open-vault/ui/app/models/secret-engine.js

import Ember from 'ember';
import DS from 'ember-data';
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
import { fragment } from 'ember-data-model-fragments/attributes';

import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';

const { attr } = DS;
const { computed } = Ember;

//identity will be managed separately and the inclusion
//of the system backend is an implementation detail
const LIST_EXCLUDED_BACKENDS = ['system', 'identity'];

export default DS.Model.extend({
  path: attr('string'),
  accessor: attr('string'),
  name: attr('string'),
  type: attr('string', {
    label: 'Secret engine type',
  }),
  description: attr('string', {
    editType: 'textarea',
  }),
  config: fragment('mount-config', { defaultValue: {} }),
  options: fragment('mount-options', { defaultValue: {} }),
  local: attr('boolean', {
    helpText:
      'When replication is enabled, a local mount will not be replicated across clusters. This can only be specified at mount time.',
  }),
  sealWrap: attr('boolean', {
    helpText:
      'When enabled - if a seal supporting seal wrapping is specified in the configuration, all critical security parameters (CSPs) in this backend will be seal wrapped. (For K/V mounts, all values will be seal wrapped.) This can only be specified at mount time.',
  }),

  modelTypeForKV: computed('engineType', 'options.version', function() {
    let type = this.get('engineType');
    let version = this.get('options.version');
    let modelType = 'secret';
    if ((type === 'kv' || type === 'generic') && version === 2) {
      modelType = 'secret-v2';
    }
    return modelType;
  }),

  formFields: computed('engineType', function() {
    let type = this.get('engineType');
    let fields = [
      'type',
      'path',
      'description',
      'accessor',
      'local',
      'sealWrap',
      'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
    ];
    if (type === 'kv' || type === 'generic') {
      fields.push('options.{version}');
    }
    return fields;
  }),

  formFieldGroups: computed('engineType', function() {
    let type = this.get('engineType');
    let defaultGroup = { default: ['path'] };
    if (type === 'kv' || type === 'generic') {
      defaultGroup.default.push('options.{version}');
    }
    return [
      defaultGroup,
      {
        'Method Options': [
          'description',
          'config.listingVisibility',
          'local',
          'sealWrap',
          'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
        ],
      },
    ];
  }),

  attrs: computed('formFields', function() {
    return expandAttributeMeta(this, this.get('formFields'));
  }),

  fieldGroups: computed('formFieldGroups', function() {
    return fieldToAttrs(this, this.get('formFieldGroups'));
  }),

  // namespaces introduced types with a `ns_` prefix for built-in engines
  // so we need to strip that to normalize the type
  engineType: computed('type', function() {
    return (this.get('type') || '').replace(/^ns_/, '');
  }),

  shouldIncludeInList: computed('engineType', function() {
    return !LIST_EXCLUDED_BACKENDS.includes(this.get('engineType'));
  }),

  localDisplay: Ember.computed('local', function() {
    return this.get('local') ? 'local' : 'replicated';
  }),

  // ssh specific ones
  privateKey: attr('string'),
  publicKey: attr('string'),
  generateSigningKey: attr('boolean', {
    defaultValue: true,
  }),

  saveCA(options) {
    if (this.get('type') !== 'ssh') {
      return;
    }
    if (options.isDelete) {
      this.setProperties({
        privateKey: null,
        publicKey: null,
        generateSigningKey: false,
      });
    }
    return this.save({
      adapterOptions: {
        options: options,
        apiPath: 'config/ca',
        attrsToSend: ['privateKey', 'publicKey', 'generateSigningKey'],
      },
    });
  },

  saveZeroAddressConfig() {
    return this.save({
      adapterOptions: {
        adapterMethod: 'saveZeroAddressConfig',
      },
    });
  },

  zeroAddressPath: lazyCapabilities(apiPath`${'id'}/config/zeroaddress`, 'id'),
  canEditZeroAddress: computed.alias('zeroAddressPath.canUpdate'),

