From d585b55c711403e1f5cfa3e335482df60a66c370 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 29 Sep 2021 11:49:23 -0700 Subject: [PATCH 01/22] wip//changes linked block to angle bracket' --- .../secret-list/database-list-item.hbs | 190 ++++++++++-------- .../templates/components/linkable-item.hbs | 2 +- 2 files changed, 109 insertions(+), 83 deletions(-) diff --git a/ui/app/templates/components/secret-list/database-list-item.hbs b/ui/app/templates/components/secret-list/database-list-item.hbs index 1a8fc08044ebb..212206d76548c 100644 --- a/ui/app/templates/components/secret-list/database-list-item.hbs +++ b/ui/app/templates/components/secret-list/database-list-item.hbs @@ -1,83 +1,109 @@ -{{#linked-block - "vault.cluster.secrets.backend.show" - (if this.keyTypeValue (concat 'role/' @item.id) @item.id) - class="list-item-row" - data-test-secret-link=@item.id - encode=true - queryParams=(secret-query-params @backendType @item.type) -}} -
-
- - -
- {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} - {{this.keyTypeValue}} -
- +{{#unless @item.type}} + + + + + +
+ {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} + {{this.keyTypeValue}} +
+ + + + +
+ This database type cannot be viewed in the UI. +
+ + +{{else}} + +
+
+ + +
+ {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} + {{this.keyTypeValue}} +
+ +
+
+ + + +
-
- - - -
-
-{{/linked-block}} + +{{/unless}} diff --git a/ui/lib/core/addon/templates/components/linkable-item.hbs b/ui/lib/core/addon/templates/components/linkable-item.hbs index 873697073120a..00f15f7d9c63c 100644 --- a/ui/lib/core/addon/templates/components/linkable-item.hbs +++ b/ui/lib/core/addon/templates/components/linkable-item.hbs @@ -1,4 +1,4 @@ -
+
{{#if @disabled }}
{{yield (hash content=(component 'linkable-item/content'))}} From b7d7dd6d7ecbacd55079726edc9d0f4917b3b70f Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 29 Sep 2021 15:42:38 -0700 Subject: [PATCH 02/22] displays empty state if database is not supported in the UI --- ui/app/models/database/connection.js | 4 + ui/app/styles/components/empty-state.scss | 3 + .../components/database-connection.hbs | 627 +++++++++--------- .../secret-list/database-list-item.hbs | 190 +++--- 4 files changed, 410 insertions(+), 414 deletions(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index e82dc5904d380..d2ff917d40b22 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -238,6 +238,10 @@ export default Model.extend({ defaultShown: 'Default', }), + isAvailablePlugin: computed('plugin_name', function() { + return !!AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); + }), + showAttrs: computed('plugin_name', function() { const fields = AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name) .fields.filter(f => f.show !== false) diff --git a/ui/app/styles/components/empty-state.scss b/ui/app/styles/components/empty-state.scss index 7a90a73ea2057..a6da6d4052e79 100644 --- a/ui/app/styles/components/empty-state.scss +++ b/ui/app/styles/components/empty-state.scss @@ -42,6 +42,8 @@ .empty-state-actions { margin-top: $spacing-xs; + display: flex; + justify-content: space-between; a, .link, @@ -54,6 +56,7 @@ > * + * { margin-left: $spacing-s; + margin-right: $spacing-s; } } diff --git a/ui/app/templates/components/database-connection.hbs b/ui/app/templates/components/database-connection.hbs index 61a9683160dc5..32f891822e19e 100644 --- a/ui/app/templates/components/database-connection.hbs +++ b/ui/app/templates/components/database-connection.hbs @@ -15,111 +15,235 @@ -{{#if (eq @mode "show")}} - - - {{#if @model.canDelete}} - - {{/if}} - {{#if @model.canReset}} - - Reset connection - - {{/if}} - {{#if (or @model.canReset @model.canDelete)}} -
- {{/if}} - {{#if @model.canRotateRoot }} +{{#if @model.isAvailablePlugin}} + {{#if (eq @mode "show")}} + + + {{#if @model.canDelete}} + + {{/if}} + {{#if @model.canReset}} - Rotate root credentials + Reset connection - {{/if}} - {{#if @model.canAddRole}} - - Add role - - {{/if}} - {{#if @model.canEdit}} - - Edit configuration - - {{/if}} - - + {{/if}} + {{#if (or @model.canReset @model.canDelete)}} +
+ {{/if}} + {{#if @model.canRotateRoot }} + + Rotate root credentials + + {{/if}} + {{#if @model.canAddRole}} + + Add role + + {{/if}} + {{#if @model.canEdit}} + + Edit configuration + + {{/if}} + + + {{/if}} {{/if}} -{{#if (eq @mode 'create')}} -
- {{#each @model.fieldAttrs as |attr|}} - {{#if (not-eq attr.options.readOnly true)}} - {{form-field data-test-field attr=attr model=@model}} - {{/if}} - {{/each}} + {{#if (eq @mode 'create')}} + + {{#each @model.fieldAttrs as |attr|}} + {{#if (not-eq attr.options.readOnly true)}} + {{form-field data-test-field attr=attr model=@model}} + {{/if}} + {{/each}} - {{!-- Plugin Config Section --}} -
-
- Plugin config - {{#unless @model.pluginFieldGroups}} - - {{else}} + {{!-- Plugin Config Section --}} +
+
+ Plugin config + {{#unless @model.pluginFieldGroups}} + + {{else}} + {{#each @model.pluginFieldGroups as |fieldGroup|}} + {{#each-in fieldGroup as |group fields|}} + {{#if (eq group "default")}} +
+ {{#each fields as |attr|}} + {{#if (contains + attr.name + (array + "max_open_connections" + "max_idle_connections" + "max_connection_lifetime" + ) + )}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{else}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{/if}} + {{/each}} +
+ {{else}} + + {{#if (get this (concat "show" (camelize group)))}} +
+ {{#each fields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} +
+ {{/if}} + {{/if}} + {{/each-in}} + {{/each}} + {{/unless}} +
+
+ + {{!-- Statements Section --}} + {{#unless (and @model.plugin_name (not @model.statementFields))}} +
+

