upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-06-09 08:55:13 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

PKI role create: fix issue with setting default key_bits on init and when key_type changes (#17613)

Browse source 
* working

* fix issue with signature bits

* fix ember upgrade change

* clean up

* fix signature bits to number

* default value in model

* fix language
This commit is contained in:
Angel Garbarino 2022-10-19 14:28:43 -07:00 committed by GitHub
parent 777474050b
commit c5b7047f34
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 124 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
ui/app/models/pki/pki-role-engine.js
View file

@ -1,6 +1,5 @@
import Model, { attr } from '@ember-data/model';
import lazyCapabilities, { apiPath } from 'vault/macros/lazy-capabilities';
import { expandAttributeMeta } from 'vault/utils/field-to-attrs';
import { withModelValidations } from 'vault/decorators/model-validations';
import fieldToAttrs from 'vault/utils/field-to-attrs';
@ -105,21 +104,9 @@ export default class PkiRoleEngineModel extends Model {
@attr('string', {
label: 'Key bits',
defaultValue: 2048,
})
keyBits;
// "possibleValues" for the field "keyBits" depends on the value of the selected "keyType"
get keyBitsConditional() {
const keyBitOptions = {
rsa: [2048, 3072, 4096],
ec: [256, 224, 384, 521],
ed25519: [0],
any: [0],
};
const attrs = expandAttributeMeta(this, ['keyBits']);
attrs[0].options['possibleValues'] = keyBitOptions[this.keyType];
return attrs[0];
}
keyBits; // keyBits is a conditional value based on keyType. The model param is handled in the pkiKeyParameters component.
@attr('number', {
label: 'Signature bits',
@ -286,11 +273,6 @@ export default class PkiRoleEngineModel extends Model {
docLink: '/api-docs/secret/pki#allowed_domains',
},
},
'Key parameters': {
header: {
text: `These are the parameters for generating or validating the certificate's key material.`,
},
},
'Subject Alternative Name (SAN) Options': {
header: {
text: `Subject Alternative Names (SANs) are identities (domains, IP addresses, and URIs) Vault attaches to the requested certificates.`,

67
ui/lib/pki/addon/components/pki-key-parameters.hbs Normal file
View file

@ -0,0 +1,67 @@
{{#let (camelize (concat "show" @group)) as |prop|}}
<ToggleButton
@isOpen={{get @model prop}}
@openLabel={{concat "Hide " @group}}
@closedLabel={{@group}}
@onClick={{fn (mut (get @model prop))}}
class="is-block"
data-test-toggle-group={{@group}}
/>
{{#if (get @model prop)}}
<div class="box is-tall is-marginless">
<FormFieldLabel
for="keyParametersLabel"
@subText="These are the parameters for generating or validating the certificate's key material."
/>
{{#each @model.fieldGroups as |fieldGroup|}}
{{#each-in fieldGroup as |group fields|}}
{{#if (eq group "Key parameters")}}
{{#each fields as |attr|}}
{{#if (eq attr.name "keyBits")}}
<div class="field">
<FormFieldLabel for={{attr.name}} @label={{attr.options.label}} />
<div class="control is-expanded">
<div class="select is-fullwidth">
<select
name={{attr.name}}
id={{attr.name}}
onchange={{this.onKeyBitsChange}}
data-test-input={{attr.name}}
>
{{#each this.keyBitOptions as |val|}}
<option selected={{eq (get @model this.valuePath) (or val.value val)}} value={{val}}>
{{val}}
</option>
{{/each}}
</select>
</div>
</div>
</div>
{{else}}
<div class="field">
<FormFieldLabel for={{attr.name}} @label={{attr.options.label}} />
<div class="control is-expanded">
<div class="select is-fullwidth">
<select
name={{attr.name}}
id={{attr.name}}
onchange={{fn this.onSignatureBitsOrKeyTypeChange attr.name}}
data-test-input={{attr.name}}
>
{{#each (path-or-array attr.options.possibleValues @model) as |val|}}
<option selected={{eq (get @model this.valuePath) (or val.value val)}} value={{or val.value val}}>
{{or val.displayName val}}
</option>
{{/each}}
</select>
</div>
</div>
</div>
{{/if}}
{{/each}}
{{/if}}
{{/each-in}}
{{/each}}
</div>
{{/if}}
{{/let}}

