UI: PKI generate cert from role #18300
Conversation
| @@ -37,7 +37,7 @@ import { inject as service } from '@ember/service'; | |||
|
|
|||
| export default class Attribution extends Component { | |||
| @tracked showCSVDownloadModal = false; | |||
| @service downloadCsv; | |||
| @service download; | |||
| const { backend, serialNumber, certificate } = snapshot.record; | ||
| // Revoke certificate requires either serial_number or certificate | ||
| const data = serialNumber ? { serial_number: serialNumber } : { certificate }; | ||
| return this.ajax(`${this.buildURL()}/${backend}/revoke`, 'POST', { data }); |
There was a problem hiding this comment.
Should encodePath be used for the backend value here as well?
| export function parsePkiCert([model]) { | ||
| // model has to be the responseJSON from PKI serializer | ||
| // return if no certificate or if the "certificate" is actually a CRL | ||
| if (!model.certificate || model.certificate.includes('BEGIN X509 CRL')) { | ||
| return; | ||
| } |
There was a problem hiding this comment.
Would it be better to pass the certificate value in here rather than the model?
There was a problem hiding this comment.
I was trying to rearrange in such a way that it was as noninvasive to other areas as possible. Given that, I think we will likely deprecate this particular method for the one that receives only the cert when we get to that area of the new PKI engine
|
|
||
| const certDisplayFields = ['certificate', 'commonName', 'serialNumber', 'notValidAfter', 'notValidBefore']; | ||
|
|
||
| @withFormFields(certDisplayFields, null) |
There was a problem hiding this comment.
Small nit but the second arg to this decorator can be omitted unless it's an array.
| @@ -0,0 +1,36 @@ | |||
| import Service from '@ember/service'; | |||
|
|
|||
| export default class DownloadService extends Service { | |||
There was a problem hiding this comment.
Nice making this flexible for different file types! 🎉
| @@ -3,12 +3,12 @@ import Service from '@ember/service'; | |||
| // this service tracks the path of the currently viewed secret mount | |||
| // so that we can access that inside of engines where parent route params | |||
| // are not accessible | |||
| export default Service.extend({ | |||
| currentPath: null, | |||
| export default class SecretMountPath extends Service { | |||
| model: PkiCertificateGenerateModel; | ||
| } | ||
|
|
||
| interface PkiCertificateGenerateModel { |
There was a problem hiding this comment.
TS question. If the model was typescript would this interface belong in that file instead?
There was a problem hiding this comment.
Yes, ideally once the models are TS we can just import from there! For now we're just making the component happy :)
| } | ||
|
|
||
| @action cancel() { | ||
| this.args.model.deleteRecord(); |
There was a problem hiding this comment.
Curious if unloadRecord would be more appropriate here? deleteRecord marks the record as deleted but I don't think it will remove it from the store or do anything else unless you call save but then it would make a delete request to the server.
There was a problem hiding this comment.
Ah yes thank you, I was looking for unloadRecord!
| <PageHeader as |p|> | ||
| <p.top> | ||
| <Page::Breadcrumbs @breadcrumbs={{this.breadcrumbs}} /> | ||
| </p.top> | ||
| <p.levelLeft> | ||
| <h1 class="title is-3"> | ||
| <Icon @name="file-text" @size="24" class="has-text-grey-light" /> | ||
| {{this.title}} | ||
| </h1> | ||
| </p.levelLeft> | ||
| </PageHeader> | ||
| <div class="tabs-container box is-bottomless is-marginless is-fullwidth is-paddingless"> | ||
| <nav class="tabs" aria-label="secret tabs"> | ||
| <ul> | ||
| {{#each this.tabs as |oTab|}} | ||
| <LinkTo @route={{oTab.route}} data-test-tab={{oTab.route}}> | ||
| {{oTab.label}} | ||
| </LinkTo> | ||
| {{/each}} | ||
| </ul> | ||
| </nav> | ||
| </div> | ||
|
|
||
| <div class="box is-sideless has-background-white-bis has-text-grey has-text-centered has-tall-padding" data-test-pki-error> | ||
| {{#if (eq this.model.httpStatus 404)}} | ||
| <h1 class="title is-3 has-text-grey"> | ||
| 404 Not Found | ||
| </h1> | ||
| <p>Sorry, we were unable to find any content at <code>{{or this.model.path this.path}}</code>.</p> | ||
| {{else if (eq this.model.httpStatus 403)}} | ||
| <h1 class="title is-3 has-text-grey"> | ||
| Not authorized | ||
| </h1> | ||
| <p>You are not authorized to access content at <code>{{or this.model.path this.path}}</code>.</p> | ||
| {{else}} | ||
| <h1 class="title is-3 has-text-grey"> | ||
| Error | ||
| </h1> | ||
| <p> | ||
| {{#if this.model.message}} | ||
| <p>{{this.model.message}}</p> | ||
| {{/if}} | ||
| {{#each this.model.errors as |error|}} | ||
| <p>{{error}}</p> | ||
| {{/each}} | ||
| </p> | ||
| {{/if}} | ||
| </div> |
There was a problem hiding this comment.
This is something I hadn't considered within an engine. I'm wondering if this could be moved to a component in the core addon for wider use and consistency across engines that might need it?
There was a problem hiding this comment.
This was sort of a rogue change on my part, and I didn't put it in the addon as a component because we already have a components in Vault that should cover this use case, except they didn't move gracefully into addons for use in engines.
I'm not opposed to making a generic-ish component, but I think it should be as a part of cleaning up the existing ones: BlockError, NotFound (why does it take an entire model 😭), Clients::Error, Error template can/should all use or be replaced by the new generic addon error component
There was a problem hiding this comment.
Cool ya I agree with that but out of scope right now. I realized after the fact that the error template from the secrets backend route is being displayed in the kubernetes engine.
|
I was testing in the k8s engine and I'm seeing a generic 404 page so if your error template is specific to PKI please ignore my comment on moving to the core addon 😁
|
This PR adds the ability to generate, revoke, and download a certificate from a role.