Statements

+ {{#if (eq @model.statementFields null)}} + + {{else}} + {{#each @model.statementFields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} + {{/if}} +
+ {{/unless}} + +
+
+
+ +
+
+ + Cancel + +
+
+
+ + {{else if (and (eq @mode 'edit') @model.isAvailablePlugin)}} +
+ {{#each @model.fieldAttrs as |attr|}} + {{#if (or (eq attr.name 'name') (eq attr.name 'plugin_name'))}} + + {{else if (not-eq attr.options.readOnly true)}} + {{form-field data-test-field attr=attr model=@model}} + {{/if}} + {{/each}} + + {{!-- Plugin Config Edit --}} +
+
+ Plugin config {{#each @model.pluginFieldGroups as |fieldGroup|}} {{#each-in fieldGroup as |group fields|}} {{#if (eq group "default")}}
- {{#each fields as |attr|}} - {{#if (contains - attr.name - (array - "max_open_connections" - "max_idle_connections" - "max_connection_lifetime" - ) - )}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{else}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{/if}} - {{/each}} + {{#each fields as |attr|}} + {{#if (contains + attr.name + (array + "max_open_connections" + "max_idle_connections" + "max_connection_lifetime" + ) + )}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{else if (eq attr.name "password")}} +
+ +
+ + Update password
+
+ {{if this.showPasswordField 'The new password that will be used when connecting to the database' 'Vault will use the existing password'}} +
+ {{#if this.showPasswordField}} + + {{/if}} + +
+
+ {{else}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{/if}} + {{/each}}
{{else}} @@ -133,222 +257,113 @@ {{/if}} {{/each-in}} {{/each}} - {{/unless}} -
-
- - {{!-- Statements Section --}} - {{#unless (and @model.plugin_name (not @model.statementFields))}} -
-

Statements

- {{#if (eq @model.statementFields null)}} - - {{else}} - {{#each @model.statementFields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}} - {{/if}} -
- {{/unless}} - -
-
-
- -
-
- - Cancel - -
-
-
- -{{else if (eq @mode 'edit')}} -
- {{#each @model.fieldAttrs as |attr|}} - {{#if (or (eq attr.name 'name') (eq attr.name 'plugin_name'))}} - - {{else if (not-eq attr.options.readOnly true)}} - {{form-field data-test-field attr=attr model=@model}} - {{/if}} - {{/each}} - - {{!-- Plugin Config Edit --}} -
-
- Plugin config - {{#each @model.pluginFieldGroups as |fieldGroup|}} - {{#each-in fieldGroup as |group fields|}} - {{#if (eq group "default")}} -
- {{#each fields as |attr|}} - {{#if (contains - attr.name - (array - "max_open_connections" - "max_idle_connections" - "max_connection_lifetime" - ) - )}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{else if (eq attr.name "password")}} -
- -
- - Update password
-
- {{if this.showPasswordField 'The new password that will be used when connecting to the database' 'Vault will use the existing password'}} -
- {{#if this.showPasswordField}} - - {{/if}} - -
-
- {{else}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{/if}} - {{/each}} -
- {{else}} - - {{#if (get this (concat "show" (camelize group)))}} -
- {{#each fields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}} -
- {{/if}} - {{/if}} - {{/each-in}} - {{/each}} -
-
- - {{!-- Statements Edit Section --}} - {{#unless (and @model.plugin_name (not @model.statementFields))}} -
-
- Statements - {{#each @model.statementFields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}}
- {{/unless}} -
-
-
- + {{!-- Statements Edit Section --}} + {{#unless (and @model.plugin_name (not @model.statementFields))}} +
+
+ Statements + {{#each @model.statementFields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} +
-
- - Cancel - + {{/unless}} + +
+
+
+ +
+
+ + Cancel + +
-
- -{{else}} - {{#each @model.showAttrs as |attr|}} - {{#let attr.options.defaultDisplay as |defaultDisplay|}} - {{#if (eq attr.type "object")}} - - {{else if (eq attr.type "array")}} - - {{else}} - - {{/if}} - {{/let}} - {{/each}} -{{/if}} - - -
-

It’s best practice to rotate the root credential immediately after the initial configuration of each database. Once rotated, only Vault knows the new root password.

-

Would you like to rotate your new credentials? You can also do this later.

-
-
- - -
- + + Go back + + Documentation + + {{else}} + {{#each @model.showAttrs as |attr|}} + {{#let attr.options.defaultDisplay as |defaultDisplay|}} + {{#if (eq attr.type "object")}} + + {{else if (eq attr.type "array")}} + + {{else}} + + {{/if}} + {{/let}} + {{/each}} + {{/if}} + + +
+

It’s best practice to rotate the root credential immediately after the initial configuration of each database. Once rotated, only Vault knows the new root password.

+

Would you like to rotate your new credentials? You can also do this later.

