UI - new backends (#4302)

* allow mounting of gcp secrets engine * add models for azure auth method * add azure as a mountable auth method * make dev CSP more like built-in CSP * id -> ID
2018-04-09 14:44:53 -05:00 · 2018-04-09 14:44:53 -05:00 · 067495ccce
parent 5b0885ae49
commit 067495ccce
7 changed files with 57 additions and 0 deletions
--- a/ui/app/adapters/auth-config/azure.js
+++ b/ui/app/adapters/auth-config/azure.js
@ -0,0 +1,2 @@
+import AuthConfig from './_base';
+export default AuthConfig.extend();
--- a/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js
+++ b/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js
@ -11,6 +11,7 @@ export default Ember.Controller.extend({
    { label: 'Cassandra', value: 'cassandra' },
    { label: 'Consul', value: 'consul' },
    { label: 'Databases', value: 'database' },
+    { label: 'Google Cloud', value: 'gcp' },
    { label: 'KV', value: 'kv' },
    { label: 'MongoDB', value: 'mongodb' },
    { label: 'MS SQL', value: 'mssql', deprecated: true },
--- a/ui/app/helpers/mountable-auth-methods.js
+++ b/ui/app/helpers/mountable-auth-methods.js
@ -11,6 +11,11 @@ const MOUNTABLE_AUTH_METHODS = [
    value: 'aws',
    type: 'aws',
  },
+  {
+    displayName: 'Azure',
+    value: 'azure',
+    type: 'azure',
+  },
  {
    displayName: 'Google Cloud',
    value: 'gcp',
--- a/ui/app/helpers/tabs-for-auth-section.js
+++ b/ui/app/helpers/tabs-for-auth-section.js
@ -15,6 +15,12 @@ const TABS_FOR_SETTINGS = {
      routeParams: ['vault.cluster.settings.auth.configure.section', 'roletag-blacklist'],
    },
  ],
+  azure: [
+    {
+      label: 'Configuration',
+      routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
+    },
+  ],
  github: [
    {
      label: 'Configuration',
--- a/ui/app/models/auth-config/azure.js
+++ b/ui/app/models/auth-config/azure.js
@ -0,0 +1,38 @@
+import Ember from 'ember';
+import DS from 'ember-data';
+
+import AuthConfig from '../auth-config';
+import fieldToAttrs from 'vault/utils/field-to-attrs';
+
+const { attr } = DS;
+const { computed } = Ember;
+
+export default AuthConfig.extend({
+  tenantId: attr('string', {
+    label: 'Tenant ID',
+    helpText: 'The tenant ID for the Azure Active Directory organization',
+  }),
+  resource: attr('string', {
+    helpText: 'The configured URL for the application registered in Azure Active Directory',
+  }),
+  clientId: attr('string', {
+    label: 'Client ID',
+    helpText:
+      'The client ID for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.',
+  }),
+  clientSecret: attr('string', {
+    helpText: 'The client secret for credentials to query the Azure APIs',
+  }),
+
+  googleCertsEndpoint: attr('string'),
+
+  fieldGroups: computed(function() {
+    const groups = [
+      { default: ['tenantId', 'resource'] },
+      {
+        'Azure Options': ['clientId', 'clientSecret'],
+      },
+    ];
+    return fieldToAttrs(this, groups);
+  }),
+});
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@ -10,6 +10,7 @@ export default Ember.Route.extend(UnloadModelRoute, {
      'aws-client': 'auth-config/aws/client',
      'aws-identity-whitelist': 'auth-config/aws/identity-whitelist',
      'aws-roletag-blacklist': 'auth-config/aws/roletag-blacklist',
+      'azure-configuration': 'auth-config/azure',
      'github-configuration': 'auth-config/github',
      'gcp-configuration': 'auth-config/gcp',
      'kubernetes-configuration': 'auth-config/kubernetes',
--- a/ui/config/environment.js
+++ b/ui/config/environment.js
@ -55,6 +55,10 @@ module.exports = function(environment) {
  if (environment !== 'production') {
    ENV.contentSecurityPolicyHeader = 'Content-Security-Policy';
    ENV.contentSecurityPolicyMeta = true;
+    ENV.contentSecurityPolicy = {
+      'connect-src': ["'self'"],
+      'style-src': ["'unsafe-inline'", "'self'"],
+    };
  }

  if (environment === 'production') {