  // aws backend attrs
  lease: attr('string'),
  leaseMax: attr('string'),
});
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`import Ember from 'ember';`
			`import DS from 'ember-data';`
UI - code cleanup (#4699) * use lazyCapabilities macro in models * use expandAttributeMeta and fieldToAttrs everywhere * add angle bracket component polyfill * use PageHeader component throughout 2018-06-12 21:06:37 +00:00			`import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`import { fragment } from 'ember-data-model-fragments/attributes';`

UI Onboarding Wizards (#5196) 2018-08-28 05:03:55 +00:00			`import fieldToAttrs, { expandAttributeMeta } from 'vault/utils/field-to-attrs';`
UI - make engine list more consistent with the auth method list (#4598) * remove expanding behavior from engines list and add a configuration route * use page header component, secret tab component for the template on the secret engine configuration route * move abstraction to secret-list-header and remove secret-tabs * add attrs to secret engine model and adjust mount controller code to support that * fix top level nav so that we can use the back button properly * fix tests 2018-05-23 16:25:52 +00:00
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`const { attr } = DS;`
			`const { computed } = Ember;`

			`//identity will be managed separately and the inclusion`
			`//of the system backend is an implementation detail`
			`const LIST_EXCLUDED_BACKENDS = ['system', 'identity'];`

			`export default DS.Model.extend({`
			`path: attr('string'),`
			`accessor: attr('string'),`
			`name: attr('string'),`
UI Onboarding Wizards (#5196) 2018-08-28 05:03:55 +00:00			`type: attr('string', {`
			`label: 'Secret engine type',`
			`}),`
			`description: attr('string', {`
			`editType: 'textarea',`
			`}),`
UI - make engine list more consistent with the auth method list (#4598) * remove expanding behavior from engines list and add a configuration route * use page header component, secret tab component for the template on the secret engine configuration route * move abstraction to secret-list-header and remove secret-tabs * add attrs to secret engine model and adjust mount controller code to support that * fix top level nav so that we can use the back button properly * fix tests 2018-05-23 16:25:52 +00:00			`config: fragment('mount-config', { defaultValue: {} }),`
			`options: fragment('mount-options', { defaultValue: {} }),`
UI Onboarding Wizards (#5196) 2018-08-28 05:03:55 +00:00			`local: attr('boolean', {`
			`helpText:`
			`'When replication is enabled, a local mount will not be replicated across clusters. This can only be specified at mount time.',`
			`}),`
			`sealWrap: attr('boolean', {`
			`helpText:`
			`'When enabled - if a seal supporting seal wrapping is specified in the configuration, all critical security parameters (CSPs) in this backend will be seal wrapped. (For K/V mounts, all values will be seal wrapped.) This can only be specified at mount time.',`
			`}),`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00
UI namespaces (#5119) * add namespace sidebar item * depend on ember-inflector directly * list-view and list-item components * fill out components and render empty namespaces page * list namespaces in access * add menu contextual component to list item * popup contextual component * full crud for namespaces * add namespaces service and picker component * split application and vault.cluster templates and controllers, add namespace query param, add namespace-picker to vault.namespace template * remove usage of href-to * remove ember-href-to from deps * add ember-responsive * start styling the picker and link to appropriate namespaces, use ember-responsive to render picker in different places based on the breakpoint * get query param working and save ns to authdata when authenticating, feed through ns in application adapter * move to observer on the controller for setting state on the service * set state in the beforeModel hook and clear the ember data model cache * nav to secrets on change and make error handling more resilient utilizing the method that atlas does to eagerly update URLs * add a list of sys endpoints in a helper * hide header elements if not in the root namespace * debounce namespace input on auth, fix 404 for auth method fetch, move auth method fetch to a task on the auth-form component and refretch on namespace change * fix display of supported engines and exclusion of sys and identity engines * don't fetch replication status if you're in a non-root namespace * hide seal sub-menu if not in the root namespace * don't autocomplete auth form inputs * always send some requests to the root namespace * use methodType and engineType instead of type in case there it is ns_ prefixed * use sys/internal/ui/namespaces to fetch the list in the dropdown * don't use model for namespace picker and always make the request to the token namespace * fix header handling for fetch calls * use namespace-reminder component on creation and edit forms throughout the application * add namespace-reminder to the console * add flat * add deepmerge for creating the tree in the menu * delayed rendering for animation timing * design and code feedback on the first round * white text in the namespace picker * fix namespace picker issues with root keys * separate path-to-tree * add tests for path-to-tree util * hide picker if you're in the root ns and you can't access other namespaces * show error message if you enter invalid characters for namespace path * return a different model if we dont have the namespaces feature and show upgrade page * if a token has a namespace_path, use that as the root user namespace and transition them there on login * use token namespace for user, but use specified namespace to log in * always renew tokens in the token namespace * fix edition-badge test 2018-08-16 17:48:24 +00:00			`modelTypeForKV: computed('engineType', 'options.version', function() {`
			`let type = this.get('engineType');`
UI - upgrading generic secret engines to v2 format (#4750) * remove dev-leased-kv flag, handle non-secret responses in the console * skip lease tests for now * use the newer collection api for ember-page-object * include generic in types that can have a v2 * add tests for generic v2 * isolate kv v2 logic in the secret-engine model and add unit tests 2018-06-14 04:06:19 +00:00			`let version = this.get('options.version');`
			`let modelType = 'secret';`
			`if ((type === 'kv' \|\| type === 'generic') && version === 2) {`
			`modelType = 'secret-v2';`
			`}`
			`return modelType;`
			`}),`

