Dynamic OpenAPI UI

CHANGELOG.md

@@ -1,4 +1,4 @@
-## Next
+## 1.0.3 (February 12th, 2019)
 
 CHANGES:
 
@@ -9,6 +9,11 @@ CHANGES:
    entity either by name or by id [GH-6105]
  * The Vault UI's navigation and onboarding wizard now only displays items that
    are permitted in a users' policy [GH-5980, GH-6094]
+ * An issue was fixed that caused recovery keys to not work on secondary 
+   clusters when using a different unseal mechanism/key than the primary. This 
+   would be hit if the cluster was rekeyed or initialized after 1.0. We recommend
+   rekeying the recovery keys on the primary cluster if you meet the above 
+   requirements.
 
 FEATURES:
 
@@ -47,6 +52,8 @@ BUG FIXES:
    a performance standby very quickly, before an associated entity has been
    replicated. If the entity is not found in this scenario, the request will
    forward to the active node.
+ * replication: Fix issue where recovery keys would not work on secondary 
+   clusters if using a different unseal mechanism than the primary.
  * replication: Fix a "failed to register lease" error when using performance
    standbys
  * storage/postgresql: The `Get` method will now return an Entry object with

terraform/aws/variables.tf

@@ -3,7 +3,7 @@
 //-------------------------------------------------------------------
 
 variable "download-url" {
-    default = "https://releases.hashicorp.com/vault/1.0.2/vault_1.0.2_linux_amd64.zip"
+    default = "https://releases.hashicorp.com/vault/1.0.3/vault_1.0.3_linux_amd64.zip"
     description = "URL to download Vault"
 }
 

ui/app/adapters/auth-config/azure.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/gcp.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/github.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/kubernetes.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/ldap.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/okta.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/auth-config/radius.js

@@ -1,2 +1,3 @@
 import AuthConfig from './_base';
+
 export default AuthConfig.extend();

ui/app/adapters/pki-certificate-sign.js

@@ -7,4 +7,8 @@ export default Adapter.extend({
     }
     return `/v1/${role.backend}/sign/${role.name}`;
   },
+
+  pathForType() {
+    return 'sign';
+  },
 });

ui/app/adapters/pki-certificate.js

@@ -13,7 +13,6 @@ export default Adapter.extend({
     }
     return url;
   },
-
   optionsForQuery(id) {
     let data = {};
     if (!id) {

ui/app/adapters/secret-engine.js

@@ -7,16 +7,20 @@ export default ApplicationAdapter.extend({
     return path ? url + '/' + path : url;
   },
 
+  internalURL(path) {
+    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
+    if (path) {
+      url = `${url}/${path}`;
+    }
+    return url;
+  },
+
   pathForType() {
     return 'mounts';
   },
 
   query(store, type, query) {
-    let url = `/${this.urlPrefix()}/internal/ui/mounts`;
-    if (query.path) {
-      url = `${url}/${query.path}`;
-    }
-    return this.ajax(url, 'GET');
+    return this.ajax(this.internalURL(query.path), 'GET');
   },
 
   createRecord(store, type, snapshot) {

ui/app/adapters/secret.js

@@ -34,6 +34,10 @@ export default ApplicationAdapter.extend({
     return url;
   },
 
+  pathForType() {
+    return 'mounts';
+  },
+
   optionsForQuery(id, action, wrapTTL) {
     let data = {};
     if (action === 'query') {

ui/app/components/auth-config-form/config.js

@@ -8,10 +8,16 @@ const AuthConfigBase = Component.extend({
   model: null,
 
   flashMessages: service(),
-
+  router: service(),
+  wizard: service(),
   saveModel: task(function*() {
     try {
-      yield this.get('model').save();
+      yield this.model.save();
+      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+      }
+      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+      this.flashMessages.success('The configuration was saved successfully.');
     } catch (err) {
       // AdapterErrors are handled by the error-message component
       // in the form
@@ -20,7 +26,6 @@ const AuthConfigBase = Component.extend({
       }
       return;
     }
-    this.get('flashMessages').success('The configuration was saved successfully.');
   }),
 });
 

ui/app/components/auth-config-form/options.js

@@ -1,14 +1,21 @@
 import AuthConfigComponent from './config';
+import { inject as service } from '@ember/service';
 import { task } from 'ember-concurrency';
 import DS from 'ember-data';
 