+
+
+ + +
+ \ No newline at end of file diff --git a/ui/app/templates/components/secret-list/database-list-item.hbs b/ui/app/templates/components/secret-list/database-list-item.hbs index 212206d76548c..3f1c3da9df247 100644 --- a/ui/app/templates/components/secret-list/database-list-item.hbs +++ b/ui/app/templates/components/secret-list/database-list-item.hbs @@ -1,109 +1,83 @@ -{{#unless @item.type}} - - - - - -
- {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} - {{this.keyTypeValue}} -
- - - - -
- This database type cannot be viewed in the UI. -
- - -{{else}} - -
-
- - -
- {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} - {{this.keyTypeValue}} -
- -
-
- - - -
+ +
+
+ + +
+ {{if (eq @item.id ' ') '(self)' (or @item.keyWithoutParent @item.id)}} + {{this.keyTypeValue}} +
+
- -{{/unless}} +
+ + + +
+
+ From 006df83697483a1093f5a3e1c1e95c7b8c71e25b Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 10:34:00 -0700 Subject: [PATCH 03/22] adds elasticsearch db plugin --- .../components/database-role-setting-form.js | 6 +++ ui/app/models/database/connection.js | 43 +++++++++++++++++++ ui/app/models/database/role.js | 12 ++++++ 3 files changed, 61 insertions(+) diff --git a/ui/app/components/database-role-setting-form.js b/ui/app/components/database-role-setting-form.js index cdea6b57c7d13..a7502af835672 100644 --- a/ui/app/components/database-role-setting-form.js +++ b/ui/app/components/database-role-setting-form.js @@ -31,6 +31,7 @@ const STATEMENT_FIELDS = { 'mysql-aurora-database-plugin': [], 'mysql-rds-database-plugin': [], 'mysql-legacy-database-plugin': [], + 'elasticsearch-database-plugin': [], }, dynamic: { default: ['creation_statements', 'revocation_statements', 'rollback_statements', 'renew_statements'], @@ -40,6 +41,11 @@ const STATEMENT_FIELDS = { 'mysql-aurora-database-plugin': ['creation_statements', 'revocation_statements'], 'mysql-rds-database-plugin': ['creation_statements', 'revocation_statements'], 'mysql-legacy-database-plugin': ['creation_statements', 'revocation_statements'], + 'elasticsearch-database-plugin': [ + 'creation_statements', + 'elasticsearch_role_definition', + 'elasticsearch_roles', + ], }, }; export default class DatabaseRoleSettingForm extends Component { diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index d2ff917d40b22..53179638699b6 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -118,6 +118,26 @@ const AVAILABLE_PLUGIN_TYPES = [ { attr: 'username_template', group: 'pluginConfig' }, { attr: 'tls', group: 'pluginConfig', subgroup: 'TLS options' }, { attr: 'tls_ca', group: 'pluginConfig', subgroup: 'TLS options' }, + ], + }, + { + value: 'elasticsearch-database-plugin', + displayName: 'Elasticsearch', + fields: [ + { attr: 'plugin_name' }, + { attr: 'name' }, + { attr: 'verify_connection' }, + { attr: 'password_policy' }, + { attr: 'connection_url', group: 'pluginConfig' }, + { attr: 'username', group: 'pluginConfig', show: false }, + { attr: 'password', group: 'pluginConfig', show: false }, + { attr: 'username_template', group: 'pluginConfig' }, + { attr: 'ca_cert', group: 'pluginConfig' }, + { attr: 'ca_path', group: 'pluginConfig' }, + { attr: 'client_cert', group: 'pluginConfig' }, + { attr: 'client_key', group: 'pluginConfig' }, + { attr: 'insecure', group: 'pluginConfig' }, + { attr: 'tls_server_name', group: 'pluginConfig', subgroup: 'TLS options' }, { attr: 'root_rotation_statements', group: 'statements' }, ], }, @@ -193,6 +213,21 @@ export default Model.extend({ }), // optional + ca_cert: attr('string', { + label: 'CA certificate', + subText: "The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.", + }), + ca_path: attr('string', { + label: 'CA path', + subText: + "The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.", + }), + client_cert: attr('string', { + subText: 'The path to the certificate for the Elasticsearch client to present for communication.', + }), + client_key: attr('string', { + subText: 'The path to the key for the Elasticsearch client to use for communication.', + }), hosts: attr('string', {}), host: attr('string', {}), port: attr('string', {}), @@ -220,6 +255,10 @@ export default Model.extend({ max_connection_lifetime: attr('string', { defaultValue: '0s', }), + insecure: attr('boolean', { + defaultValue: false, + helpTwext: 'Not recommended. Default to false. Can be set to true to disable SSL verification.', + }), tls: attr('string', { label: 'TLS Certificate Key', helpText: @@ -232,6 +271,10 @@ export default Model.extend({ 'x509 CA file for validating the certificate presented by the MongoDB server. Must be PEM encoded.', editType: 'file', }), + tls_server_name: attr('string', { + label: 'TLS CA', + helpText: 'This, if set, is used to set the SNI host when connecting via 1TLS.', + }), root_rotation_statements: attr({ subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`, editType: 'stringArray', diff --git a/ui/app/models/database/role.js b/ui/app/models/database/role.js index 17e84cf4d3809..bce7dcb274a6b 100644 --- a/ui/app/models/database/role.js +++ b/ui/app/models/database/role.js @@ -80,6 +80,16 @@ export default Model.extend({ theme: 'hashi short', defaultShown: 'Default', }), + elasticsearch_role_definition: attr('string', { + editType: 'json', + allowReset: true, + theme: 'hashi short', + defaultShown: 'Default', + }), + elasticsearch_roles: attr('string', { + editType: 'stringArray', + defaultShown: 'Default', + }), /* FIELD ATTRIBUTES */ get fieldAttrs() { @@ -110,6 +120,8 @@ export default Model.extend({ 'revocation_statements', 'revocation_statement', // only for MongoDB (styling difference) 'rotation_statements', + 'elasticsearch_role_definition', + 'elasticsearch_roles', 'rollback_statements', 'renew_statements', ]; From cabf6b0ae2a99af90a65d95fb4b36f7ecea4453f Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 10:42:10 -0700 Subject: [PATCH 04/22] adds changelog --- changelog/12672.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/12672.txt diff --git a/changelog/12672.txt b/changelog/12672.txt new file mode 100644 index 0000000000000..755cb4fecd054 --- /dev/null +++ b/changelog/12672.txt @@ -0,0 +1,3 @@ +```release-note:feature +**UI/Elasticsearch**: Elasticsearch DB is now supported by the UI +``` \ No newline at end of file From 66074829d8b3157708d79da8ec1c6fa3ece32545 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 10:59:29 -0700 Subject: [PATCH 05/22] fixes typo --- ui/app/models/database/connection.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index 53179638699b6..6dd4647885375 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -257,7 +257,7 @@ export default Model.extend({ }), insecure: attr('boolean', { defaultValue: false, - helpTwext: 'Not recommended. Default to false. Can be set to true to disable SSL verification.', + helpText: 'Not recommended. Default to false. Can be set to true to disable SSL verification.', }), tls: attr('string', { label: 'TLS Certificate Key', From e3d798de46f63acb253a8f320fd10d9b75d19258 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 11:11:09 -0700 Subject: [PATCH 06/22] edits changelog --- changelog/12672.