UI Onboarding Wizards (#5196) 2018-08-28 05:03:55 +00:00			`formFields: computed('engineType', function() {`
			`let type = this.get('engineType');`
			`let fields = [`
			`'type',`
			`'path',`
			`'description',`
			`'accessor',`
			`'local',`
			`'sealWrap',`
			`'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',`
			`];`
			`if (type === 'kv' \|\| type === 'generic') {`
			`fields.push('options.{version}');`
			`}`
			`return fields;`
			`}),`

			`formFieldGroups: computed('engineType', function() {`
			`let type = this.get('engineType');`
			`let defaultGroup = { default: ['path'] };`
			`if (type === 'kv' \|\| type === 'generic') {`
			`defaultGroup.default.push('options.{version}');`
			`}`
			`return [`
			`defaultGroup,`
			`{`
			`'Method Options': [`
			`'description',`
			`'config.listingVisibility',`
			`'local',`
			`'sealWrap',`
			`'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',`
			`],`
			`},`
			`];`
			`}),`
UI - make engine list more consistent with the auth method list (#4598) * remove expanding behavior from engines list and add a configuration route * use page header component, secret tab component for the template on the secret engine configuration route * move abstraction to secret-list-header and remove secret-tabs * add attrs to secret engine model and adjust mount controller code to support that * fix top level nav so that we can use the back button properly * fix tests 2018-05-23 16:25:52 +00:00
			`attrs: computed('formFields', function() {`
			`return expandAttributeMeta(this, this.get('formFields'));`
			`}),`

UI Onboarding Wizards (#5196) 2018-08-28 05:03:55 +00:00			`fieldGroups: computed('formFieldGroups', function() {`
			`return fieldToAttrs(this, this.get('formFieldGroups'));`
			`}),`

