83fc61c16b
* OIDC Config Routing (#16028) * adds oidc config routes * renames oidc applications route to clients * UI/vault 6646/landing page (#16069) * add to sidebar * add landing image and text * add permissions * add permissions to permissions service * remove comment * fix. * UI/OIDC models (#16091) * add models and fix routing * add ClientsCreate route * remove form functions from client model * update comment * address comments, cleanup models * add comment * OIDC Adapters and Serializers (#16120) * adds named-path base adapter * adds oidc adapters with tests * adds oidc serializers * fixes issue with supported_scopes relationship in oidc provider model * make radio card size flex (#16125) * OIDC config details routes (#16126) * adds details routes for oidc config resources * adds details templates for oidc config resources * OIDC parent route and index redirection (#16139) * adds parent oidc route with header and adds redirection if clients have been created * updates learn link * adds findRecord override to named-path adapter (#16145) * OIDC Scope Create/Edit View (#16174) * adds oidc scope-form to create and edit views * moves oidc header set logic from route to controller * OIDC Scope Details View (#16191) * adds oidc scope details view * removes disabled arg from scope delete confirm action * updates oidc scope template params link to use DocLink and adds success message on scope create success * updates oidc scope delete confirm action copy * adds oidc scopes list (#16196) * UI/vault 6655/OIDC create view (#16331) * setup header * wip * wip * wip * validations * error validations * cleanup * wip * fix error * clean up * handle modelValidations * add documentation on the decorator * remove spread attrs * first test and some fixes * halfway with test * fix error where the data object was sending param entiyIds and not entity_ids * validations or situation * fix test * small nit: * test if this fixes the test * fix * cleanup * nit * Assignments Update/Edit View (#16412) * wip * fix * render search-select after promise is fulfilled * add test coverage Co-authored-by: clairebontempo@gmail.com <cbontempo@hashicorp.com> * Added list view for keys (#16454) * Added list view for providers (#16442) * Added list view for providers * Removed check for model data length * Added new line at end of file * Fixed linting issues causing ui tests to fail * Added list view for application (#16469) * UI/remove has many relationship (#16470) * remove hasMany from models * remove relationships from assignments create form * update tests * Assignment list view (#16340) * inital setup * handle default allow all * add learn more link * Fixed the default allow_all for assignment list view to match Figma design * Fixed linting * Fixed hbs file syntax Co-authored-by: linda9379 <linda.jiang@hashicorp.com> * configure mirage and helper (#16482) * UI/OIDC client form (#16131) * WIP client form * wip * still WIP * fix form!; * remove computeds, cache form attrs instead * update scope form component name * add white space validation * add validations, cleanup * add edit form * fix link to in edit form * disable edit form * fix linkto * wip/ search select filter * WIP/search-select bug * fix assignment save * delete old modal js file * glimmerize/create new search select modal component * component cleanup * fix bugginess * fix search select and radio select action * add tests * revert some test changes * oops, removed test tag * add key list to response * fix test * move search select component to separate PR, revert changes * one more revert * remove oidc helper from this pr * remove hasMany relationship * minor cleanup * update assignment form to use fallback * fix allow_all appearing in dropdown on edit (#16508) * UI/ OIDC Application (client) details view (#16507) * fix test * finish details page * finish details view * clean u[ * fix typo * configure oidc mirage handler for tests * remove params, add new route instead * fix headers * remove console.log * remove controller/template reliance on tracked variable * rename variable * UI/Client route acceptance tests - fixed branch (#16654) * WIP client route tests * refactor client form so clientType is not edit-able * fix ttl in client form * wip// more acceptance tests and tags for hbs files * fix typo * fix syntax error * finish tests * fix client form test * resolve commits * update form test * OIDC Assignments Details view. (#16511) * setup * cleanup * view all fix * wip setting up tabs * wip * revert to no queryParam or tabs * add the read more component and styling * rename folder * cleanup * fix * UI/OIDC providers create/edit route (#16612) * update to use DocLink component * provider create form * cleaup * add formt est * revert label text * update doclink test * disallow new scopes from ss * fix test typo * fix provider form flash message * add period * test new form field attr * refactor form input * fix edit portion of issuer field * add test selector to new input field * add comment * Cleanup OIDC Config Mirage handler (#16674) * cleaup mirage * change to .then * pull out into config file * Scope acceptance tests (#16707) * Started writing acceptance tests * Added some more acceptance tests * Added tags for hbs and more tests * Modified variable names in scope form test * Fixed tests and linting * UI/OIDC Provider read view (#16632) * add providers/provider/client route * provider details view * add disabled button and tooltip for default * add toolbar separators * revert unrelated change * query all client records and filter by allowed client id" * refactor adapter to filter for clientId * cleanup adapter method * update test * refactor test * fix tests to accommodate for serializer change * update empty state message * fix linting * metadata for client list view (#16725) * Added metadata for list view in clients * Fixed linting * Fixed failing ui test * fix scopes and clients tests (#16768) * Initial fix of tests * Fixed failing scopes and clients acceptance tests * Fixed linting * UI: Key create/edit form (#16729) * add route models * add forms * add test * remove helperText attr * metadata for provider list view (#16738) * Added meta-data for provider list view * Added comment for serializer * Fixed import path for scopes and clients acceptance test files * UI/Add client ids to search select (#16744) * WIP use clientID instead of name * add client ids to search select * remove provider form component changes * fix search select on edit * cleanup comments and method * fix adapter query method * clean up comments * add test * remove destructuring so linting passes * fix tests * add accidentally deleted param * add clarifying comments * cleanup * change how shouldRenderName is set * cleanup tests * address comments * OIDC Assignment Acceptance tests (#16741) * test and fixes * merge stuff * fix * fixes * add waituntil * inconsistent nav issue * fixes * blah * UI/Key details view (#16776) * add details view * reformat model file * todo for when listing applications * add comment * update key form with refactored search select * add applications list * update test * update test * add names to flash messages * add rollbackAttributes to delete catch (#16796) * UI: Checks if records exists before creating record when URL contains :name (#16823) * check for record existing in createRecord * use error banner instead of flash messages for forms * add inline form message for validations * add error count message to inlinealert * add test for adapter * add tests * remove unused vars * UI: Disable limiting clients when creating key, filter clients when editing (#16926) * add tooltip to disabled radio button * pass query object to search select * update copy * add comment * cleanup console log and comment * fix tests * revert change because addressed in other pr * fix diff * fix test * UI: Add redirect when last client is deleted (#16927) * afterModel redirect if no models exist * fix test * change space * fix incorrect text * UI: Add InfoTooltip to selected 'ghost' client_ids (#16942) * return option if undefined * add info tooltip to search select * change word * add test * UI: OIDC config keys acceptance tests (#16968) * add keys test * update other oidc tests * remove-search select comment * UI: Filter Client providers list view (#17027) * pass param to adapter * add test * UI: OIDC Config Acceptance Tests (#17050) * WIP/provider acceptance tests" * WIP/this commit breaks lots of things * fix tests * update test selectors * combine key and client tests * cleanup clients and keys test * finish tests * small tidying * UI: Remove trailing comma from scopes, provider details page (#17069) * use info table row to cleanup scope logic * infotableitemarray cleanup * tidying * add changelog * teeny little empty state * fix wildcard string helper not working Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Angel Garbarino <Monkeychip@users.noreply.github.com> Co-authored-by: Angel Garbarino <argarbarino@gmail.com> Co-authored-by: linda9379 <57650314+linda9379@users.noreply.github.com> Co-authored-by: linda9379 <linda.jiang@hashicorp.com>
176 lines
5.1 KiB
JavaScript
176 lines
5.1 KiB
JavaScript
import Service, { inject as service } from '@ember/service';
|
|
import { task } from 'ember-concurrency';
|
|
|
|
const API_PATHS = {
|
|
access: {
|
|
methods: 'sys/auth',
|
|
mfa: 'identity/mfa/method',
|
|
oidc: 'identity/oidc/client',
|
|
entities: 'identity/entity/id',
|
|
groups: 'identity/group/id',
|
|
leases: 'sys/leases/lookup',
|
|
namespaces: 'sys/namespaces',
|
|
'control-groups': 'sys/control-group/',
|
|
},
|
|
policies: {
|
|
acl: 'sys/policies/acl',
|
|
rgp: 'sys/policies/rgp',
|
|
egp: 'sys/policies/egp',
|
|
},
|
|
tools: {
|
|
wrap: 'sys/wrapping/wrap',
|
|
lookup: 'sys/wrapping/lookup',
|
|
unwrap: 'sys/wrapping/unwrap',
|
|
rewrap: 'sys/wrapping/rewrap',
|
|
random: 'sys/tools/random',
|
|
hash: 'sys/tools/hash',
|
|
},
|
|
status: {
|
|
replication: 'sys/replication',
|
|
license: 'sys/license',
|
|
seal: 'sys/seal',
|
|
raft: 'sys/storage/raft/configuration',
|
|
},
|
|
clients: {
|
|
activity: 'sys/internal/counters/activity',
|
|
config: 'sys/internal/counters/config',
|
|
},
|
|
};
|
|
|
|
const API_PATHS_TO_ROUTE_PARAMS = {
|
|
'sys/auth': { route: 'vault.cluster.access.methods', models: [] },
|
|
'identity/entity/id': { route: 'vault.cluster.access.identity', models: ['entities'] },
|
|
'identity/group/id': { route: 'vault.cluster.access.identity', models: ['groups'] },
|
|
'sys/leases/lookup': { route: 'vault.cluster.access.leases', models: [] },
|
|
'sys/namespaces': { route: 'vault.cluster.access.namespaces', models: [] },
|
|
'sys/control-group/': { route: 'vault.cluster.access.control-groups', models: [] },
|
|
'identity/mfa/method': { route: 'vault.cluster.access.mfa', models: [] },
|
|
'identity/oidc/client': { route: 'vault.cluster.access.oidc', models: [] },
|
|
};
|
|
|
|
/*
|
|
The Permissions service is used to gate top navigation and sidebar items.