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog/12672.txt b/changelog/12672.txt index 755cb4fecd054..62ac12bdcb575 100644 --- a/changelog/12672.txt +++ b/changelog/12672.txt @@ -1,3 +1,3 @@ ```release-note:feature -**UI/Elasticsearch**: Elasticsearch DB is now supported by the UI +**Elasticsearch in the UI**: Elasticsearch DB is now supported by the UI ``` \ No newline at end of file From 93df386079ba0eeee93bd23326fb6d8845e9abd0 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 14:08:33 -0700 Subject: [PATCH 07/22] updates elasticsearch attrs --- ui/app/models/database/connection.js | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index 6dd4647885375..b1e0334c29447 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -128,17 +128,16 @@ const AVAILABLE_PLUGIN_TYPES = [ { attr: 'name' }, { attr: 'verify_connection' }, { attr: 'password_policy' }, - { attr: 'connection_url', group: 'pluginConfig' }, + { attr: 'url', group: 'pluginConfig' }, { attr: 'username', group: 'pluginConfig', show: false }, { attr: 'password', group: 'pluginConfig', show: false }, - { attr: 'username_template', group: 'pluginConfig' }, { attr: 'ca_cert', group: 'pluginConfig' }, { attr: 'ca_path', group: 'pluginConfig' }, { attr: 'client_cert', group: 'pluginConfig' }, { attr: 'client_key', group: 'pluginConfig' }, - { attr: 'insecure', group: 'pluginConfig' }, { attr: 'tls_server_name', group: 'pluginConfig', subgroup: 'TLS options' }, - { attr: 'root_rotation_statements', group: 'statements' }, + { attr: 'insecure', group: 'pluginConfig' }, + { attr: 'username_template', group: 'pluginConfig' }, ], }, ]; @@ -197,11 +196,12 @@ export default Model.extend({ // common fields connection_url: attr('string', { + label: 'Connection URL', subText: 'The connection string used to connect to the database.', }), url: attr('string', { - subText: - 'The connection string used to connect to the database. This allows for simple templating of username and password of the root user.', + label: 'URL', + subText: `The URL for Elasticsearch's API ("http://localhost:9200").`, }), username: attr('string', { subText: 'Optional. The name of the user to use as the "root" user when connecting to the database.', @@ -219,8 +219,7 @@ export default Model.extend({ }), ca_path: attr('string', { label: 'CA path', - subText: - "The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.", + subText: `The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.`, }), client_cert: attr('string', { subText: 'The path to the certificate for the Elasticsearch client to present for communication.', @@ -257,7 +256,7 @@ export default Model.extend({ }), insecure: attr('boolean', { defaultValue: false, - helpText: 'Not recommended. Default to false. Can be set to true to disable SSL verification.', + label: 'Disable SSL verification', }), tls: attr('string', { label: 'TLS Certificate Key', @@ -272,8 +271,8 @@ export default Model.extend({ editType: 'file', }), tls_server_name: attr('string', { - label: 'TLS CA', - helpText: 'This, if set, is used to set the SNI host when connecting via 1TLS.', + label: 'TLS server name', + helpText: 'If set, this name is used to set the SNI host when connecting via 1TLS.', }), root_rotation_statements: attr({ subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`, From cb68a65b3a5c10529a8c359e1120d39d49186890 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Fri, 1 Oct 2021 14:47:22 -0700 Subject: [PATCH 08/22] oops --- ui/app/models/database/connection.js | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index b1e0334c29447..6028ce4735dbe 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -118,6 +118,7 @@ const AVAILABLE_PLUGIN_TYPES = [ { attr: 'username_template', group: 'pluginConfig' }, { attr: 'tls', group: 'pluginConfig', subgroup: 'TLS options' }, { attr: 'tls_ca', group: 'pluginConfig', subgroup: 'TLS options' }, + { attr: 'root_rotation_statements', group: 'statements' }, ], }, { From 4fc1887deaa1a55c6376c2fae34b27547bbab302 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Mon, 4 Oct 2021 14:13:22 -0700 Subject: [PATCH 09/22] updates subtext --- ui/app/models/database/connection.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index 6028ce4735dbe..bf1e13957353d 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -198,25 +198,25 @@ export default Model.extend({ // common fields connection_url: attr('string', { label: 'Connection URL', - subText: 'The connection string used to connect to the database.', + subText: + 'The connection string used to connect to the database. This allows for simple templating of username and password of the root use in the {{field_name}} format.', }), url: attr('string', { label: 'URL', subText: `The URL for Elasticsearch's API ("http://localhost:9200").`, }), username: attr('string', { - subText: 'Optional. The name of the user to use as the "root" user when connecting to the database.', + subText: `The name of the user to use as the "root" user when connecting to the database.`, }), password: attr('string', { - subText: - 'Optional. The password to use when connecting to the database. Typically used in the connection_url field via the templating directive {{password}}.', + subText: 'The password to use when connecting with the above username.', editType: 'password', }), // optional ca_cert: attr('string', { label: 'CA certificate', - subText: "The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.", + subText: `The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.`, }), ca_path: attr('string', { label: 'CA path', @@ -273,7 +273,7 @@ export default Model.extend({ }), tls_server_name: attr('string', { label: 'TLS server name', - helpText: 'If set, this name is used to set the SNI host when connecting via 1TLS.', + subText: 'If set, this name is used to set the SNI host when connecting via 1TLS.', }), root_rotation_statements: attr({ subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`, From 49c8350ca0c7a08368ce5c06889244f799d5edfa Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Mon, 4 Oct 2021 16:02:47 -0700 Subject: [PATCH 10/22] move tls_server_name to pluginConfig group --- ui/app/models/database/connection.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index bf1e13957353d..c808b7734a35b 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -136,7 +136,7 @@ const AVAILABLE_PLUGIN_TYPES = [ { attr: 'ca_path', group: 'pluginConfig' }, { attr: 'client_cert', group: 'pluginConfig' }, { attr: 'client_key', group: 'pluginConfig' }, - { attr: 'tls_server_name', group: 'pluginConfig', subgroup: 'TLS options' }, + { attr: 'tls_server_name', group: 'pluginConfig' }, { attr: 'insecure', group: 'pluginConfig' }, { attr: 'username_template', group: 'pluginConfig' }, ], @@ -223,6 +223,7 @@ export default Model.extend({ subText: `The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.