luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

UI/vault 6212/multiple issuer pki changes (#15464) 

* pki copy changes

* change delete endpoint and remove warning

* update test

* fix typo

* remove delete capabilities in the ui

* add changelog

* typo fix
This commit is contained in:
claire bontempo 2022-05-18 11:31:17 -07:00 committed by GitHub
parent 92554ea04e
commit af2c9784df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 33 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
changelog/15464.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:changes
ui: pki issuer delete capabilities have been removed from the UI and reserved for the API and CLI
```

5
ui/app/adapters/pki-ca-certificate.js
View File

@ -65,9 +65,4 @@ export default ApplicationAdapter.extend({
updateRecord() { updateRecord() {
return this.createRecordOrUpdate(...arguments); return this.createRecordOrUpdate(...arguments);
}, },
deleteRecord(store, type, snapshot) {
const backend = snapshot.attr('backend');
return this.ajax(`/v1/${backend}/root`, 'DELETE');
},
}); });

28
ui/app/components/config-pki-ca.js
View File

@ -52,7 +52,7 @@ export default Component.extend({
* @param DS.Model * @param DS.Model
* @public * @public
* *
* a `pki-config` model - passed in in the component useage * a `pki-config` model - passed in in the component usage
* *
*/ */
config: null, config: null,
@ -140,15 +140,10 @@ export default Component.extend({
const isUpload = this.model.uploadPemBundle; const isUpload = this.model.uploadPemBundle;
model model
.save({ adapterOptions: { method } }) .save({ adapterOptions: { method } })
.then((m) => { .then(() => {
if (method === 'setSignedIntermediate' || isUpload) { if (method === 'setSignedIntermediate' || isUpload) {
this.send('refresh'); this.send('refresh');
this.flashMessages.success('The certificate for this backend has been updated.'); this.flashMessages.success('The certificate for this backend has been updated.');
} else if (!m.get('certificate') && !m.get('csr')) {
// if there's no certificate, it wasn't generated and the generation was a noop
this.flashMessages.warning(
'You tried to generate a new root CA, but one currently exists. To replace the existing one, delete it first and then generate again.'
);
} }
}) })
.catch((e) => { .catch((e) => {
@ -158,25 +153,6 @@ export default Component.extend({
this.set('loading', false); this.set('loading', false);
}); });
}, },
deleteCA() {
this.set('loading', true);
const model = this.model;
const backend = model.get('backend');
//TODO Is there better way to do this? This forces the saved state so Ember Data will make a server call.
model.send('pushedData');
model
.destroyRecord()
.then(() => {
this.flashMessages.success(
`The CA key for ${backend} has been deleted. The old CA certificate will still be accessible for reading until a new certificate/key is generated or uploaded.`
);
})
.finally(() => {
this.set('loading', false);
this.send('refresh');
this.createOrReplaceModel();
});
},
refresh() { refresh() {
this.setProperties({ this.setProperties({
setSignedIntermediate: false, setSignedIntermediate: false,

2
ui/app/components/config-pki.js
View File

@ -20,7 +20,7 @@ export default Component.extend({
* @param DS.Model * @param DS.Model
* @public * @public
* *
* a `pki-config` model - passed in in the component useage * a `pki-config` model - passed in in the component usage
* *
*/ */
config: null, config: null,

5
ui/app/models/pki-ca-certificate.js
View File

@ -1,8 +1,6 @@
import { attr } from '@ember-data/model'; import { attr } from '@ember-data/model';
import { and } from '@ember/object/computed';
import { computed } from '@ember/object'; import { computed } from '@ember/object';
import Certificate from './pki-certificate'; import Certificate from './pki-certificate';
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
export default Certificate.extend({ export default Certificate.extend({
