Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

UI/add allowed response headers secret mount #19216

Merged
merged 5 commits into from
Feb 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog/19216.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
ui: adds allowed_response_headers as param for secret engine mount config
```
7 changes: 7 additions & 0 deletions ui/app/models/mount-config.js
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ export default class MountConfigModel extends Model {
})
passthroughRequestHeaders;

@attr({
label: 'Allowed response headers',
helpText: 'Headers to allow, allowing a plugin to include them in the response.',
editType: 'stringArray',
})
allowedResponseHeaders;

@attr('string', {
label: 'Token Type',
helpText:
Expand Down
14 changes: 8 additions & 6 deletions ui/app/models/secret-engine.js
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,9 @@ export default SecretEngineModel.extend({
const fields = ['type', 'path', 'description', 'accessor', 'local', 'sealWrap'];
// no ttl options for keymgmt
const ttl = type !== 'keymgmt' ? 'defaultLeaseTtl,maxLeaseTtl,' : '';
fields.push(`config.{${ttl}auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}`);
fields.push(
`config.{${ttl}auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}`
);
if (type === 'kv' || type === 'generic') {
fields.push('version');
}
Expand All @@ -105,36 +107,36 @@ export default SecretEngineModel.extend({
optionFields = [
'version',
...CORE_OPTIONS,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}`,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}`,
];
break;
case 'generic':
optionFields = [
'version',
...CORE_OPTIONS,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}`,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}`,
];
break;
case 'database':
// Highlight TTLs in default
defaultFields = ['path', 'config.{defaultLeaseTtl}', 'config.{maxLeaseTtl}'];
optionFields = [
...CORE_OPTIONS,
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
];
break;
case 'keymgmt':
// no ttl options for keymgmt
optionFields = [
...CORE_OPTIONS,
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
];
break;
default:
defaultFields = ['path'];
optionFields = [
...CORE_OPTIONS,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}`,
`config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}`,
];
break;
}
Expand Down
9 changes: 4 additions & 5 deletions ui/app/templates/vault/cluster/secrets/backend/list.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -129,10 +129,7 @@
{{else}}
{{#if (eq this.baseKey.id "")}}
{{#if (and options.firstStep (not this.tab))}}
<EmptyState
@title="Get started with {{capitalize this.backendType}}"
@message="To use {{this.backendType}}, you'll need to {{options.firstStep}}."
>
<EmptyState @title="Get started with {{capitalize this.backendType}}" @message={{options.firstStep}}>
<SecretLink
@mode="create"
@secret=""
Expand All @@ -145,7 +142,9 @@
{{else}}
<EmptyState
@title="No {{pluralize options.item}} in this backend"
@message="Secrets in this backend will be listed here. Add a secret to get started."
@message="{{pluralize (capitalize options.item)}}
in this backend will be listed here.
{{or options.message (concat 'Add a ' options.item ' to get started.')}}"
>
<SecretLink
@mode="create"
Expand Down
7 changes: 4 additions & 3 deletions ui/lib/core/addon/helpers/options-for-backend.js
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,8 @@ const SECRET_BACKENDS = {
modelPrefix: 'cert/',
label: 'Certificates',
searchPlaceholder: 'Filter certificates',
item: 'certificates',
item: 'certificate',
message: 'Issue a certificate from a role.',
create: 'Create role',
tab: 'cert',
listItemPartial: 'secret-list/pki-cert-item',
Expand Down Expand Up @@ -141,7 +142,7 @@ const SECRET_BACKENDS = {
displayName: 'Transformation',
navigateTree: false,
listItemPartial: 'secret-list/transform-list-item',
firstStep: 'create a transformation and a role',
firstStep: `To use transform, you'll need to create a transformation and a role.`,
tabs: [
{
name: 'transformations',
Expand Down Expand Up @@ -191,7 +192,7 @@ const SECRET_BACKENDS = {
navigateTree: false,
editComponent: 'transit-edit',
listItemPartial: 'secret-list/item',
firstStep: 'create an encryption key',
firstStep: `To use transit, you'll need to create an encryption key`,
},
};

Expand Down
8 changes: 4 additions & 4 deletions ui/tests/acceptance/settings/mount-secret-backend-test.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { currentRouteName, currentURL, settled } from '@ember/test-helpers';
import { module, test, skip } from 'qunit';
import { module, test } from 'qunit';
import { setupApplicationTest } from 'ember-qunit';
import { create } from 'ember-cli-page-object';
import page from 'vault/tests/pages/settings/mount-secret-backend';
Expand Down Expand Up @@ -150,11 +150,11 @@ module('Acceptance | settings/mount-secret-backend', function (hooks) {
await settled();
assert.dom('[data-test-row-value="Maximum number of versions"]').hasText('Not set');
});
// TODO JR: enable once kubernetes routes are defined
skip('it should transition to engine route on success if defined in mount config', async function (assert) {

test('it should transition to engine route on success if defined in mount config', async function (assert) {
await consoleComponent.runCommands([
// delete any previous mount with same name
`delete sys/mounts/kmip`,
`delete sys/mounts/kubernetes`,
]);
await mountSecrets.visit();
await mountSecrets.selectType('kubernetes');
Expand Down
10 changes: 5 additions & 5 deletions ui/tests/unit/models/secret-engine-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ module('Unit | Model | secret-engine', function (hooks) {
'config.listingVisibility',
'local',
'sealWrap',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
],
},
]);
Expand All @@ -84,7 +84,7 @@ module('Unit | Model | secret-engine', function (hooks) {
'config.listingVisibility',
'local',
'sealWrap',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
],
},
]);
Expand All @@ -109,7 +109,7 @@ module('Unit | Model | secret-engine', function (hooks) {
'config.listingVisibility',
'local',
'sealWrap',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{defaultLeaseTtl,maxLeaseTtl,auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
],
},
]);
Expand All @@ -133,7 +133,7 @@ module('Unit | Model | secret-engine', function (hooks) {
'config.listingVisibility',
'local',
'sealWrap',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
],
},
]);
Expand All @@ -157,7 +157,7 @@ module('Unit | Model | secret-engine', function (hooks) {
'config.listingVisibility',
'local',
'sealWrap',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders}',
'config.{auditNonHmacRequestKeys,auditNonHmacResponseKeys,passthroughRequestHeaders,allowedResponseHeaders}',
],
},
]);
Expand Down