From c006568085763f0428790c024a570825ca588a66 Mon Sep 17 00:00:00 2001 From: Angel Garbarino Date: Thu, 3 Oct 2024 13:49:21 -0600 Subject: [PATCH] Handle promise-proxy deprecation (#28563) * fix promise issues on transformation-edit * fix one test and the transition problem * cannot call capabilities service directly inside template because its an unresolved promise * address transit capabilities issues * remove deprecations line for promise-proxies * handle hot mess of delete permissions and such * blah * update flash message language. It will now show a flash message for each role whose transformationw as not removed. * small wording change * one small change to the default flash message * Update ui/app/components/transformation-edit.js Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> * Update ui/app/components/transformation-edit.js Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> * Update ui/app/components/transformation-edit.js Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> * fix policy flow * fix linting and can't define let outside if block * fix flashmessage things * make show and edit use same param --------- Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com> --- ui/app/components/alphabet-edit.hbs | 4 +- ui/app/components/transformation-edit.js | 74 +++++++++---------- ui/app/models/transit-key.js | 16 ++-- ui/app/routes/vault/cluster/policy/show.js | 1 - .../components/transform-role-edit.hbs | 4 +- .../components/transform-template-edit.hbs | 4 +- .../components/transformation-edit.hbs | 4 +- ui/app/templates/components/transit-edit.hbs | 3 +- .../components/transit-form-edit.hbs | 4 +- .../components/transit-form-show.hbs | 2 +- .../templates/vault/cluster/policy/edit.hbs | 4 +- .../templates/vault/cluster/policy/show.hbs | 2 +- ui/config/deprecation-workflow.js | 1 - .../components/transit-edit-test.js | 6 ++ 14 files changed, 68 insertions(+), 61 deletions(-) diff --git a/ui/app/components/alphabet-edit.hbs b/ui/app/components/alphabet-edit.hbs index f35121b10caf..0318ee17c5ea 100644 --- a/ui/app/components/alphabet-edit.hbs +++ b/ui/app/components/alphabet-edit.hbs @@ -30,7 +30,7 @@ {{#if (eq this.mode "show")}} - {{#if this.capabilities.canDelete}} + {{#if this.model.updatePath.canDelete}}
{{/if}} - {{#if this.capabilities.canUpdate}} + {{#if this.model.updatePath.canUpdate}} { - let transformations = roleStore.transformations; - if (role.action === 'ADD') { - transformations = addToList(transformations, transformationId); - } else if (role.action === 'REMOVE') { - transformations = removeFromList(transformations, transformationId); - } - roleStore.setProperties({ - backend, - transformations, - }); - return roleStore.save().catch((e) => { - return { - errorStatus: e.httpStatus, - ...role, - }; - }); - }) .catch((e) => { if (e.httpStatus !== 403 && role.action === 'ADD') { // If role doesn't yet exist, create it with this transformation attached @@ -64,29 +46,45 @@ export default TransformBase.extend({ errorStatus: e.httpStatus, }; }); + // if an error occurs while querying the role, exit function and return the error + if (roleRecord.errorStatus) return roleRecord; + // otherwise update the role with the transformation and save + let transformations = roleRecord.transformations; + if (role.action === 'ADD') { + transformations = addToList(transformations, transformationId); + } else if (role.action === 'REMOVE') { + transformations = removeFromList(transformations, transformationId); + } + roleRecord.setProperties({ + backend, + transformations, + }); + return roleRecord.save().catch((e) => { + return { + errorStatus: e.httpStatus, + ...role, + }; + }); }, handleUpdateRoles(updateRoles, transformationId) { if (!updateRoles) return; - const backend = this.model.backend; - const promises = updateRoles.map((r) => this.updateOrCreateRole(r, transformationId, backend)); - - Promise.all(promises).then((results) => { - const hasError = results.find((role) => !!role.errorStatus); - - if (hasError) { - let message = - 'The edits to this transformation were successful, but transformations for its roles was not edited due to a lack of permissions.'; - if (results.find((e) => !!e.errorStatus && e.errorStatus !== 403)) { - // if the errors weren't all due to permissions show generic message - // eg. trying to update a role with empty array as transformations - message = `You've edited the allowed_roles for this transformation. However, the corresponding edits to some roles' transformations were not made`; - } - this.flashMessages.info(message, { - sticky: true, - priority: 300, - }); + const { backend } = this.model; + updateRoles.forEach(async (record) => { + // For each role that needs to be updated, update the role with the transformation. + const updateOrCreateResponse = await this.updateOrCreateRole(record, transformationId, backend); + // If an error was returned, check error type and show a message. + const errorStatus = updateOrCreateResponse?.errorStatus; + let message; + if (errorStatus == 403) { + message = `The edits to this transformation were successful, but transformations for the role ${record.id} were not edited due to a lack of permissions.