UI namespaces (#5119) * add namespace sidebar item * depend on ember-inflector directly * list-view and list-item components * fill out components and render empty namespaces page * list namespaces in access * add menu contextual component to list item * popup contextual component * full crud for namespaces * add namespaces service and picker component * split application and vault.cluster templates and controllers, add namespace query param, add namespace-picker to vault.namespace template * remove usage of href-to * remove ember-href-to from deps * add ember-responsive * start styling the picker and link to appropriate namespaces, use ember-responsive to render picker in different places based on the breakpoint * get query param working and save ns to authdata when authenticating, feed through ns in application adapter * move to observer on the controller for setting state on the service * set state in the beforeModel hook and clear the ember data model cache * nav to secrets on change and make error handling more resilient utilizing the method that atlas does to eagerly update URLs * add a list of sys endpoints in a helper * hide header elements if not in the root namespace * debounce namespace input on auth, fix 404 for auth method fetch, move auth method fetch to a task on the auth-form component and refretch on namespace change * fix display of supported engines and exclusion of sys and identity engines * don't fetch replication status if you're in a non-root namespace * hide seal sub-menu if not in the root namespace * don't autocomplete auth form inputs * always send some requests to the root namespace * use methodType and engineType instead of type in case there it is ns_ prefixed * use sys/internal/ui/namespaces to fetch the list in the dropdown * don't use model for namespace picker and always make the request to the token namespace * fix header handling for fetch calls * use namespace-reminder component on creation and edit forms throughout the application * add namespace-reminder to the console * add flat * add deepmerge for creating the tree in the menu * delayed rendering for animation timing * design and code feedback on the first round * white text in the namespace picker * fix namespace picker issues with root keys * separate path-to-tree * add tests for path-to-tree util * hide picker if you're in the root ns and you can't access other namespaces * show error message if you enter invalid characters for namespace path * return a different model if we dont have the namespaces feature and show upgrade page * if a token has a namespace_path, use that as the root user namespace and transition them there on login * use token namespace for user, but use specified namespace to log in * always renew tokens in the token namespace * fix edition-badge test 2018-08-16 17:48:24 +00:00			// namespaces introduced types with a `ns_` prefix for built-in engines
			`// so we need to strip that to normalize the type`
			`engineType: computed('type', function() {`
			`return (this.get('type') \|\| '').replace(/^ns_/, '');`
			`}),`

			`shouldIncludeInList: computed('engineType', function() {`
			`return !LIST_EXCLUDED_BACKENDS.includes(this.get('engineType'));`
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`}),`

			`localDisplay: Ember.computed('local', function() {`
			`return this.get('local') ? 'local' : 'replicated';`
			`}),`

			`// ssh specific ones`
			`privateKey: attr('string'),`
			`publicKey: attr('string'),`
			`generateSigningKey: attr('boolean', {`
			`defaultValue: true,`
			`}),`

			`saveCA(options) {`
			`if (this.get('type') !== 'ssh') {`
			`return;`
			`}`
			`if (options.isDelete) {`
			`this.setProperties({`
			`privateKey: null,`
			`publicKey: null,`
			`generateSigningKey: false,`
			`});`
			`}`
			`return this.save({`
			`adapterOptions: {`
			`options: options,`
			`apiPath: 'config/ca',`
			`attrsToSend: ['privateKey', 'publicKey', 'generateSigningKey'],`
			`},`
			`});`
			`},`

			`saveZeroAddressConfig() {`
			`return this.save({`
			`adapterOptions: {`
			`adapterMethod: 'saveZeroAddressConfig',`
			`},`
			`});`
			`},`

UI - code cleanup (#4699) * use lazyCapabilities macro in models * use expandAttributeMeta and fieldToAttrs everywhere * add angle bracket component polyfill * use PageHeader component throughout 2018-06-12 21:06:37 +00:00			zeroAddressPath: lazyCapabilities(apiPath`${'id'}/config/zeroaddress`, 'id'),
Moving UI assets to OSS 2018-04-03 14:16:57 +00:00			`canEditZeroAddress: computed.alias('zeroAddressPath.canUpdate'),`

			`// aws backend attrs`
			`lease: attr('string'),`
			`leaseMax: attr('string'),`
			`});`