`, }), client_cert: attr('string', { + label: 'Client certificate', subText: 'The path to the certificate for the Elasticsearch client to present for communication.', }), client_key: attr('string', { From 9692c6e54cf6a81a811bd4bae5827fa160088ab4 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Tue, 5 Oct 2021 12:00:09 -0700 Subject: [PATCH 11/22] move role setting fields to util --- .../components/database-role-setting-form.js | 41 ++----------------- ui/app/utils/database-role-fields.js | 41 +++++++++++++++++++ 2 files changed, 44 insertions(+), 38 deletions(-) create mode 100644 ui/app/utils/database-role-fields.js diff --git a/ui/app/components/database-role-setting-form.js b/ui/app/components/database-role-setting-form.js index a7502af835672..e7d9f6b4d3113 100644 --- a/ui/app/components/database-role-setting-form.js +++ b/ui/app/components/database-role-setting-form.js @@ -14,44 +14,12 @@ */ import Component from '@glimmer/component'; +import { getStatementFields, getRoleFields } from '../utils/database-role-fields'; -// Below fields are intended to be dynamic based on type of role and db. -// example of usage: FIELDS[roleType][db] -const ROLE_FIELDS = { - static: ['username', 'rotation_period'], - dynamic: ['ttl', 'max_ttl'], -}; - -const STATEMENT_FIELDS = { - static: { - default: ['rotation_statements'], - 'mongodb-database-plugin': [], - 'mssql-database-plugin': [], - 'mysql-database-plugin': [], - 'mysql-aurora-database-plugin': [], - 'mysql-rds-database-plugin': [], - 'mysql-legacy-database-plugin': [], - 'elasticsearch-database-plugin': [], - }, - dynamic: { - default: ['creation_statements', 'revocation_statements', 'rollback_statements', 'renew_statements'], - 'mongodb-database-plugin': ['creation_statement', 'revocation_statement'], - 'mssql-database-plugin': ['creation_statements', 'revocation_statements'], - 'mysql-database-plugin': ['creation_statements', 'revocation_statements'], - 'mysql-aurora-database-plugin': ['creation_statements', 'revocation_statements'], - 'mysql-rds-database-plugin': ['creation_statements', 'revocation_statements'], - 'mysql-legacy-database-plugin': ['creation_statements', 'revocation_statements'], - 'elasticsearch-database-plugin': [ - 'creation_statements', - 'elasticsearch_role_definition', - 'elasticsearch_roles', - ], - }, -}; export default class DatabaseRoleSettingForm extends Component { get settingFields() { if (!this.args.roleType) return null; - let dbValidFields = ROLE_FIELDS[this.args.roleType]; + let dbValidFields = getRoleFields(this.args.roleType); return this.args.attrs.filter(a => { return dbValidFields.includes(a.name); }); @@ -61,10 +29,7 @@ export default class DatabaseRoleSettingForm extends Component { const type = this.args.roleType; const plugin = this.args.dbType; if (!type) return null; - let dbValidFields = STATEMENT_FIELDS[type].default; - if (STATEMENT_FIELDS[type][plugin]) { - dbValidFields = STATEMENT_FIELDS[type][plugin]; - } + let dbValidFields = getStatementFields(type, plugin); return this.args.attrs.filter(a => { return dbValidFields.includes(a.name); }); diff --git a/ui/app/utils/database-role-fields.js b/ui/app/utils/database-role-fields.js new file mode 100644 index 0000000000000..b420644bf6440 --- /dev/null +++ b/ui/app/utils/database-role-fields.js @@ -0,0 +1,41 @@ +export const ROLE_FIELDS = { + static: ['username', 'rotation_period'], + dynamic: ['ttl', 'max_ttl'], +}; + +export const STATEMENT_FIELDS = { + static: { + default: ['rotation_statements'], + 'mongodb-database-plugin': [], + 'mssql-database-plugin': [], + 'mysql-database-plugin': [], + 'mysql-aurora-database-plugin': [], + 'mysql-rds-database-plugin': [], + 'mysql-legacy-database-plugin': [], + 'elasticsearch-database-plugin': [], + }, + dynamic: { + default: ['creation_statements', 'revocation_statements', 'rollback_statements', 'renew_statements'], + 'mongodb-database-plugin': ['creation_statement', 'revocation_statement'], + 'mssql-database-plugin': ['creation_statements', 'revocation_statements'], + 'mysql-database-plugin': ['creation_statements', 'revocation_statements'], + 'mysql-aurora-database-plugin': ['creation_statements', 'revocation_statements'], + 'mysql-rds-database-plugin': ['creation_statements', 'revocation_statements'], + 'mysql-legacy-database-plugin': ['creation_statements', 'revocation_statements'], + 'elasticsearch-database-plugin': ['creation_statement'], + }, +}; + +export function getStatementFields(type, plugin) { + if (!type) return null; + let dbValidFields = STATEMENT_FIELDS[type].default; + if (STATEMENT_FIELDS[type][plugin]) { + dbValidFields = STATEMENT_FIELDS[type][plugin]; + } + return dbValidFields; +} + +export function getRoleFields(type) { + if (!type) return null; + return ROLE_FIELDS[type]; +} From e5be1f245fff0e140ba8295235c2b436cfa01eb4 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Tue, 5 Oct 2021 12:01:57 -0700 Subject: [PATCH 12/22] remove unnecessary statement attrs --- ui/app/models/database/role.js | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/ui/app/models/database/role.js b/ui/app/models/database/role.js index bce7dcb274a6b..02cb758afa694 100644 --- a/ui/app/models/database/role.js +++ b/ui/app/models/database/role.js @@ -80,16 +80,6 @@ export default Model.extend({ theme: 'hashi short', defaultShown: 'Default', }), - elasticsearch_role_definition: attr('string', { - editType: 'json', - allowReset: true, - theme: 'hashi short', - defaultShown: 'Default', - }), - elasticsearch_roles: attr('string', { - editType: 'stringArray', - defaultShown: 'Default', - }), /* FIELD ATTRIBUTES */ get fieldAttrs() { @@ -116,12 +106,10 @@ export default Model.extend({ 'username', 'rotation_period', 'creation_statements', - 'creation_statement', // only for MongoDB (styling difference) + 'creation_statement', // for JSON styling 'revocation_statements', 'revocation_statement', // only for MongoDB (styling difference) 'rotation_statements', - 'elasticsearch_role_definition', - 'elasticsearch_roles', 'rollback_statements', 'renew_statements', ]; From d657d87297506e690bd70ecc08a7324fb918a6bc Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Tue, 5 Oct 2021 12:03:12 -0700 Subject: [PATCH 13/22] updates isAvailablePlugin to default true --- ui/app/models/database/connection.js | 3 +- .../components/database-connection.hbs | 460 +++++++++--------- 2 files changed, 232 insertions(+), 231 deletions(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index c808b7734a35b..858eda0024876 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -283,7 +283,8 @@ export default Model.extend({ }), isAvailablePlugin: computed('plugin_name', function() { - return !!AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); + let isUnavailable = !AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); + return isUnavailable; }), showAttrs: computed('plugin_name', function() { diff --git a/ui/app/templates/components/database-connection.hbs b/ui/app/templates/components/database-connection.hbs index 32f891822e19e..f0faf056ec455 100644 --- a/ui/app/templates/components/database-connection.hbs +++ b/ui/app/templates/components/database-connection.hbs @@ -82,168 +82,46 @@ {{/if}} {{/if}} - {{#if (eq @mode 'create')}} -
- {{#each @model.fieldAttrs as |attr|}} - {{#if (not-eq attr.options.readOnly true)}} - {{form-field data-test-field attr=attr model=@model}} - {{/if}} - {{/each}} - - {{!-- Plugin Config Section --}} -
-
- Plugin config - {{#unless @model.pluginFieldGroups}} - - {{else}} - {{#each @model.pluginFieldGroups as |fieldGroup|}} - {{#each-in fieldGroup as |group fields|}} - {{#if (eq group "default")}} -
- {{#each fields as |attr|}} - {{#if (contains - attr.name - (array - "max_open_connections" - "max_idle_connections" - "max_connection_lifetime" - ) - )}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{else}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{/if}} - {{/each}} -
- {{else}} - - {{#if (get this (concat "show" (camelize group)))}} -
- {{#each fields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}} -
- {{/if}} - {{/if}} - {{/each-in}} - {{/each}} - {{/unless}} -
-
- - {{!-- Statements Section --}} - {{#unless (and @model.plugin_name (not @model.statementFields))}} -
-