`; + } else if (errorStatus) { + message = `You've edited the allowed_roles for this transformation. However, there was a problem updating the role: ${record.id}.`; } + this.flashMessages.info(message, { + sticky: true, + priority: 300, + }); }); }, diff --git a/ui/app/models/transit-key.js b/ui/app/models/transit-key.js index 8cd8b1e4b9da..f7b7e8d74413 100644 --- a/ui/app/models/transit-key.js +++ b/ui/app/models/transit-key.js @@ -122,11 +122,6 @@ export default class TransitKeyModel extends Model { }); } - get canDelete() { - const deleteAttrChanged = Boolean(this.changedAttributes().deletionAllowed); - return this.deletionAllowed && deleteAttrChanged === false; - } - get keyVersions() { let maxVersion = Math.max(...this.validKeyVersions); const versions = []; @@ -181,6 +176,17 @@ export default class TransitKeyModel extends Model { get canRead() { return this.secretPath.get('canUpdate') !== false; } + get canUpdate() { + return this.secretPath.get('canUpdate') !== false; + } + get canDelete() { + // there's more to just a permissions check here. + // must also check if there's a property on the key called deletionAllowed that is set to true + const deleteAttrChanged = Boolean(this.changedAttributes().deletionAllowed); + const keyAllowedDeletion = this.deletionAllowed && deleteAttrChanged === false; + return this.secretPath.get('canDelete') !== false && keyAllowedDeletion; + } + get canEdit() { return this.secretPath.get('canUpdate') !== false; } diff --git a/ui/app/routes/vault/cluster/policy/show.js b/ui/app/routes/vault/cluster/policy/show.js index 68c7f0a4b865..0745c933a734 100644 --- a/ui/app/routes/vault/cluster/policy/show.js +++ b/ui/app/routes/vault/cluster/policy/show.js @@ -24,7 +24,6 @@ export default Route.extend(UnloadModelRoute, { const type = this.policyType(); return hash({ policy: this.store.findRecord(`policy/${type}`, params.policy_name), - capabilities: this.store.findRecord('capabilities', `sys/policies/${type}/${params.policy_name}`), }); }, diff --git a/ui/app/templates/components/transform-role-edit.hbs b/ui/app/templates/components/transform-role-edit.hbs index 5ac7c69253ed..083cd981baf3 100644 --- a/ui/app/templates/components/transform-role-edit.hbs +++ b/ui/app/templates/components/transform-role-edit.hbs @@ -30,7 +30,7 @@ {{#if (eq this.mode "show")}} - {{#if this.capabilities.canDelete}} + {{#if this.model.updatePath.canDelete}}
{{/if}} - {{#if this.capabilities.canUpdate}} + {{#if this.model.updatePath.canUpdate}} - {{#if this.capabilities.canDelete}} + {{#if this.model.updatePath.canDelete}}
{{/if}} - {{#if this.capabilities.canUpdate}} + {{#if this.model.updatePath.canUpdate}} - {{#if this.capabilities.canDelete}} + {{#if this.model.updatePath.canDelete}} {{#if (gt this.model.allowed_roles.length 0)}} @@ -58,7 +58,7 @@ {{/if}}
{{/if}} - {{#if this.capabilities.canUpdate}} + {{#if this.model.updatePath.canUpdate}} {{#if (gt this.model.allowed_roles.length 0)}} {{else if (eq this.mode "show")}}
- {{#if @capabilities.canUpdate}} + {{#if @model.canUpdate}}
- {{#if (and @key.canDelete @capabilities.canDelete)}} + {{#if @model.canDelete}} {{/if}}
diff --git a/ui/app/templates/components/transit-form-show.hbs b/ui/app/templates/components/transit-form-show.hbs index b86fa2cccb33..44e706750e9b 100644 --- a/ui/app/templates/components/transit-form-show.hbs +++ b/ui/app/templates/components/transit-form-show.hbs @@ -63,7 +63,7 @@ /> {{/if}} {{#if (eq @mode "show")}} - {{#if (or @capabilities.canUpdate @capabilities.canDelete)}} + {{#if (or @model.canUpdate @model.canDelete)}} Edit key diff --git a/ui/app/templates/vault/cluster/policy/edit.hbs b/ui/app/templates/vault/cluster/policy/edit.hbs index fce8584b153a..590e401867eb 100644 --- a/ui/app/templates/vault/cluster/policy/edit.hbs +++ b/ui/app/templates/vault/cluster/policy/edit.hbs @@ -27,10 +27,10 @@ -{{#if (and (not-eq this.model.id "root") (or this.capabilities.canUpdate this.capabilities.canDelete))}} +{{#if (and (not-eq this.model.id "root") (or this.model.canUpdate this.model.canDelete))}} - {{#if (and (not-eq this.model.id "default") this.capabilities.canDelete)}} + {{#if (and (not-eq this.model.id "default") this.model.canDelete)}} - {{#if (and (not-eq this.model.id "root") (or this.capabilities.canUpdate this.capabilities.canDelete))}} + {{#if (and (not-eq this.model.id "root") (or this.model.canUpdate this.model.canDelete))}} + capabilitiesStub('transit-backend/keys/some-key', ['sudo']) + ); this.model = this.store.createRecord('transit-key', { backend: 'transit-backend', id: 'some-key' }); this.backendCrumb = { label: 'transit',