-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI: PKI generate cert from role #18300
Conversation
@@ -37,7 +37,7 @@ import { inject as service } from '@ember/service'; | |||
|
|||
export default class Attribution extends Component { | |||
@tracked showCSVDownloadModal = false; | |||
@service downloadCsv; | |||
@service download; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👏
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work! Mostly questions or suggestions on my end and nothing really blocking. If you agree, it would be nice to move the error template over to a component in the core addon prior to merging.
const { backend, serialNumber, certificate } = snapshot.record; | ||
// Revoke certificate requires either serial_number or certificate | ||
const data = serialNumber ? { serial_number: serialNumber } : { certificate }; | ||
return this.ajax(`${this.buildURL()}/${backend}/revoke`, 'POST', { data }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should encodePath
be used for the backend
value here as well?
export function parsePkiCert([model]) { | ||
// model has to be the responseJSON from PKI serializer | ||
// return if no certificate or if the "certificate" is actually a CRL | ||
if (!model.certificate || model.certificate.includes('BEGIN X509 CRL')) { | ||
return; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it be better to pass the certificate value in here rather than the model?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was trying to rearrange in such a way that it was as noninvasive to other areas as possible. Given that, I think we will likely deprecate this particular method for the one that receives only the cert when we get to that area of the new PKI engine
|
||
const certDisplayFields = ['certificate', 'commonName', 'serialNumber', 'notValidAfter', 'notValidBefore']; | ||
|
||
@withFormFields(certDisplayFields, null) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small nit but the second arg to this decorator can be omitted unless it's an array.
@@ -0,0 +1,36 @@ | |||
import Service from '@ember/service'; | |||
|
|||
export default class DownloadService extends Service { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice making this flexible for different file types! 🎉
@@ -3,12 +3,12 @@ import Service from '@ember/service'; | |||
// this service tracks the path of the currently viewed secret mount | |||
// so that we can access that inside of engines where parent route params | |||
// are not accessible | |||
export default Service.extend({ | |||
currentPath: null, | |||
export default class SecretMountPath extends Service { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
✨
model: PkiCertificateGenerateModel; | ||
} | ||
|
||
interface PkiCertificateGenerateModel { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TS question. If the model was typescript would this interface belong in that file instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, ideally once the models are TS we can just import from there! For now we're just making the component happy :)
} | ||
|
||
@action cancel() { | ||
this.args.model.deleteRecord(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious if unloadRecord
would be more appropriate here? deleteRecord
marks the record as deleted but I don't think it will remove it from the store or do anything else unless you call save
but then it would make a delete request to the server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah yes thank you, I was looking for unloadRecord
!
<PageHeader as |p|> | ||
<p.top> | ||
<Page::Breadcrumbs @breadcrumbs={{this.breadcrumbs}} /> | ||
</p.top> | ||
<p.levelLeft> | ||
<h1 class="title is-3"> | ||
<Icon @name="file-text" @size="24" class="has-text-grey-light" /> | ||
{{this.title}} | ||
</h1> | ||
</p.levelLeft> | ||
</PageHeader> | ||
<div class="tabs-container box is-bottomless is-marginless is-fullwidth is-paddingless"> | ||
<nav class="tabs" aria-label="secret tabs"> | ||
<ul> | ||
{{#each this.tabs as |oTab|}} | ||
<LinkTo @route={{oTab.route}} data-test-tab={{oTab.route}}> | ||
{{oTab.label}} | ||
</LinkTo> | ||
{{/each}} | ||
</ul> | ||
</nav> | ||
</div> | ||
|
||
<div class="box is-sideless has-background-white-bis has-text-grey has-text-centered has-tall-padding" data-test-pki-error> | ||
{{#if (eq this.model.httpStatus 404)}} | ||
<h1 class="title is-3 has-text-grey"> | ||
404 Not Found | ||
</h1> | ||
<p>Sorry, we were unable to find any content at <code>{{or this.model.path this.path}}</code>.</p> | ||
{{else if (eq this.model.httpStatus 403)}} | ||
<h1 class="title is-3 has-text-grey"> | ||
Not authorized | ||
</h1> | ||
<p>You are not authorized to access content at <code>{{or this.model.path this.path}}</code>.</p> | ||
{{else}} | ||
<h1 class="title is-3 has-text-grey"> | ||
Error | ||
</h1> | ||
<p> | ||
{{#if this.model.message}} | ||
<p>{{this.model.message}}</p> | ||
{{/if}} | ||
{{#each this.model.errors as |error|}} | ||
<p>{{error}}</p> | ||
{{/each}} | ||
</p> | ||
{{/if}} | ||
</div> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is something I hadn't considered within an engine. I'm wondering if this could be moved to a component in the core addon for wider use and consistency across engines that might need it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was sort of a rogue change on my part, and I didn't put it in the addon as a component because we already have a components in Vault that should cover this use case, except they didn't move gracefully into addons for use in engines.
I'm not opposed to making a generic-ish component, but I think it should be as a part of cleaning up the existing ones: BlockError
, NotFound
(why does it take an entire model 😭), Clients::Error
, Error
template can/should all use or be replaced by the new generic addon error component
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool ya I agree with that but out of scope right now. I realized after the fact that the error template from the secrets backend route is being displayed in the kubernetes engine.
This PR adds the ability to generate, revoke, and download a certificate from a role.