Statements

- {{#if (eq @model.statementFields null)}} - - {{else}} - {{#each @model.statementFields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}} - {{/if}} -
- {{/unless}} - -
-
-
- -
-
- - Cancel - -
-
-
-
- {{else if (and (eq @mode 'edit') @model.isAvailablePlugin)}} -
- {{#each @model.fieldAttrs as |attr|}} - {{#if (or (eq attr.name 'name') (eq attr.name 'plugin_name'))}} - - {{else if (not-eq attr.options.readOnly true)}} - {{form-field data-test-field attr=attr model=@model}} - {{/if}} - {{/each}} +{{#if (eq @mode 'create')}} + + {{#each @model.fieldAttrs as |attr|}} + {{#if (not-eq attr.options.readOnly true)}} + {{form-field data-test-field attr=attr model=@model}} + {{/if}} + {{/each}} - {{!-- Plugin Config Edit --}} -
-
- Plugin config + {{!-- Plugin Config Section --}} +
+
+ Plugin config + {{#unless @model.pluginFieldGroups}} + + {{else}} {{#each @model.pluginFieldGroups as |fieldGroup|}} {{#each-in fieldGroup as |group fields|}} {{#if (eq group "default")}}
- {{#each fields as |attr|}} - {{#if (contains - attr.name - (array - "max_open_connections" - "max_idle_connections" - "max_connection_lifetime" - ) - )}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{else if (eq attr.name "password")}} -
- -
- - Update password
-
- {{if this.showPasswordField 'The new password that will be used when connecting to the database' 'Vault will use the existing password'}} -
- {{#if this.showPasswordField}} - - {{/if}} - -
-
- {{else}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{/if}} - {{/each}} + {{#each fields as |attr|}} + {{#if (contains + attr.name + (array + "max_open_connections" + "max_idle_connections" + "max_connection_lifetime" + ) + )}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{else}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{/if}} + {{/each}}
{{else}} @@ -257,85 +135,207 @@ {{/if}} {{/each-in}} {{/each}} -
+ {{/unless}} +
+
+ + {{!-- Statements Section --}} + {{#unless (and @model.plugin_name (not @model.statementFields))}} +
+

