Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ui kv preflight endpoints #4439

Merged
merged 10 commits into from
Apr 24, 2018
Merged

Ui kv preflight endpoints #4439

merged 10 commits into from
Apr 24, 2018

Conversation

meirish
Copy link
Contributor

@meirish meirish commented Apr 24, 2018
edited
Loading

This is the UI counterpart to #4430 and #4435.
screen shot 2018-04-24 at 4 27 50 pm

The major change here is replacing calls to sys/mounts with sys/internal/ui/mounts and sys/internal/ui/mounts/:path - so we no longer need a fetch at the top level secrets route, and when loading individual secrets, we only need to lookup the path for the engine they're trying to view, not the whole list and then filtering for it.

The net effect is that we no longer need policy access to sys/mounts for the UI to function. As a bonus we also get a list of only the mounts that contain secrets that you have ACLs to operate on.

Here's a concrete example: Given a Vault instance with a kv backend mounted at kv/, a user logged in with a token policy of only the default policy plus a policy containing:

path "kv/*" {
  capabilities = ["create", "read", "list", "update", "delete"]
}

Would see this:
screen shot 2018-04-22 at 10 37 03 pm

@meirish meirish added this to the 0.10.1 milestone Apr 24, 2018
@meirish meirish requested review from a team April 24, 2018 03:25
@meirish
remove unused response-wrapping route and controller
1639f7f
@meirish
move to using the internal mounts endpoint for the secrets list and i…
330c72e 
…ndividual engine lookup
@meirish
remove errors about sys/mounts access because we don't need it anymore 🎉
1f21f55
@meirish
use modelFor instead of peekRecord for looking up the secret-engine
2cd29c4
@meirish
remove test because we removed that error page - in the worst case sc…
b2c9788 
…enario, a user will only have access to cubbyhole, but will see that in the secrets engines list
@meirish
make the dev CSP the same as the Go CSP
f558098
@meirish
update serializer to handle SSH responses as well as new engine fetches
45aa1b0
@meirish
back out some changes to ttl-picker and field test object so that tes…
dca683d 
…ts pass
@meirish
get rid of trailing space in the secret engine link
dd9c866
@meirish
add secrets-engine adapater tests for new query behavior
2c34a96
@meirish meirish merged commit 1489293 into master Apr 24, 2018
@meirish meirish deleted the ui-kv-preflight-endpoints branch April 24, 2018 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.1
Development

Successfully merging this pull request may close these issues.
1 participant
@meirish