New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI/Add Elasticsearch DB #12672
UI/Add Elasticsearch DB #12672
Changes from all commits
d585b55
b7d7dd6
006df83
cabf6b0
6607482
19ca5d8
e3d798d
93df386
cb68a65
4fc1887
49c8350
9692c6e
e5be1f2
d657d87
989c451
b7765cf
a962b45
2567645
785f191
45b671d
5f39b68
ed05ced
b6690ef
0829457
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
```release-note:feature | ||
**Elasticsearch in the UI**: Elasticsearch DB is now supported by the UI | ||
``` |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -121,6 +121,26 @@ const AVAILABLE_PLUGIN_TYPES = [ | |
{ attr: 'root_rotation_statements', group: 'statements' }, | ||
], | ||
}, | ||
{ | ||
value: 'elasticsearch-database-plugin', | ||
displayName: 'Elasticsearch', | ||
fields: [ | ||
{ attr: 'plugin_name' }, | ||
{ attr: 'name' }, | ||
{ attr: 'verify_connection' }, | ||
{ attr: 'password_policy' }, | ||
{ attr: 'url', group: 'pluginConfig' }, | ||
{ attr: 'username', group: 'pluginConfig', show: false }, | ||
{ attr: 'password', group: 'pluginConfig', show: false }, | ||
{ attr: 'ca_cert', group: 'pluginConfig' }, | ||
{ attr: 'ca_path', group: 'pluginConfig' }, | ||
{ attr: 'client_cert', group: 'pluginConfig' }, | ||
{ attr: 'client_key', group: 'pluginConfig' }, | ||
{ attr: 'tls_server_name', group: 'pluginConfig' }, | ||
{ attr: 'insecure', group: 'pluginConfig' }, | ||
{ attr: 'username_template', group: 'pluginConfig' }, | ||
], | ||
}, | ||
]; | ||
|
||
/** | ||
|
@@ -149,7 +169,7 @@ export default Model.extend({ | |
}), | ||
// required | ||
name: attr('string', { | ||
label: 'Connection Name', | ||
label: 'Connection name', | ||
}), | ||
plugin_name: attr('string', { | ||
label: 'Database plugin', | ||
|
@@ -177,22 +197,38 @@ export default Model.extend({ | |
|
||
// common fields | ||
connection_url: attr('string', { | ||
subText: 'The connection string used to connect to the database.', | ||
label: 'Connection URL', | ||
subText: | ||
'The connection string used to connect to the database. This allows for simple templating of username and password of the root user in the {{field_name}} format.', | ||
}), | ||
url: attr('string', { | ||
subText: | ||
'The connection string used to connect to the database. This allows for simple templating of username and password of the root user.', | ||
label: 'URL', | ||
subText: `The URL for Elasticsearch's API ("https://localhost:9200").`, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Connection works if |
||
}), | ||
username: attr('string', { | ||
subText: 'Optional. The name of the user to use as the "root" user when connecting to the database.', | ||
subText: `The name of the user to use as the "root" user when connecting to the database.`, | ||
}), | ||
password: attr('string', { | ||
subText: | ||
'Optional. The password to use when connecting to the database. Typically used in the connection_url field via the templating directive {{password}}.', | ||
subText: 'The password to use when connecting with the above username.', | ||
editType: 'password', | ||
}), | ||
|
||
Monkeychip marked this conversation as resolved.
Show resolved
Hide resolved
|
||
// optional | ||
ca_cert: attr('string', { | ||
hellobontempo marked this conversation as resolved.
Show resolved
Hide resolved
|
||
label: 'CA certificate', | ||
subText: `The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.`, | ||
}), | ||
ca_path: attr('string', { | ||
label: 'CA path', | ||
subText: `The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.`, | ||
}), | ||
client_cert: attr('string', { | ||
label: 'Client certificate', | ||
subText: 'The path to the certificate for the Elasticsearch client to present for communication.', | ||
}), | ||
client_key: attr('string', { | ||
subText: 'The path to the key for the Elasticsearch client to use for communication.', | ||
}), | ||
hosts: attr('string', {}), | ||
host: attr('string', {}), | ||
port: attr('string', {}), | ||
|
@@ -220,6 +256,10 @@ export default Model.extend({ | |
max_connection_lifetime: attr('string', { | ||
defaultValue: '0s', | ||
}), | ||
insecure: attr('boolean', { | ||
defaultValue: false, | ||
label: 'Disable SSL verification', | ||
}), | ||
tls: attr('string', { | ||
label: 'TLS Certificate Key', | ||
helpText: | ||
|
@@ -232,12 +272,20 @@ export default Model.extend({ | |
'x509 CA file for validating the certificate presented by the MongoDB server. Must be PEM encoded.', | ||
editType: 'file', | ||
}), | ||
tls_server_name: attr('string', { | ||
label: 'TLS server name', | ||
subText: 'If set, this name is used to set the SNI host when connecting via 1TLS.', | ||
}), | ||
root_rotation_statements: attr({ | ||
subText: `The database statements to be executed to rotate the root user's credentials. If nothing is entered, Vault will use a reasonable default.`, | ||
editType: 'stringArray', | ||
defaultShown: 'Default', | ||
}), | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Databases unsupported by the UI will trigger |
||
isAvailablePlugin: computed('plugin_name', function() { | ||
return !!AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name); | ||
}), | ||
|
||
showAttrs: computed('plugin_name', function() { | ||
const fields = AVAILABLE_PLUGIN_TYPES.find(a => a.value === this.plugin_name) | ||
.fields.filter(f => f.show !== false) | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,6 +3,7 @@ import { computed } from '@ember/object'; | |
import { alias } from '@ember/object/computed'; | ||
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities'; | ||
import { expandAttributeMeta } from 'vault/utils/field-to-attrs'; | ||
import { getRoleFields } from '../../utils/database-role-fields'; | ||
|
||
export default Model.extend({ | ||
idPrefix: 'role/', | ||
|
@@ -90,11 +91,7 @@ export default Model.extend({ | |
|
||
get showFields() { | ||
let fields = ['name', 'database', 'type']; | ||
if (this.type === 'dynamic') { | ||
fields = fields.concat(['ttl', 'max_ttl', 'creation_statements', 'revocation_statements']); | ||
} else { | ||
fields = fields.concat(['username', 'rotation_period']); | ||
} | ||
fields = fields.concat(getRoleFields(this.type)).concat(['creation_statements', 'revocation_statements']); | ||
return expandAttributeMeta(this, fields); | ||
}, | ||
|
||
|
@@ -106,9 +103,9 @@ export default Model.extend({ | |
'username', | ||
'rotation_period', | ||
'creation_statements', | ||
'creation_statement', // only for MongoDB (styling difference) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No longer just for MongoDB, Elasticsearch needed as well :) |
||
'creation_statement', // for editType: JSON | ||
'revocation_statements', | ||
'revocation_statement', // only for MongoDB (styling difference) | ||
'revocation_statement', // only for MongoDB (editType: JSON) | ||
'rotation_statements', | ||
'rollback_statements', | ||
'renew_statements', | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This update is to match verbiage from design docs