Statements

+ {{#if (eq @model.statementFields null)}} + + {{else}} + {{#each @model.statementFields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} + {{/if}}
+ {{/unless}} - {{!-- Statements Edit Section --}} - {{#unless (and @model.plugin_name (not @model.statementFields))}} -
-
- Statements - {{#each @model.statementFields as |attr|}} - {{form-field data-test-field attr=attr model=@model}} - {{/each}} -
+
+
+
+
- {{/unless}} - -
-
-
- -
-
- - Cancel - -
+
+ + Cancel +
- - {{else if (not @model.isAvailablePlugin)}} - - - Go back - - Documentation - - {{else}} - {{#each @model.showAttrs as |attr|}} - {{#let attr.options.defaultDisplay as |defaultDisplay|}} - {{#if (eq attr.type "object")}} - - {{else if (eq attr.type "array")}} - - {{else}} - - {{/if}} - {{/let}} +
+ +{{else if (and (eq @mode 'edit') @model.isAvailablePlugin)}} +
+ {{#each @model.fieldAttrs as |attr|}} + {{#if (or (eq attr.name 'name') (eq attr.name 'plugin_name'))}} + + {{else if (not-eq attr.options.readOnly true)}} + {{form-field data-test-field attr=attr model=@model}} + {{/if}} {{/each}} - {{/if}} + + {{!-- Plugin Config Edit --}} +
+
+ Plugin config + {{#each @model.pluginFieldGroups as |fieldGroup|}} + {{#each-in fieldGroup as |group fields|}} + {{#if (eq group "default")}} +
+ {{#each fields as |attr|}} + {{#if (contains + attr.name + (array + "max_open_connections" + "max_idle_connections" + "max_connection_lifetime" + ) + )}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{else if (eq attr.name "password")}} +
+ +
+ + Update password
+
+ {{if this.showPasswordField 'The new password that will be used when connecting to the database' 'Vault will use the existing password'}} +
+ {{#if this.showPasswordField}} + + {{/if}} + +
+
+ {{else}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{/if}} + {{/each}} +
+ {{else}} + + {{#if (get this (concat "show" (camelize group)))}} +
+ {{#each fields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} +
+ {{/if}} + {{/if}} + {{/each-in}} + {{/each}} +
+
+ + {{!-- Statements Edit Section --}} + {{#unless (and @model.plugin_name (not @model.statementFields))}} +
+
+ Statements + {{#each @model.statementFields as |attr|}} + {{form-field data-test-field attr=attr model=@model}} + {{/each}} +
+
+ {{/unless}} + +
+
+
+ +
+
+ + Cancel + +
+
+
+ +{{else if (eq @model.isAvailablePlugin false)}} + + + Go back + + Documentation + +{{else}} + {{#each @model.showAttrs as |attr|}} + {{#let attr.options.defaultDisplay as |defaultDisplay|}} + {{#if (eq attr.type "object")}} + + {{else if (eq attr.type "array")}} + + {{else}} + + {{/if}} + {{/let}} + {{/each}} +{{/if}} Date: Tue, 5 Oct 2021 13:44:22 -0700 Subject: [PATCH 14/22] fixes isAvailable boolean --- ui/app/models/database/connection.js | 3 +-- ui/app/templates/vault/cluster/secrets/backend/loading.hbs | 2 ++ 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ui/app/templates/vault/cluster/secrets/backend/loading.hbs diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index 858eda0024876..c808b7734a35b 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -283,8 +283,7 @@ export default Model.extend({ }), isAvailablePlugin: computed('plugin_name', function() { - let isUnavailable = !AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); - return isUnavailable; + return !!AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); }), showAttrs: computed('plugin_name', function() { diff --git a/ui/app/templates/vault/cluster/secrets/backend/loading.hbs b/ui/app/templates/vault/cluster/secrets/backend/loading.hbs new file mode 100644 index 0000000000000..ae6c928f3f900 --- /dev/null +++ b/ui/app/templates/vault/cluster/secrets/backend/loading.hbs @@ -0,0 +1,2 @@ + +HELLOOOO \ No newline at end of file From b7765cf3d8e2824038ebdd02c68dac4a6deab421 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Tue, 5 Oct 2021 13:45:44 -0700 Subject: [PATCH 15/22] removes loading.hbs that wasn't working --- ui/app/templates/vault/cluster/secrets/backend/loading.hbs | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ui/app/templates/vault/cluster/secrets/backend/loading.hbs diff --git a/ui/app/templates/vault/cluster/secrets/backend/loading.hbs b/ui/app/templates/vault/cluster/secrets/backend/loading.hbs deleted file mode 100644 index ae6c928f3f900..0000000000000 --- a/ui/app/templates/vault/cluster/secrets/backend/loading.hbs +++ /dev/null @@ -1,2 +0,0 @@ - -HELLOOOO \ No newline at end of file From a962b450abff1409995e1a95c787846a41e461cb Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 6 Oct 2021 11:48:02 -0700 Subject: [PATCH 16/22] updates comments and refactors using util function --- ui/app/models/database/role.js | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/ui/app/models/database/role.js b/ui/app/models/database/role.js index 02cb758afa694..3ed255a062034 100644 --- a/ui/app/models/database/role.js +++ b/ui/app/models/database/role.js @@ -3,6 +3,7 @@ import { computed } from '@ember/object'; import { alias } from '@ember/object/computed'; import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities'; import { expandAttributeMeta } from 'vault/utils/field-to-attrs'; +import { getRoleFields } from '../../utils/database-role-fields'; export default Model.extend({ idPrefix: 'role/', @@ -90,11 +91,7 @@ export default Model.extend({ get showFields() { let fields = ['name', 'database', 'type']; - if (this.type === 'dynamic') { - fields = fields.concat(['ttl', 'max_ttl', 'creation_statements', 'revocation_statements']); - } else { - fields = fields.concat(['username', 'rotation_period']); - } + fields = fields.concat(getRoleFields(this.type)).concat(['creation_statements', 'revocation_statements']); return expandAttributeMeta(this, fields); }, @@ -106,9 +103,9 @@ export default Model.extend({ 'username', 'rotation_period', 'creation_statements', - 'creation_statement', // for JSON styling + 'creation_statement', // for editType: JSON 'revocation_statements', - 'revocation_statement', // only for MongoDB (styling difference) + 'revocation_statement', // only for MongoDB (editType: JSON) 'rotation_statements', 'rollback_statements', 'renew_statements', From 2567645f64a608bf9ec575c3b620de0acf574738 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 6 Oct 2021 15:35:37 -0700 Subject: [PATCH 17/22] adds tests for elasticsearch --- .../secrets/backend/database/secret-test.js | 30 +++++++++++++++++-- .../database-role-setting-form-test.js | 5 ++++ .../secrets/backend/database/connection.js | 5 +++- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/ui/tests/acceptance/secrets/backend/database/secret-test.js b/ui/tests/acceptance/secrets/backend/database/secret-test.js index 2123bb8022f9d..d681284be0100 100644 --- a/ui/tests/acceptance/secrets/backend/database/secret-test.js +++ b/ui/tests/acceptance/secrets/backend/database/secret-test.js @@ -34,7 +34,7 @@ const newConnection = async (backend, plugin = 'mongodb-database-plugin') => { await connectionPage.visitCreate({ backend }); await connectionPage.dbPlugin(plugin); await connectionPage.name(name); - await connectionPage.url(`mongodb://127.0.0.1:4321/${name}`); + await connectionPage.connectionUrl(`mongodb://127.0.0.1:4321/${name}`); await connectionPage.toggleVerify(); await connectionPage.save(); await connectionPage.enable(); @@ -42,6 +42,26 @@ const newConnection = async (backend, plugin = 'mongodb-database-plugin') => { }; const connectionTests = [ + { + name: 'elasticsearch-connection', + plugin: 'elasticsearch-database-plugin', + elasticUser: 'username', + elasticPassword: 'password', + url: 'http://127.0.0.1:9200', + requiredFields: async (assert, name) => { + assert.dom('[data-test-input="username"]').exists(`Username field exists for ${name}`); + assert.dom('[data-test-input="password"]').exists(`Password field exists for ${name}`); + assert.dom('[data-test-input="ca_cert"]').exists(`CA certificate field exists for ${name}`); + assert.dom('[data-test-input="ca_path"]').exists(`CA path field exists for ${name}`); + assert.dom('[data-test-input="client_cert"]').exists(`Client certificate field exists for ${name}`); + assert.dom('[data-test-input="client_key"]').exists(`Client key field exists for ${name}`); + assert.dom('[data-test-input="tls_server_name"]').exists(`TLS server name field exists for ${name}`); + assert.dom('[data-test-input="insecure"]').exists(`Insecure checkbox exists for ${name}`); + assert + .dom('[data-test-toggle-input="show-username_template"]') + .exists(`Username template toggle exists for ${name}`); + }, + }, { name: 'mongodb-connection', plugin: 'mongodb-database-plugin', @@ -208,7 +228,13 @@ module('Acceptance | secrets/database/*', function(hooks) { await connectionPage.dbPlugin(testCase.plugin); assert.dom('[data-test-empty-state]').doesNotExist('Empty state goes away after plugin selected'); await connectionPage.name(testCase.name); - await connectionPage.url(testCase.url); + if (testCase.plugin === 'elasticsearch-database-plugin') { + await connectionPage.url(testCase.url); + await connectionPage.username(testCase.elasticUser); + await connectionPage.password(testCase.elasticPassword); + } else { + await connectionPage.connectionUrl(testCase.url); + } testCase.requiredFields(assert, testCase.name); await connectionPage.toggleVerify(); await connectionPage.save(); diff --git a/ui/tests/integration/components/database-role-setting-form-test.js b/ui/tests/integration/components/database-role-setting-form-test.js index c734119516311..f0b153bde1b81 100644 --- a/ui/tests/integration/components/database-role-setting-form-test.js +++ b/ui/tests/integration/components/database-role-setting-form-test.js @@ -19,6 +19,11 @@ const testCases = [ 'renew_statements', ], }, + { + pluginType: 'elasticsearch-database-plugin', + staticRoleFields: ['username', 'rotation_period'], + dynamicRoleFields: ['creation_statement', 'ttl', 'max_ttl'], + }, { pluginType: 'mongodb-database-plugin', staticRoleFields: ['username', 'rotation_period'], diff --git a/ui/tests/pages/secrets/backend/database/connection.js b/ui/tests/pages/secrets/backend/database/connection.js index 9324da5f1e943..75073f8606023 100644 --- a/ui/tests/pages/secrets/backend/database/connection.js +++ b/ui/tests/pages/secrets/backend/database/connection.js @@ -10,7 +10,10 @@ export default create({ dbPlugin: selectable('[data-test-input="plugin_name"]'), name: fillable('[data-test-input="name"]'), toggleVerify: clickable('[data-test-input="verify_connection"]'), - url: fillable('[data-test-input="connection_url"'), + connectionUrl: fillable('[data-test-input="connection_url"]'), + url: fillable('[data-test-input="url"]'), + username: fillable('[data-test-input="username"]'), + password: fillable('[data-test-input="password"]'), save: clickable('[data-test-secret-save=""]'), addRole: clickable('[data-test-secret-create="true"]'), // only from connection show enable: clickable('[data-test-enable-connection=""]'), From 45b671d9bb666b9d7b1c93ab40bea73db5484be2 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 6 Oct 2021 15:46:06 -0700 Subject: [PATCH 18/22] fixes typo --- ui/app/models/database/connection.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index c808b7734a35b..dbfcef34a6138 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -199,7 +199,7 @@ export default Model.extend({ connection_url: attr('string', { label: 'Connection URL', subText: - 'The connection string used to connect to the database. This allows for simple templating of username and password of the root use in the {{field_name}} format.', + 'The connection string used to connect to the database. This allows for simple templating of username and password of the root user in the {{field_name}} format.', }), url: attr('string', { label: 'URL', From 5f39b68544fe08f48981f48929fc3d65fff981d6 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 6 Oct 2021 16:21:57 -0700 Subject: [PATCH 19/22] fixes indentation --- .../components/database-connection.hbs | 170 +++++++++--------- 1 file changed, 85 insertions(+), 85 deletions(-) diff --git a/ui/app/templates/components/database-connection.hbs b/ui/app/templates/components/database-connection.hbs index f0faf056ec455..384770c4549d8 100644 --- a/ui/app/templates/components/database-connection.hbs +++ b/ui/app/templates/components/database-connection.hbs @@ -20,29 +20,29 @@ {{#if @model.canDelete}} - + {{/if}} {{#if @model.canReset}} - - Reset connection - + + Reset connection + {{/if}} {{#if (or @model.canReset @model.canDelete)}} -
+
{{/if}} {{#if @model.canRotateRoot }} {{/if}} {{#if @model.canAddRole}} - - Add role - + + Add role + {{/if}} {{#if @model.canEdit}} - - Edit configuration - + + Edit configuration + {{/if}} @@ -90,7 +90,7 @@ {{/if}} {{/each}} - {{!-- Plugin Config Section --}} + {{!-- Plugin Config Section --}}
Plugin config @@ -104,24 +104,24 @@ {{#each-in fieldGroup as |group fields|}} {{#if (eq group "default")}}
- {{#each fields as |attr|}} - {{#if (contains - attr.name - (array - "max_open_connections" - "max_idle_connections" - "max_connection_lifetime" - ) - )}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{else}} -
- {{form-field data-test-field attr=attr model=@model}} -
- {{/if}} - {{/each}} + {{#each fields as |attr|}} + {{#if (contains + attr.name + (array + "max_open_connections" + "max_idle_connections" + "max_connection_lifetime" + ) + )}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{else}} +
+ {{form-field data-test-field attr=attr model=@model}} +
+ {{/if}} + {{/each}}
{{else}} @@ -337,33 +337,33 @@ {{/each}} {{/if}} - -
-