|
|
It fetches a users' policy from the resultant-acl endpoint and stores their
|
|
allowed exact and glob paths as state. It also has methods for checking whether
|
|
a user has permission for a given path.
|
|
*/
|
|
|
|
export default Service.extend({
|
|
exactPaths: null,
|
|
globPaths: null,
|
|
canViewAll: null,
|
|
store: service(),
|
|
auth: service(),
|
|
namespace: service(),
|
|
|
|
getPaths: task(function* () {
|
|
if (this.paths) {
|
|
return;
|
|
}
|
|
|
|
try {
|
|
let resp = yield this.store.adapterFor('permissions').query();
|
|
this.setPaths(resp);
|
|
return;
|
|
} catch (err) {
|
|
// If no policy can be found, default to showing all nav items.
|
|
this.set('canViewAll', true);
|
|
}
|
|
}),
|
|
|
|
setPaths(resp) {
|
|
this.set('exactPaths', resp.data.exact_paths);
|
|
this.set('globPaths', resp.data.glob_paths);
|
|
this.set('canViewAll', resp.data.root);
|
|
},
|
|
|
|
reset() {
|
|
this.set('exactPaths', null);
|
|
this.set('globPaths', null);
|
|
this.set('canViewAll', null);
|
|
},
|
|
|
|
hasNavPermission(navItem, routeParams) {
|
|
if (routeParams) {
|
|
// viewing the entity and groups pages require the list capability, while the others require the default, which is anything other than deny
|
|
let capability = routeParams === 'entities' || routeParams === 'groups' ? ['list'] : [null];
|
|
|
|
return this.hasPermission(API_PATHS[navItem][routeParams], capability);
|
|
}
|
|
return Object.values(API_PATHS[navItem]).some((path) => this.hasPermission(path));
|
|
},
|
|
|
|
navPathParams(navItem) {
|
|
const path = Object.values(API_PATHS[navItem]).find((path) => this.hasPermission(path));
|
|
if (['policies', 'tools'].includes(navItem)) {
|
|
return { models: [path.split('/').lastObject] };
|
|
}
|
|
|
|
return API_PATHS_TO_ROUTE_PARAMS[path];
|
|
},
|
|
|
|
pathNameWithNamespace(pathName) {
|
|
const namespace = this.namespace.path;
|
|
if (namespace) {
|
|
return `${namespace}/${pathName}`;
|
|
} else {
|
|
return pathName;
|
|
}
|
|
},
|
|
|
|
hasPermission(pathName, capabilities = [null]) {
|
|
const path = this.pathNameWithNamespace(pathName);
|
|
|
|
if (this.canViewAll) {
|
|
return true;
|
|
}
|
|
|
|
return capabilities.every(
|
|
(capability) =>
|
|
this.hasMatchingExactPath(path, capability) || this.hasMatchingGlobPath(path, capability)
|
|
);
|
|
},
|
|
|
|
hasMatchingExactPath(pathName, capability) {
|
|
const exactPaths = this.exactPaths;
|
|
if (exactPaths) {
|
|
const prefix = Object.keys(exactPaths).find((path) => path.startsWith(pathName));
|
|
const hasMatchingPath = prefix && !this.isDenied(exactPaths[prefix]);
|
|
|
|
if (prefix && capability) {
|
|
return this.hasCapability(exactPaths[prefix], capability) && hasMatchingPath;
|
|
}
|
|
|
|
return hasMatchingPath;
|
|
}
|
|
return false;
|
|
},
|
|
|
|
hasMatchingGlobPath(pathName, capability) {
|
|
const globPaths = this.globPaths;
|
|
if (globPaths) {
|
|
const matchingPath = Object.keys(globPaths).find((k) => {
|
|
return pathName.includes(k) || pathName.includes(k.replace(/\/$/, ''));
|
|
});
|
|
const hasMatchingPath =
|
|
(matchingPath && !this.isDenied(globPaths[matchingPath])) ||
|
|
Object.prototype.hasOwnProperty.call(globPaths, '');
|
|
|
|
if (matchingPath && capability) {
|
|
return this.hasCapability(globPaths[matchingPath], capability) && hasMatchingPath;
|
|
}
|
|
|
|
return hasMatchingPath;
|
|
}
|
|
return false;
|
|
},
|
|
|
|
hasCapability(path, capability) {
|
|
return path.capabilities.includes(capability);
|
|
},
|
|
|
|
isDenied(path) {
|
|
return path.capabilities.includes('deny');
|
|
},
|
|
});
|