/
credentials.js
85 lines (77 loc) · 2.63 KB
/
credentials.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
import { resolve } from 'rsvp';
import Route from '@ember/routing/route';
import { inject as service } from '@ember/service';
import ControlGroupError from 'vault/lib/control-group-error';
const SUPPORTED_DYNAMIC_BACKENDS = ['database', 'ssh', 'aws', 'pki'];
export default Route.extend({
templateName: 'vault/cluster/secrets/backend/credentials',
pathHelp: service('path-help'),
store: service(),
backendModel() {
return this.modelFor('vault.cluster.secrets.backend');
},
beforeModel() {
const { backend } = this.paramsFor('vault.cluster.secrets.backend');
if (backend != 'ssh') {
return;
}
let modelType = 'ssh-otp-credential';
return this.pathHelp.getNewModel(modelType, backend);
},
getDatabaseCredential(backend, secret, roleType = '') {
return this.store.queryRecord('database/credential', { backend, secret, roleType }).catch(error => {
if (error instanceof ControlGroupError) {
throw error;
}
// Unless it's a control group error, we want to pass back error info
// so we can render it on the GenerateCredentialsDatabase component
let status = error?.httpStatus;
let title;
let message = `We ran into a problem and could not continue: ${
error?.errors ? error.errors[0] : 'See Vault logs for details.'
}`;
if (status === 403) {
// 403 is forbidden
title = 'You are not authorized';
message =
"Role wasn't found or you do not have permissions. Ask your administrator if you think you should have access.";
}
return {
errorHttpStatus: status,
errorTitle: title,
errorMessage: message,
};
});
},
async model(params) {
let role = params.secret;
let backendModel = this.backendModel();
let backendPath = backendModel.get('id');
let backendType = backendModel.get('type');
let roleType = params.roleType;
let dbCred;
if (backendType === 'database') {
dbCred = await this.getDatabaseCredential(backendPath, role, roleType);
}
if (!SUPPORTED_DYNAMIC_BACKENDS.includes(backendModel.get('type'))) {
return this.transitionTo('vault.cluster.secrets.backend.list-root', backendPath);
}
return resolve({
backendPath,
backendType,
roleName: role,
roleType,
dbCred,
});
},
resetController(controller) {
controller.reset();
},
actions: {
willTransition() {
// we do not want to save any of the credential information in the store.
// once the user navigates away from this page, remove all credential info.
this.store.unloadAll('database/credential');
},
},
});