2e44d2020a
* Ember Engine for Kubernetes Secrets Engine (#17881) * adds in-repo ember engine for kubernetes secrets engine * updates kubernetes engine class name * Kubernetes route plumbing (#17895) * kubernetes route plumbing * adds kubernetes role index route with redirect to details * adds kubernetes as mountable and supported secrets engine (#17891) * adds models, adapters and serializers for kubernetes secrets engine (#18010) * adds mirage factories and handlers for kubernetes (#17943) * Kubernetes Secrets Engine Configuration (#18093) * moves RadioCard component to core addon * adds kubernetes configuration view * fixes tests using RadioCard after label for and input id changes * adds confirm modal when editing kubernetes config * addresses review comments * Kubernetes Configuration View (#18147) * removes configuration edit and index routes * adds kubernetes configuration view * Kubernetes Roles List (#18211) * removes configuration edit and index routes * adds kubernetes configuration view * adds kubernetes secrets engine roles list view * updates role details disabled state to explicitly check for false * VAULT-9863 Kubernetes Overview Page (#18232) * Add overview page view * Add overview page tests * Address feedback to update tests and minor changes * Use template built in helper for conditionally showing num roles * Set up roleOptions in constructor * Set up models in tests and fix minor bug * Kubernetes Secrets Engine Create/Edit Views (#18271) * moves kv-object-editor to core addon * moves json-editor to core addon * adds kubernetes secrets engine create/edit views * updates kubernetes/role adapter test * addresses feedback * fixes issue with overview route showing 404 page (#18303) * Kubernetes Role Details View (#18294) * moves format-duration helper to core addon * adds kubernetes secrets engine role details view * adds tests for role details page component * adds capabilities checks for toolbar actions * fixes list link for secrets in an ember engine (#18313) * Manual Testing: Bug Fixes and Improvements (#18333) * updates overview, configuration and roles components to pass args for individual model properties * bug fixes and improvements * adds top level index route to redirect to overview * VAULT-9877 Kubernetes Credential Generate/View Pages (#18270) * Add credentials route with create and view components * Update mirage response for creds and add ajax post call for creds in adapter * Move credentials create and view into one component * Add test classes * Remove files and update backend property name * Code cleanup and add tests * Put test helper in helper function * Add one more test! * Add code optimizations * Fix model in route and add form * Add onSubmit to form and preventDefault * Fix tests * Update mock data for test to be strong rather than record * adds acceptance tests for kubernetes secrets engine roles (#18360) * VAULT-11862 Kubernetes acceptance tests (#18431) * VAULT-12185 overview acceptance tests * VAULT-12298 credentials acceptance tests * VAULT-12186 configuration acceptance tests * VAULT-12127 Refactor breadcrumbs to use breadcrumb component (#18489) * VAULT-12127 Refactor breadcrumbs to use Page::Breadcrumbs component * Fix failing tests by adding breadcrumbs properties * VAULT-12166 add jsdocs to kubernetes secrets engine pages (#18509) * fixes incorrect merge conflict resolution * updates kubernetes check env vars endpoint (#18588) * hides kubernetes ca cert field if not defined in configuration view * fixes loading substate handling issue (#18592) * adds changelog entry Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
151 lines
4.4 KiB
JavaScript
151 lines
4.4 KiB
JavaScript
const example = `# The below is an example that you can use as a starting point.
|
|
#
|
|
# rules:
|
|
# - apiGroups: [""]
|
|
# resources: ["serviceaccounts", "serviceaccounts/token"]
|
|
# verbs: ["create", "update", "delete"]
|
|
# - apiGroups: ["rbac.authorization.k8s.io"]
|
|
# resources: ["rolebindings", "clusterrolebindings"]
|
|
# verbs: ["create", "update", "delete"]
|
|
# - apiGroups: ["rbac.authorization.k8s.io"]
|
|
# resources: ["roles", "clusterroles"]
|
|
# verbs: ["bind", "escalate", "create", "update", "delete"]
|
|
`;
|
|
|
|
const readResources = `rules:
|
|
- apiGroups: [""]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["extensions"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["batch"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["autoscaling"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
`;
|
|
|
|
const editResources = `rules:
|
|
- apiGroups: [""]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
["pods", "pods/attach", "pods/exec", "pods/portforward", "pods/proxy"]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: [""]
|
|
resources:
|
|
[
|
|
"configmaps",
|
|
"events",
|
|
"persistentvolumeclaims",
|
|
"replicationcontrollers",
|
|
"replicationcontrollers/scale",
|
|
"secrets",
|
|
"serviceaccounts",
|
|
"services",
|
|
"services/proxy",
|
|
]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts/token"]
|
|
verbs: ["create"]
|
|
- apiGroups: ["extensions"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["extensions"]
|
|
resources:
|
|
[
|
|
"daemonsets",
|
|
"deployments",
|
|
"deployments/rollback",
|
|
"deployments/scale",
|
|
"ingresses",
|
|
"networkpolicies",
|
|
"replicasets",
|
|
"replicasets/scale",
|
|
"replicationcontrollers/scale",
|
|
]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["apps"]
|
|
resources:
|
|
[
|
|
"daemonsets",
|
|
"deployments",
|
|
"deployments/rollback",
|
|
"deployments/scale",
|
|
"replicasets",
|
|
"replicasets/scale",
|
|
"statefulsets",
|
|
"statefulsets/scale",
|
|
]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: ["batch"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["batch"]
|
|
resources: ["cronjobs", "jobs"]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["policy"]
|
|
resources: ["poddisruptionbudgets"]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["ingresses", "networkpolicies"]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
- apiGroups: ["autoscaling"]
|
|
resources: ["*"]
|
|
verbs: ["get", "watch", "list"]
|
|
- apiGroups: ["autoscaling"]
|
|
resources: ["horizontalpodautoscalers"]
|
|
verbs: ["create", "delete", "deletecollection", "patch", "update"]
|
|
`;
|
|
|
|
const updatePods = `rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets", "configmaps", "pods", "endpoints"]
|
|
verbs: ["get", "watch", "list", "create", "delete", "deletecollection", "patch", "update"]
|
|
`;
|
|
|
|
const updateServices = `rules:
|
|
- apiGroups: [""]
|
|
resources: ["secrets", "services"]
|
|
verbs: ["get", "watch", "list", "create", "delete", "deletecollection", "patch", "update"]
|
|
`;
|
|
|
|
const usePolicies = `rules:
|
|
- apiGroups: ['policy']
|
|
resources: ['podsecuritypolicies']
|
|
verbs: ['use']
|
|
resourceNames:
|
|
- <list of policies to authorize>
|
|
`;
|
|
|
|
export const getRules = () => [
|
|
{ id: '1', label: 'No template', rules: example },
|
|
{ id: '2', label: 'Read resources in a namespace', rules: readResources },
|
|
{ id: '3', label: 'Edit resources in a namespace', rules: editResources },
|
|
{ id: '4', label: 'Update pods, secrets, configmaps, and endpoints', rules: updatePods },
|
|
{ id: '5', label: 'Update services and secrets', rules: updateServices },
|
|
{ id: '6', label: 'Use pod security policies', rules: usePolicies },
|
|
];
|