 export default AuthConfigComponent.extend({
+  router: service(),
+  wizard: service(),
   saveModel: task(function*() {
-    const model = this.get('model');
-    let data = model.get('config').serialize();
-    data.description = model.get('description');
+    let data = this.model.config.serialize();
+    data.description = this.model.description;
     try {
-      yield model.tune(data);
+      yield this.model.tune(data);
+      if (this.wizard.currentMachine === 'authentication' && this.wizard.featureState === 'config') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE');
+      }
+      this.router.transitionTo('vault.cluster.access.methods').followRedirects();
+      this.flashMessages.success('The configuration was saved successfully.');
     } catch (err) {
       // AdapterErrors are handled by the error-message component
       // in the form
@@ -17,6 +24,5 @@ export default AuthConfigComponent.extend({
       }
       return;
     }
-    this.get('flashMessages').success('The configuration options were saved successfully.');
   }),
 });

ui/app/components/mount-backend-form.js

@@ -21,7 +21,6 @@ export default Component.extend({
    *
    */
   onMountSuccess() {},
-  onConfigError() {},
   /*
    * @param String
    * @public
@@ -41,63 +40,29 @@ export default Component.extend({
    */
   mountModel: null,
 
-  showConfig: false,
+  showEnable: false,
 
   init() {
     this._super(...arguments);
-    const type = this.get('mountType');
+    const type = this.mountType;
     const modelType = type === 'secret' ? 'secret-engine' : 'auth-method';
-    const model = this.get('store').createRecord(modelType);
+    const model = this.store.createRecord(modelType);
     this.set('mountModel', model);
   },
 
   mountTypes: computed('mountType', function() {
-    return this.get('mountType') === 'secret' ? ENGINES : METHODS;
+    return this.mountType === 'secret' ? ENGINES : METHODS;
   }),
 
   willDestroy() {
     // if unsaved, we want to unload so it doesn't show up in the auth mount list
     this.get('mountModel').rollbackAttributes();
   },
 
-  getConfigModelType(methodType) {
-    let mountType = this.get('mountType');
-    // will be something like secret-aws
-    // or auth-azure
-    let key = `${mountType}-${methodType}`;
-    let noConfig = ['auth-approle', 'auth-alicloud'];
-    if (mountType === 'secret' || noConfig.includes(key)) {
-      return;
-    }
-    if (methodType === 'aws') {
-      return 'auth-config/aws/client';
-    }
-    return `auth-config/${methodType}`;
-  },
-
-  changeConfigModel(methodType) {
-    let mount = this.get('mountModel');
-    if (this.get('mountType') === 'secret') {
-      return;
-    }
-    let configRef = mount.hasMany('authConfigs').value();
-    let currentConfig = configRef && configRef.get('firstObject');
-    if (currentConfig) {
-      // rollbackAttributes here will remove the the config model from the store
-      // because `isNew` will be true
-      currentConfig.rollbackAttributes();
-      currentConfig.unloadRecord();
-    }
-    let configType = this.getConfigModelType(methodType);
-    if (!configType) return;
-    let config = this.get('store').createRecord(configType);
-    config.set('backend', mount);
-  },
-
   checkPathChange(type) {
-    let mount = this.get('mountModel');
-    let currentPath = mount.get('path');
-    let list = this.get('mountTypes');
+    let mount = this.mountModel;
+    let currentPath = mount.path;
+    let list = this.mountTypes;
     // if the current path matches a type (meaning the user hasn't altered it),
     // change it here to match the new type
     let isUnchanged = list.findBy('type', currentPath);
@@ -107,7 +72,7 @@ export default Component.extend({
   },
 
   mountBackend: task(function*() {
-    const mountModel = this.get('mountModel');
+    const mountModel = this.mountModel;
     const { type, path } = mountModel.getProperties('type', 'path');
     try {
       yield mountModel.save();
@@ -116,74 +81,27 @@ export default Component.extend({
       return;
     }
 
