disable any kv previously enabled kv
|
|
|
|
`delete sys/mounts/${backend}`,
|
|
|
|
`write sys/mounts/${backend} type=kv options=version=${backend === 'kv-v2' ? 2 : 1}`,
|
2019-05-22 21:07:42 +00:00
|
|
|
`write sys/policies/acl/${backend} policy=${btoa(policy)}`,
|
2019-04-16 20:27:23 +00:00
|
|
|
`write -field=client_token auth/token/create policies=${backend}`,
|
|
|
|
]);
|
|
|
|
|
|
|
|
return consoleComponent.lastLogOutput;
|
|
|
|
};
|
|
|
|
test('write without read: version 2', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
|
|
|
let userToken = await setupNoRead(backend);
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await showPage.visit({ backend, id: 'secret' });
|
|
|
|
assert.ok(showPage.noReadIsPresent, 'shows no read empty state');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
|
|
|
|
await editPage.visitEdit({ backend, id: 'secret' });
|
|
|
|
assert.notOk(editPage.hasMetadataFields, 'hides the metadata form');
|
|
|
|
assert.ok(editPage.showsNoCASWarning, 'shows no CAS write warning');
|
|
|
|
|
|
|
|
await editPage.editSecret('bar', 'baz');
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('write without read: version 2 with metadata read', async function(assert) {
|
|
|
|
let backend = 'kv-v2';
|
|
|
|
let userToken = await setupNoRead(backend, true);
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await showPage.visit({ backend, id: 'secret' });
|
|
|
|
assert.ok(showPage.noReadIsPresent, 'shows no read empty state');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
|
|
|
|
await editPage.visitEdit({ backend, id: 'secret' });
|
|
|
|
assert.notOk(editPage.hasMetadataFields, 'hides the metadata form');
|
|
|
|
assert.ok(editPage.showsV2WriteWarning, 'shows v2 warning');
|
|
|
|
|
|
|
|
await editPage.editSecret('bar', 'baz');
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
});
|
|
|
|
|
|
|
|
test('write without read: version 1', async function(assert) {
|
|
|
|
let backend = 'kv-v1';
|
|
|
|
let userToken = await setupNoRead(backend);
|
|
|
|
await writeSecret(backend, 'secret', 'foo', 'bar');
|
|
|
|
await logout.visit();
|
|
|
|
await authPage.login(userToken);
|
|
|
|
|
|
|
|
await showPage.visit({ backend, id: 'secret' });
|
|
|
|
assert.ok(showPage.noReadIsPresent, 'shows no read empty state');
|
|
|
|
assert.ok(showPage.editIsPresent, 'shows the edit button');
|
|
|
|
|
|
|
|
await editPage.visitEdit({ backend, id: 'secret' });
|
|
|
|
assert.ok(editPage.showsV1WriteWarning, 'shows v1 warning');
|
|
|
|
|
|
|
|
await editPage.editSecret('bar', 'baz');
|
|
|
|
assert.equal(currentRouteName(), 'vault.cluster.secrets.backend.show', 'redirects to the show page');
|
|
|
|
});
|
2018-06-25 20:30:11 +00:00
|
|
|
});
|