open-vault/ui/app/models/role-ssh.js
2018-04-03 09:16:57 -05:00

194 lines
5.3 KiB
JavaScript

import Ember from 'ember';
import DS from 'ember-data';
import { queryRecord } from 'ember-computed-query';
const { attr } = DS;
const { computed, get } = Ember;
// these arrays define the order in which the fields will be displayed
// see
// https://github.com/hashicorp/vault/blob/master/builtin/logical/ssh/path_roles.go#L542 for list of fields for each key type
const OTP_FIELDS = [
'name',
'keyType',
'defaultUser',
'adminUser',
'port',
'allowedUsers',
'cidrList',
'excludeCidrList',
];
const CA_FIELDS = [
'name',
'keyType',
'allowUserCertificates',
'allowHostCertificates',
'defaultUser',
'allowedUsers',
'allowedDomains',
'ttl',
'maxTtl',
'allowedCriticalOptions',
'defaultCriticalOptions',
'allowedExtensions',
'defaultExtensions',
'allowBareDomains',
'allowSubdomains',
'allowUserKeyIds',
'keyIdFormat',
];
export default DS.Model.extend({
zeroAddress: attr('boolean', {
readOnly: true,
}),
backend: attr('string', {
readOnly: true,
}),
name: attr('string', {
label: 'Role name',
fieldValue: 'id',
readOnly: true,
}),
keyType: attr('string', {
possibleValues: ['ca', 'otp'],
}),
adminUser: attr('string', {
helpText: 'Username of the admin user at the remote host',
}),
defaultUser: attr('string', {
helpText: "Username to use when one isn't specified",
}),
allowedUsers: attr('string', {
helpText:
'Create a whitelist of users that can use this key (e.g. `admin, dev`, or use `*` to allow all)',
}),
allowedDomains: attr('string', {
helpText:
'List of domains for which a client can request a certificate (e.g. `example.com`, or `*` to allow all)',
}),
cidrList: attr('string', {
label: 'CIDR list',
helpText: 'List of CIDR blocks for which this role is applicable',
}),
excludeCidrList: attr('string', {
label: 'Exclude CIDR list',
helpText: 'List of CIDR blocks that are not accepted by this role',
}),
port: attr('number', {
defaultValue: 22,
helpText: 'Port number for the SSH connection (default is `22`)',
}),
ttl: attr({
label: 'TTL',
editType: 'ttl',
}),
maxTtl: attr({
label: 'Max TTL',
editType: 'ttl',
}),
allowedCriticalOptions: attr('string', {
helpText: 'List of critical options that certificates have when signed',
}),
defaultCriticalOptions: attr('object', {
helpText: 'Map of critical options certificates should have if none are provided when signing',
}),
allowedExtensions: attr('string', {
helpText: 'List of extensions that certificates can have when signed',
}),
defaultExtensions: attr('object', {
helpText: 'Map of extensions certificates should have if none are provided when signing',
}),
allowUserCertificates: attr('boolean', {
helpText: 'Specifies if certificates are allowed to be signed for us as a user',
}),
allowHostCertificates: attr('boolean', {
helpText: 'Specifies if certificates are allowed to be signed for us as a host',
}),
allowBareDomains: attr('boolean', {
helpText:
'Specifies if host certificates that are requested are allowed to use the base domains listed in Allowed Domains',
}),
allowSubdomains: attr('boolean', {
helpText:
'Specifies if host certificates that are requested are allowed to be subdomains of those listed in Allowed Domains',
}),
allowUserKeyIds: attr('boolean', {
label: 'Allow user key IDs',
helpText: 'Specifies if users can override the key ID for a signed certificate with the "key_id" field',
}),
keyIdFormat: attr('string', {
label: 'Key ID format',
helpText: 'When supplied, this value specifies a custom format for the key id of a signed certificate',
}),
attrsForKeyType: computed('keyType', function() {
const keyType = this.get('keyType');
let keys = keyType === 'ca' ? CA_FIELDS.slice(0) : OTP_FIELDS.slice(0);
get(this.constructor, 'attributes').forEach((meta, name) => {
const index = keys.indexOf(name);
if (index === -1) {
return;
}
keys.replace(index, 1, {
type: meta.type,
name,
options: meta.options,
});
});
return keys;
}),
updatePath: queryRecord(
'capabilities',
context => {
const { backend, id } = context.getProperties('backend', 'id');
return {
id: `${backend}/roles/${id}`,
};
},
'id',
'backend'
),
canDelete: computed.alias('updatePath.canDelete'),
canEdit: computed.alias('updatePath.canUpdate'),
canRead: computed.alias('updatePath.canRead'),
generatePath: queryRecord(
'capabilities',
context => {
const { backend, id } = context.getProperties('backend', 'id');
return {
id: `${backend}/creds/${id}`,
};
},
'id',
'backend'
),
canGenerate: computed.alias('generatePath.canUpdate'),
signPath: queryRecord(
'capabilities',
context => {
const { backend, id } = context.getProperties('backend', 'id');
return {
id: `${backend}/sign/${id}`,
};
},
'id',
'backend'
),
canSign: computed.alias('signPath.canUpdate'),
zeroAddressPath: queryRecord(
'capabilities',
context => {
const { backend } = context.getProperties('backend');
return {
id: `${backend}/config/zeroaddress`,
};
},
'backend'
),
canEditZeroAddress: computed.alias('zeroAddressPath.canUpdate'),
});