-    let mountType = this.get('mountType');
+    let mountType = this.mountType;
     mountType = mountType === 'secret' ? `${mountType}s engine` : `${mountType} method`;
-    this.get('flashMessages').success(`Successfully mounted the ${type} ${mountType} at ${path}.`);
-    if (this.get('mountType') === 'secret') {
-      yield this.get('onMountSuccess')(type, path);
-      return;
-    }
-    yield this.get('saveConfig').perform(mountModel);
-  }).drop(),
-
-  advanceWizard() {
-    this.get('wizard').transitionFeatureMachine(
-      this.get('wizard.featureState'),
-      'CONTINUE',
-      this.get('mountModel').get('type')
-    );
-  },
-  saveConfig: task(function*(mountModel) {
-    const configRef = mountModel.hasMany('authConfigs').value();
-    const { type, path } = mountModel.getProperties('type', 'path');
-    if (!configRef) {
-      this.advanceWizard();
-      yield this.get('onMountSuccess')(type, path);
-      return;
-    }
-    const config = configRef.get('firstObject');
-    try {
-      if (config && Object.keys(config.changedAttributes()).length) {
-        yield config.save();
-        this.advanceWizard();
-        this.get('flashMessages').success(
-          `The config for ${type} ${this.get('mountType')} method at ${path} was saved successfully.`
-        );
-      }
-      yield this.get('onMountSuccess')(type, path);
-    } catch (err) {
-      this.get('flashMessages').danger(
-        `There was an error saving the configuration for ${type} ${this.get(
-          'mountType'
-        )} method at ${path}. ${err.errors.join(' ')}`
-      );
-      yield this.get('onConfigError')(mountModel.id);
-    }
+    this.flashMessages.success(`Successfully mounted the ${type} ${mountType} at ${path}.`);
+    yield this.onMountSuccess(type, path);
+    return;
   }).drop(),
 
   actions: {
     onTypeChange(path, value) {
       if (path === 'type') {
-        this.get('wizard').set('componentState', value);
-        this.changeConfigModel(value);
+        this.wizard.set('componentState', value);
         this.checkPathChange(value);
       }
     },
 
-    toggleShowConfig(value) {
-      this.set('showConfig', value);
-      if (value === true && this.get('wizard.featureState') === 'idle') {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'CONTINUE',
-          this.get('mountModel').get('type')
-        );
+    toggleShowEnable(value) {
+      this.set('showEnable', value);
+      if (value === true && this.wizard.featureState === 'idle') {
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE', this.mountModel.type);
       } else {
-        this.get('wizard').transitionFeatureMachine(
-          this.get('wizard.featureState'),
-          'RESET',
-          this.get('mountModel').get('type')
-        );
+        this.wizard.transitionFeatureMachine(this.wizard.featureState, 'RESET', this.mountModel.type);
       }
     },
   },

ui/app/controllers/vault/cluster/settings/auth/enable.js

@@ -4,14 +4,10 @@ import Controller from '@ember/controller';
 export default Controller.extend({
   wizard: service(),
   actions: {
-    onMountSuccess: function(type) {
-      let transition = this.transitionToRoute('vault.cluster.access.methods');
-      return transition.followRedirects().then(() => {
-        this.get('wizard').transitionFeatureMachine(this.get('wizard.featureState'), 'CONTINUE', type);
-      });
-    },
-    onConfigError: function(modelId) {
-      return this.transitionToRoute('vault.cluster.settings.auth.configure', modelId);
+    onMountSuccess: function(type, path) {
+      this.wizard.transitionFeatureMachine(this.wizard.featureState, 'CONTINUE', type);
+      let transition = this.transitionToRoute('vault.cluster.settings.auth.configure', path);
+      return transition.followRedirects();
     },
   },
 });

ui/app/machines/auth-machine.js

@@ -22,16 +22,16 @@ export default {
         { type: 'render', level: 'step', component: 'wizard/auth-enable' },
       ],
       on: {
-        CONTINUE: 'list',
+        CONTINUE: 'config',
       },
     },
-    list: {
+    config: {
       onEntry: [
-        { type: 'render', level: 'step', component: 'wizard/auth-list' },
         { type: 'render', level: 'feature', component: 'wizard/mounts-wizard' },
+        { type: 'render', level: 'step', component: 'wizard/auth-config' },
       ],
       on: {
-        DETAILS: 'details',
+        CONTINUE: 'details',
       },
     },
     details: {