It’s best practice to rotate the root credential immediately after the initial configuration of each database. Once rotated, only Vault knows the new root password.

-

Would you like to rotate your new credentials? You can also do this later.

-
-
- - -
- \ No newline at end of file + +
+

It’s best practice to rotate the root credential immediately after the initial configuration of each database. Once rotated, only Vault knows the new root password.

+

Would you like to rotate your new credentials? You can also do this later.

+
+
+ + +
+ \ No newline at end of file From ed05ceda3dd3e59120e71979e7c83b21acb70ffa Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Wed, 6 Oct 2021 16:52:40 -0700 Subject: [PATCH 20/22] when local host needs https --- ui/app/models/database/connection.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index dbfcef34a6138..8a68ad85ad9da 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -203,7 +203,7 @@ export default Model.extend({ }), url: attr('string', { label: 'URL', - subText: `The URL for Elasticsearch's API ("http://localhost:9200").`, + subText: `The URL for Elasticsearch's API ("https://localhost:9200").`, }), username: attr('string', { subText: `The name of the user to use as the "root" user when connecting to the database.`, From b6690efa1022657aa605948d1b5a788edd9a8a06 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Thu, 7 Oct 2021 12:04:24 -0700 Subject: [PATCH 21/22] updates text to fix to match tests --- ui/app/models/database/connection.js | 2 +- ui/tests/acceptance/secrets/backend/database/secret-test.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/app/models/database/connection.js b/ui/app/models/database/connection.js index 8a68ad85ad9da..86ba691e0feea 100644 --- a/ui/app/models/database/connection.js +++ b/ui/app/models/database/connection.js @@ -169,7 +169,7 @@ export default Model.extend({ }), // required name: attr('string', { - label: 'Connection Name', + label: 'Connection name', }), plugin_name: attr('string', { label: 'Database plugin', diff --git a/ui/tests/acceptance/secrets/backend/database/secret-test.js b/ui/tests/acceptance/secrets/backend/database/secret-test.js index d681284be0100..e1aca5bc1c223 100644 --- a/ui/tests/acceptance/secrets/backend/database/secret-test.js +++ b/ui/tests/acceptance/secrets/backend/database/secret-test.js @@ -279,8 +279,8 @@ module('Acceptance | secrets/database/*', function(hooks) { plugin: 'mongodb-database-plugin', id: 'horses-db', fields: [ - { label: 'Connection Name', name: 'name', value: 'horses-db' }, - { label: 'Connection url', name: 'connection_url', value: 'mongodb://127.0.0.1:235/horses' }, + { label: 'Connection name', name: 'name', value: 'horses-db' }, + { label: 'Connection URL', name: 'connection_url', value: 'mongodb://127.0.0.1:235/horses' }, { label: 'Username', name: 'username', value: 'user', hideOnShow: true }, { label: 'Password', name: 'password', password: 'so-secure', hideOnShow: true }, { label: 'Write concern', name: 'write_concern' }, From 082945769b73f85ff7531ce6386b087adfbd07d5 Mon Sep 17 00:00:00 2001 From: Claire Bontempo Date: Thu, 7 Oct 2021 12:51:04 -0700 Subject: [PATCH 22/22] adds space below hbs file --- ui/app/templates/components/database-connection.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/app/templates/components/database-connection.hbs b/ui/app/templates/components/database-connection.hbs index 384770c4549d8..c8231368e632f 100644 --- a/ui/app/templates/components/database-connection.hbs +++ b/ui/app/templates/components/database-connection.hbs @@ -366,4 +366,4 @@ Enable without rotating - \ No newline at end of file +