081db3a240
* Update ember-cli to ~3.20 * Remove bad optional-feature * Remove ember-fetch dep * re-install ember-fetch * update model fragments pr * update ember model fragments correct package name * update ember composable helpers to solve array helper error * update ember-concurrency * add back engine dependencies, automatically removed during ember-cli-upgrade * make author-form-options component js file otherwise error * for now comment out withTestWaiter * add eslint-node and fix if not with unless in templates * fix linting for tab index of false is now -1 and add type button to all buttons without types * fix href errors for linting, likely have to come back and fix * using eslint fix flag to fix all this.gets * ember modules codemode removed files that had module twice, will fix in next commit * finish codemode ember-data-codemod needed to rename const model * more this.get removal codemode did not work * cont. removal of this.get * stop mixin rules until figure out how to reconfig them all * smaller eslint ignores * get codemode * testing app small fixes to bring it back after all the changes * small changes to eslint * test removal of getProperties * fix issue with baseKey because value could be unknown needed to add a question mark in nested get * smaller linting fixes * get nested fixes * small linting error fixes * small linting changes * working through more small linting changes * another round of linting modifications * liniting fixes * ember module codemod * quinit dom codemod * angle bracket codemod * discovered that components must have js files * ran all codemods this is all that's left * small changes to fix get needs two object, should not have been using get. * fix issue with one input in form field * fun times with set and onChange from oninput * fix issue with model not being passed through on secret-edit-display * fix issue with yarn run test not working, revert without npm run all * linting and small fix when loading without a selectAuthBackend * fix failing test with ui-wizard issue * fix test failure due to model not being asked for correctly with new changes, probably run into this more. * fix issue with component helper and at props specific to wizard * rename log to clilog due to conflict with new eslint rule * small changes for test failures * component helper at fixes * Revert to old component style something with new one broke this and can't figure it out for now * small fishy smelling test fixes will revisit * small test changes * more small test changes, appears upgrade treats spaces differently * comment out code and test that no longer seems relevant but confirm * clean run on component test though still some potential timing issues on ui-console test * fixing one auth test issue and timing issue on enable-test * small mods * fix this conditional check from upgrade * linting fixes after master merge * package updates using yarn upgrade-interactive * update libraries that did not effect any of the test failures. * update ember truth helpers library * settling tests * Fix ui-panel control group output * fix features selection test failures * Fix auth tests (x-vault-token) * fix shared test * fix issue with data null on backend * Revert "Fix auth tests (x-vault-token)" This reverts commit 89cb174b2f1998efa56d9604d14131415ae65d6f. * Fix auth tests (x-vault-token) without updating this.set * Update redirect-to tests * fix wrapped token test * skip some flaky test * fix issue with href and a tags vs buttons * fix linting * updates to get tests running (#10409) * yarn isntall * increasing resource_class * whoops * trying large * back to xlarge * Fix param issue on transform item routes * test fixes * settle on policies (old) test * fix browserstack test warning and skips of test confirmed worked * Fix redirect-to test * skips * fix transformation test and skip some kmip * Skip tests * Add meep marker to remaining failing tests * Skip test with failing component * rever skip on secret-create test * Skip piece of test that fails due to navigation-input * fix settings test where can and skip in others after confirming * fix circle ci test failures * ssh role settle * Fix navigate-input and add settled to test * Remove extra import * secret cubbyhole and alicloud * Add settled to gcpkms test * settles on redirect to test * Bump browserstack test resource to large * Update browserstack resource size to xlarge * update todos * add back in withTestWaiter * try and fix credentials conditional action added comment instead * Update volatile computed properies to get functions * this step was never reached and we never defined secretType anywhere so I removed * add settled to policy old test * Fix navigate-input on policies and leases * replace ssh test with no var hoping that helps and add settled to other failing tests, unskip console tests * kmip, transit, role test remove a skip and add in settled * fix hover copy button, had to remove some testing functionality * Remove private router service * remove skip on control ssh and ui panel, fix search select by restructuring how to read the error * final bit of working through skipped test * Replace clearNonGlobalModels by linking directly to namespace with href-to * Remove unused var * Fix role-ssh id bug by updating form-field-from-model to form-field-group-loop * Fix transit create id would not update * Update option toggle selector for ssh-role * Fix ssh selector * cleanup pt1 * small clean up * cleanup part2 * Fix computed on pricing-metrics-form * small cleanup based on chelseas comments. Co-authored-by: Chelsea Shaw <chelshaw.dev@gmail.com> Co-authored-by: Sarah Thompson <sthompson@hashicorp.com>
171 lines
4.8 KiB
JavaScript
171 lines
4.8 KiB
JavaScript
import Service, { inject as service } from '@ember/service';
|
|
import { task } from 'ember-concurrency';
|
|
|
|
const API_PATHS = {
|
|
access: {
|
|
methods: 'sys/auth',
|
|
entities: 'identity/entity/id',
|
|
groups: 'identity/group/id',
|
|
leases: 'sys/leases/lookup',
|
|
namespaces: 'sys/namespaces',
|
|
'control-groups': 'sys/control-group/',
|
|
},
|
|
policies: {
|
|
acl: 'sys/policies/acl',
|
|
rgp: 'sys/policies/rgp',
|
|
egp: 'sys/policies/egp',
|
|
},
|
|
tools: {
|
|
wrap: 'sys/wrapping/wrap',
|
|
lookup: 'sys/wrapping/lookup',
|
|
unwrap: 'sys/wrapping/unwrap',
|
|
rewrap: 'sys/wrapping/rewrap',
|
|
random: 'sys/tools/random',
|
|
hash: 'sys/tools/hash',
|
|
},
|
|
status: {
|
|
replication: 'sys/replication',
|
|
license: 'sys/license',
|
|
seal: 'sys/seal',
|
|
raft: 'sys/storage/raft/configuration',
|
|
},
|
|
metrics: {
|
|
activity: 'sys/internal/counters/activity',
|
|
config: 'sys/internal/counters/config',
|
|
},
|
|
};
|
|
|
|
const API_PATHS_TO_ROUTE_PARAMS = {
|
|
'sys/auth': ['vault.cluster.access.methods'],
|
|
'identity/entity/id': ['vault.cluster.access.identity', 'entities'],
|
|
'identity/group/id': ['vault.cluster.access.identity', 'groups'],
|
|
'sys/leases/lookup': ['vault.cluster.access.leases'],
|
|
'sys/namespaces': ['vault.cluster.access.namespaces'],
|
|
'sys/control-group/': ['vault.cluster.access.control-groups'],
|
|
};
|
|
|
|
/*
|
|
The Permissions service is used to gate top navigation and sidebar items.