45
ui/lib/pki/addon/components/pki-key-parameters.js Normal file
View file

@ -0,0 +1,45 @@
import Component from '@glimmer/component';
import { action } from '@ember/object';
/**
* @module PkiKeyParameters
* PkiKeyParameters components are used to set the default and update the key_bits pki role api param whenever the key_type changes.
* key_bits is conditional on key_type and should be set as a default value whenever key_type changes.
* @example
* ```js
* <PkiKeyParameters @model={@model} @group={group}/>
* ```
* @param {class} model - The pki/pki-role-engine model.
* @param {string} group - The name of the group created in the model. In this case, it's the "Key parameters" group.
*/
const KEY_BITS_OPTIONS = {
rsa: [2048, 3072, 4096],
ec: [256, 224, 384, 521],
ed25519: [0],
any: [0],
};
export default class PkiKeyParameters extends Component {
get keyBitOptions() {
return KEY_BITS_OPTIONS[this.args.model.keyType];
}
get keyBitsDefault() {
return Number(KEY_BITS_OPTIONS[this.args.model.keyType][0]);
}
@action onKeyBitsChange(selection) {
this.args.model.set('keyBits', Number(selection.target.value));
}
@action onSignatureBitsOrKeyTypeChange(name, selection) {
if (name === 'signatureBits') {
this.args.model.set(name, Number(selection.target.value));
}
if (name === 'keyType') {
this.args.model.set(name, selection.target.value);
this.args.model.set('keyBits', this.keyBitsDefault);
}
}
}

4
ui/lib/pki/addon/components/pki-role-form.hbs
View file

@ -48,6 +48,8 @@
{{/each}}
{{else if (eq group "Key usage")}}
<PkiKeyUsage @model={{@model}} @group={{group}} />
{{else if (eq group "Key parameters")}}
<PkiKeyParameters @model={{@model}} @group={{group}} />
{{else}}
{{! Groups hidden behind Toggles }}
{{#let (camelize (concat "show" group)) as |prop|}}
@ -77,7 +79,7 @@
{{#each fields as |attr|}}
<FormField
data-test-field={{true}}
@attr={{if (eq attr.name "keyBits") @model.keyBitsConditional attr}}
@attr={{attr}}
@model={{@model}}
@modelValidations={{@modelValidations}}
@showHelpText={{false}}

4
ui/lib/pki/addon/templates/configuration/index.hbs
View file

@ -10,10 +10,10 @@
/>
<Toolbar>
<ToolbarActions>
<ToolbarLink @params={{array "configuration.tidy"}}>
<ToolbarLink @route="configuration.tidy">
Tidy
</ToolbarLink>
<ToolbarLink @params={{array "configuration.edit"}}>
<ToolbarLink @route="configuration.edit">
Edit configuration
</ToolbarLink>
</ToolbarActions>

2
ui/lib/pki/addon/templates/issuers/index.hbs
View file

@ -10,7 +10,7 @@
/>
<Toolbar>
<ToolbarActions>
<ToolbarLink @params={{array "configuration.create.import-ca"}}>
<ToolbarLink @route="configuration.create.import-ca">
Import
</ToolbarLink>
<BasicDropdown @class="popup-menu" @horizontalPosition="auto-right" @verticalPosition="below" as |D|>

4
ui/lib/pki/addon/templates/keys/index.hbs
View file

@ -10,10 +10,10 @@
/>
<Toolbar>
<ToolbarActions>
<ToolbarLink @params={{array "keys.import"}} @type="download">
<ToolbarLink @route="keys.import" @type="download">
Import
</ToolbarLink>
<ToolbarLink @params={{array "keys.generate"}} @type="add">
<ToolbarLink @route="keys.generate" @type="add">
Generate
</ToolbarLink>
</ToolbarActions>

2
ui/lib/pki/addon/templates/overview.hbs
View file

@ -10,7 +10,7 @@
/>
<Toolbar>
<ToolbarActions>
<ToolbarLink @params={{array "configuration.create.index"}}>
<ToolbarLink @route="configuration.create.index">
Configure PKI
</ToolbarLink>
</ToolbarActions>

2
ui/lib/pki/addon/templates/roles/index.hbs
View file

@ -10,7 +10,7 @@
/>
<Toolbar>
<ToolbarActions>
<ToolbarLink @type="add" @params={{array "roles.create"}}>
<ToolbarLink @type="add" @route="roles.create">
Create role
</ToolbarLink>
</ToolbarActions>