From 067495ccce1ad02c5cfd7a786d03e4cb71b097d7 Mon Sep 17 00:00:00 2001
From: Matthew Irish <meirish@users.noreply.github.com>
Date: Mon, 9 Apr 2018 14:44:53 -0500
Subject: [PATCH] UI - new backends (#4302)

* allow mounting of gcp secrets engine

* add models for azure auth method

* add azure as a mountable auth method

* make dev CSP more like built-in CSP

* id -> ID
---
 ui/app/adapters/auth-config/azure.js          |  2 +
 .../cluster/settings/mount-secret-backend.js  |  1 +
 ui/app/helpers/mountable-auth-methods.js      |  5 +++
 ui/app/helpers/tabs-for-auth-section.js       |  6 +++
 ui/app/models/auth-config/azure.js            | 38 +++++++++++++++++++
 .../settings/auth/configure/section.js        |  1 +
 ui/config/environment.js                      |  4 ++
 7 files changed, 57 insertions(+)
 create mode 100644 ui/app/adapters/auth-config/azure.js
 create mode 100644 ui/app/models/auth-config/azure.js

diff --git a/ui/app/adapters/auth-config/azure.js b/ui/app/adapters/auth-config/azure.js
new file mode 100644
index 000000000..21f5624ac
--- /dev/null
+++ b/ui/app/adapters/auth-config/azure.js
@@ -0,0 +1,2 @@
+import AuthConfig from './_base';
+export default AuthConfig.extend();
diff --git a/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js b/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js
index f23db482a..b43c8666d 100644
--- a/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js
+++ b/ui/app/controllers/vault/cluster/settings/mount-secret-backend.js
@@ -11,6 +11,7 @@ export default Ember.Controller.extend({
     { label: 'Cassandra', value: 'cassandra' },
     { label: 'Consul', value: 'consul' },
     { label: 'Databases', value: 'database' },
+    { label: 'Google Cloud', value: 'gcp' },
     { label: 'KV', value: 'kv' },
     { label: 'MongoDB', value: 'mongodb' },
     { label: 'MS SQL', value: 'mssql', deprecated: true },
diff --git a/ui/app/helpers/mountable-auth-methods.js b/ui/app/helpers/mountable-auth-methods.js
index 42433132a..a20ae3c25 100644
--- a/ui/app/helpers/mountable-auth-methods.js
+++ b/ui/app/helpers/mountable-auth-methods.js
@@ -11,6 +11,11 @@ const MOUNTABLE_AUTH_METHODS = [
     value: 'aws',
     type: 'aws',
   },
+  {
+    displayName: 'Azure',
+    value: 'azure',
+    type: 'azure',
+  },
   {
     displayName: 'Google Cloud',
     value: 'gcp',
diff --git a/ui/app/helpers/tabs-for-auth-section.js b/ui/app/helpers/tabs-for-auth-section.js
index ca83443f9..cd4d917a7 100644
--- a/ui/app/helpers/tabs-for-auth-section.js
+++ b/ui/app/helpers/tabs-for-auth-section.js
@@ -15,6 +15,12 @@ const TABS_FOR_SETTINGS = {
       routeParams: ['vault.cluster.settings.auth.configure.section', 'roletag-blacklist'],
     },
   ],
+  azure: [
+    {
+      label: 'Configuration',
+      routeParams: ['vault.cluster.settings.auth.configure.section', 'configuration'],
+    },
+  ],
   github: [
     {
       label: 'Configuration',
diff --git a/ui/app/models/auth-config/azure.js b/ui/app/models/auth-config/azure.js
new file mode 100644
index 000000000..ab2a64a88
--- /dev/null
+++ b/ui/app/models/auth-config/azure.js
@@ -0,0 +1,38 @@
+import Ember from 'ember';
+import DS from 'ember-data';
+
+import AuthConfig from '../auth-config';
+import fieldToAttrs from 'vault/utils/field-to-attrs';
+
+const { attr } = DS;
+const { computed } = Ember;
+
+export default AuthConfig.extend({
+  tenantId: attr('string', {
+    label: 'Tenant ID',
+    helpText: 'The tenant ID for the Azure Active Directory organization',
+  }),
+  resource: attr('string', {
+    helpText: 'The configured URL for the application registered in Azure Active Directory',
+  }),
+  clientId: attr('string', {
+    label: 'Client ID',
+    helpText:
+      'The client ID for credentials to query the Azure APIs. Currently read permissions to query compute resources are required.',
+  }),
+  clientSecret: attr('string', {
+    helpText: 'The client secret for credentials to query the Azure APIs',
+  }),
+
+  googleCertsEndpoint: attr('string'),
+
+  fieldGroups: computed(function() {
+    const groups = [
+      { default: ['tenantId', 'resource'] },
+      {
+        'Azure Options': ['clientId', 'clientSecret'],
+      },
+    ];
+    return fieldToAttrs(this, groups);
+  }),
+});
diff --git a/ui/app/routes/vault/cluster/settings/auth/configure/section.js b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
index cfcdfd2ef..6c9c7d78b 100644
--- a/ui/app/routes/vault/cluster/settings/auth/configure/section.js
+++ b/ui/app/routes/vault/cluster/settings/auth/configure/section.js
@@ -10,6 +10,7 @@ export default Ember.Route.extend(UnloadModelRoute, {
       'aws-client': 'auth-config/aws/client',
       'aws-identity-whitelist': 'auth-config/aws/identity-whitelist',
       'aws-roletag-blacklist': 'auth-config/aws/roletag-blacklist',
+      'azure-configuration': 'auth-config/azure',
       'github-configuration': 'auth-config/github',
       'gcp-configuration': 'auth-config/gcp',
       'kubernetes-configuration': 'auth-config/kubernetes',
diff --git a/ui/config/environment.js b/ui/config/environment.js
index 2ada400f9..719688c76 100644
--- a/ui/config/environment.js
+++ b/ui/config/environment.js
@@ -55,6 +55,10 @@ module.exports = function(environment) {
   if (environment !== 'production') {
     ENV.contentSecurityPolicyHeader = 'Content-Security-Policy';
     ENV.contentSecurityPolicyMeta = true;
+    ENV.contentSecurityPolicy = {
+      'connect-src': ["'self'"],
+      'style-src': ["'unsafe-inline'", "'self'"],
+    };
   }
 
   if (environment === 'production') {