|
|
It fetches a users' policy from the resultant-acl endpoint and stores their
|
|
allowed exact and glob paths as state. It also has methods for checking whether
|
|
a user has permission for a given path.
|
|
*/
|
|
|
|
export default Service.extend({
|
|
exactPaths: null,
|
|
globPaths: null,
|
|
canViewAll: null,
|
|
store: service(),
|
|
auth: service(),
|
|
namespace: service(),
|
|
|
|
getPaths: task(function*() {
|
|
if (this.paths) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
let resp = yield this.store.adapterFor('permissions').query();
|
|
this.setPaths(resp);
|
|
return;
|
|
} catch (err) {
|
|
// If no policy can be found, default to showing all nav items.
|
|
this.set('canViewAll', true);
|
|
}
|
|
}),
|
|
|
|
setPaths(resp) {
|
|
this.set('exactPaths', resp.data.exact_paths);
|
|
this.set('globPaths', resp.data.glob_paths);
|
|
this.set('canViewAll', resp.data.root);
|
|
},
|
|
|
|
reset() {
|
|
this.set('exactPaths', null);
|
|
this.set('globPaths', null);
|
|
this.set('canViewAll', null);
|
|
},
|
|
|
|
hasNavPermission(navItem, routeParams) {
|
|
if (routeParams) {
|
|
// viewing the entity and groups pages require the list capability, while the others require the default, which is anything other than deny
|
|
let capability = routeParams === 'entities' || routeParams === 'groups' ? ['list'] : [null];
|
|
|
|
return this.hasPermission(API_PATHS[navItem][routeParams], capability);
|
|
}
|
|
return Object.values(API_PATHS[navItem]).some(path => this.hasPermission(path));
|
|
},
|
|
|
|
navPathParams(navItem) {
|
|
const path = Object.values(API_PATHS[navItem]).find(path => this.hasPermission(path));
|
|
if (['policies', 'tools'].includes(navItem)) {
|
|
return path.split('/').lastObject;
|
|
}
|
|
|
|
return API_PATHS_TO_ROUTE_PARAMS[path];
|
|
},
|
|
|
|
pathNameWithNamespace(pathName) {
|
|
const namespace = this.namespace.path;
|
|
if (namespace) {
|
|
return `${namespace}/${pathName}`;
|
|
} else {
|
|
return pathName;
|
|
}
|
|
},
|
|
|
|
hasPermission(pathName, capabilities = [null]) {
|
|
const path = this.pathNameWithNamespace(pathName);
|
|
|
|
if (this.canViewAll) {
|
|
return true;
|
|
}
|
|
|
|
return capabilities.every(
|
|
capability => this.hasMatchingExactPath(path, capability) || this.hasMatchingGlobPath(path, capability)
|
|
);
|
|
},
|
|
|
|
hasMatchingExactPath(pathName, capability) {
|
|
const exactPaths = this.exactPaths;
|
|
if (exactPaths) {
|
|
const prefix = Object.keys(exactPaths).find(path => path.startsWith(pathName));
|
|
const hasMatchingPath = prefix && !this.isDenied(exactPaths[prefix]);
|
|
|
|
if (prefix && capability) {
|
|
return this.hasCapability(exactPaths[prefix], capability) && hasMatchingPath;
|
|
}
|
|
|
|
return hasMatchingPath;
|
|
}
|
|
return false;
|
|
},
|
|
|
|
hasMatchingGlobPath(pathName, capability) {
|
|
const globPaths = this.globPaths;
|
|
if (globPaths) {
|
|
const matchingPath = Object.keys(globPaths).find(k => {
|
|
return pathName.includes(k) || pathName.includes(k.replace(/\/$/, ''));
|
|
});
|
|
const hasMatchingPath =
|
|
(matchingPath && !this.isDenied(globPaths[matchingPath])) ||
|
|
Object.prototype.hasOwnProperty.call(globPaths, '');
|
|
|
|
if (matchingPath && capability) {
|
|
return this.hasCapability(globPaths[matchingPath], capability) && hasMatchingPath;
|
|
}
|
|
|
|
return hasMatchingPath;
|
|
}
|
|
return false;
|
|
},
|
|
|
|
hasCapability(path, capability) {
|
|
return path.capabilities.includes(capability);
|
|
},
|
|
|
|
isDenied(path) {
|
|
return path.capabilities.includes('deny');
|
|
},
|
|
});
|