DISPLAY_FIELDS: computed(function () { DISPLAY_FIELDS: computed(function () {
@ -151,7 +149,4 @@ export default Certificate.extend({
return groups; return groups;
}), }),
deletePath: lazyCapabilities(apiPath`${'backend'}/root`, 'backend'),
canDeleteRoot: and('deletePath.canDelete', 'deletePath.canSudo'),
}); });

2
ui/app/styles/components/popup-menu.scss
View File

@ -8,7 +8,7 @@
box-shadow: $box-shadow, $box-shadow-middle; box-shadow: $box-shadow, $box-shadow-middle;
padding: 0; padding: 0;
position: relative; position: relative;
width: 200px; width: 210px;
} }
&.is-wide > .box { &.is-wide > .box {

46
ui/app/templates/components/config-pki-ca.hbs
View File

@ -4,7 +4,11 @@
{{#if this.needsConfig}} {{#if this.needsConfig}}
Configure CA Certificate Configure CA Certificate
{{else}} {{else}}
Replace CA Certificate {{#if this.model.certificate}}
Generated Certificate
{{else}}
Add CA Certificate
{{/if}}
{{/if}} {{/if}}
</h2> </h2>
{{#if (or this.model.certificate this.model.csr)}} {{#if (or this.model.certificate this.model.csr)}}
@ -59,13 +63,6 @@
{{else}} {{else}}
<form {{action "saveCA" on="submit"}} data-test-generate-root-cert="true"> <form {{action "saveCA" on="submit"}} data-test-generate-root-cert="true">
<NamespaceReminder @mode="save" @noun="PKI change" /> <NamespaceReminder @mode="save" @noun="PKI change" />
{{#if this.model.uploadPemBundle}}
<AlertBanner
@type="warning"
@message="If you have already set a certificate and key, they will be overridden with the successful saving of a new PEM bundle."
data-test-warning
/>
{{/if}}
<FormFieldGroupsLoop @model={{this.model}} @mode={{this.mode}} /> <FormFieldGroupsLoop @model={{this.model}} @mode={{this.mode}} />
<div class="field is-grouped is-grouped-split box is-fullwidth is-bottomless"> <div class="field is-grouped is-grouped-split box is-fullwidth is-bottomless">
<div class="field is-grouped"> <div class="field is-grouped">
@ -85,18 +82,6 @@
</button> </button>
</div> </div>
</div> </div>
<div class="control">
{{#if this.model.canDeleteRoot}}
<ConfirmAction
@buttonClasses="button"
@confirmTitle="Delete this CA key?"
@confirmMessage="This CA certificate will still be available for reading until a new certificate/key is generated or uploaded."
@onConfirmAction={{action "deleteCA"}}
>
Delete
</ConfirmAction>
{{/if}}
</div>
</div> </div>
</form> </form>
{{/if}} {{/if}}
@ -231,7 +216,7 @@
{{#if this.needsConfig}} {{#if this.needsConfig}}
Configure CA Configure CA
{{else}} {{else}}
Replace CA Add CA
{{/if}} {{/if}}
</button> </button>
</div> </div>
@ -252,5 +237,24 @@
Set signed intermediate Set signed intermediate
</button> </button>
</div> </div>
{{#unless this.needsConfig}}
<div class="control">
<ToolTip @verticalPosition="above" @horizontalPosition="center" as |T|>
<T.Trigger data-test-tooltip-trigger tabindex="-1">
<button type="button" class="button is-primary" disabled={{true}}>
Delete
</button>
</T.Trigger>
<T.Content @defaultClass="tool-tip smaller-font">
<div class="box" data-test-hover-copy-tooltip-text>
Deleting a CA is only available via the CLI and API.
<DocLink @path="/api-docs/secret/pki#delete-issuer" class="doc-link-subtle">
Learn more
</DocLink>
</div>
</T.Content>
</ToolTip>
</div>
{{/unless}}
</div> </div>
{{/if}} {{/if}}

2
ui/tests/integration/components/config-pki-ca-test.js
View File

@ -74,7 +74,7 @@ module('Integration | Component | config pki ca', function (hooks) {
this.set('config', c); this.set('config', c);
await render(hbs`{{config-pki-ca config=config}}`); await render(hbs`{{config-pki-ca config=config}}`);
assert.notOk(component.hasTitle, 'no title in the default state'); assert.notOk(component.hasTitle, 'no title in the default state');
assert.equal(component.replaceCAText, 'Replace CA'); assert.equal(component.replaceCAText, 'Add CA');
assert.equal(component.downloadLinks.length, 3, 'shows download links'); assert.equal(component.downloadLinks.length, 3, 'shows download links');
}); });
}); });