Merge branch 'main' into fix/autopilot-upgrade-ii

hashicorp · Jun 5, 2024 · d25a59c · d25a59c
2 parents 7efc4d2 + b9a2f83
commit d25a59c
Show file tree

Hide file tree

Showing 36 changed files with 365 additions and 176 deletions.
diff --git a/.github/workflows/do-not-merge-checker.yml b/.github/workflows/do-not-merge-checker.yml
@@ -0,0 +1,22 @@
+# This workflow fails if a 'do-not-merge' label is applied to the PR.
+name: Check do-not-merge
+
+on:
+  pull_request:
+    types: [reopened, labeled, unlabeled]
+    # Runs on PRs to main and release branches
+    branches:
+      - main
+      - release/**
+
+jobs:
+  # checks that a do-not-merge label is not present for a PR
+  do-not-merge-check:
+    # If there is a `do-not-merge` label we ignore this check
+    if: ${{ contains(github.event.pull_request.labels.*.name, 'do-not-merge') }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fail if do-not-merge label is applied
+        run: |
+          echo "Cannot merge with do-not-merge label applied."
+          exit 1
diff --git a/changelog/10624.txt b/changelog/10624.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+storage/azure: Updated metadata endpoint to `GetMSIEndpoint`, which supports more than just the metadata service.
+```
diff --git a/changelog/27289.txt b/changelog/27289.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Allow users to wrap inputted data again instead of resetting form
+```
diff --git a/changelog/27346.txt b/changelog/27346.txt
@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: Update language in Transit secret engine to reflect that not all keys are for encyryption
+```
diff --git a/helper/testhelpers/ldap/ldaphelper.go b/helper/testhelpers/ldap/ldaphelper.go
@@ -4,6 +4,7 @@
 package ldap
 
 import (
+	"bytes"
 	"context"
 	"fmt"
 	"runtime"
@@ -22,12 +23,16 @@ func PrepareTestContainer(t *testing.T, version string) (cleanup func(), cfg *ld
 		t.Skip("Skipping, as this image is not supported on ARM architectures")
 	}
 
+	logsWriter := bytes.NewBuffer([]byte{})
+
 	runner, err := docker.NewServiceRunner(docker.RunOptions{
 		ImageRepo:     "ghcr.io/rroemhild/docker-test-openldap",
 		ImageTag:      version,
 		ContainerName: "ldap",
 		Ports:         []string{"10389/tcp"},
 		// Env:        []string{"LDAP_DEBUG_LEVEL=384"},
+		LogStderr: logsWriter,
+		LogStdout: logsWriter,
 	})
 	if err != nil {
 		t.Fatalf("could not start local LDAP docker container: %s", err)
@@ -66,5 +71,10 @@ func PrepareTestContainer(t *testing.T, version string) (cleanup func(), cfg *ld
 		t.Fatalf("could not start local LDAP docker container: %s", err)
 	}
 
-	return svc.Cleanup, cfg
+	return func() {
+		if t.Failed() {
+			t.Log(logsWriter.String())
+		}
+		svc.Cleanup()
+	}, cfg
 }
diff --git a/physical/azure/azure.go b/physical/azure/azure.go
@@ -344,7 +344,7 @@ func (a *AzureBackend) List(ctx context.Context, prefix string) ([]string, error
 // getAuthTokenFromIMDS uses the Azure Instance Metadata Service to retrieve a short-lived credential using OAuth
 // more info on this https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
 func getAuthTokenFromIMDS(resource string) (*adal.ServicePrincipalToken, error) {
-	msiEndpoint, err := adal.GetMSIVMEndpoint()
+	msiEndpoint, err := adal.GetMSIEndpoint()
 	if err != nil {
 		return nil, err
 	}

diff --git a/...mplates/components/mount-backend-form.hbs → ui/app/components/mount-backend-form.hbs b/...mplates/components/mount-backend-form.hbs → ui/app/components/mount-backend-form.hbs
diff --git a/ui/app/components/mount-backend-form.js → ui/app/components/mount-backend-form.ts b/ui/app/components/mount-backend-form.js → ui/app/components/mount-backend-form.ts
@@ -12,6 +12,12 @@ import { waitFor } from '@ember/test-waiters';
 import { methods } from 'vault/helpers/mountable-auth-methods';
 import { isAddonEngine, allEngines } from 'vault/helpers/mountable-secret-engines';
 
+import type FlashMessageService from 'vault/services/flash-messages';
+import type Store from '@ember-data/store';
+
+import type { AuthEnableModel } from 'vault/routes/vault/cluster/settings/auth/enable';
+import type { MountSecretBackendModel } from 'vault/routes/vault/cluster/settings/mount-secret-backend';
+
 /**
  * @module MountBackendForm
  * The `MountBackendForm` is used to mount either a secret or auth backend.
@@ -24,9 +30,17 @@ import { isAddonEngine, allEngines } from 'vault/helpers/mountable-secret-engine
  *
  */
 
-export default class MountBackendForm extends Component {
-  @service store;
-  @service flashMessages;
+type MountModel = MountSecretBackendModel | AuthEnableModel;
+
+interface Args {
+  mountModel: MountModel;
+  mountType: 'secret' | 'auth';
+  onMountSuccess: (type: string, path: string, useEngineRoute: boolean) => void;
+}
+
+export default class MountBackendForm extends Component<Args> {
+  @service declare readonly store: Store;
+  @service declare readonly flashMessages: FlashMessageService;
 
   // validation related properties
   @tracked modelValidations = null;
@@ -40,10 +54,10 @@ export default class MountBackendForm extends Component {
     if (noTeardown && this.args?.mountModel?.isNew) {
       this.args.mountModel.unloadRecord();
     }
-    super.willDestroy(...arguments);
+    super.willDestroy();
   }
 
-  checkPathChange(type) {
+  checkPathChange(type: string) {
     if (!type) return;
     const mount = this.args.mountModel;
     const currentPath = mount.path;
@@ -58,8 +72,8 @@ export default class MountBackendForm extends Component {
     }
   }
 
-  typeChangeSideEffect(type) {
-    if (!this.args.mountType === 'secret') return;
+  typeChangeSideEffect(type: string) {
+    if (this.args.mountType !== 'secret') return;
     if (type === 'pki') {
       // If type PKI, set max lease to ~10years
       this.args.mountModel.config.maxLeaseTtl = '3650d';
@@ -69,7 +83,7 @@ export default class MountBackendForm extends Component {
     }
   }
 
-  checkModelValidity(model) {
+  checkModelValidity(model: MountModel) {
     const { isValid, state, invalidFormMessage } = model.validate();
     this.modelValidations = state;
     this.invalidFormAlert = invalidFormMessage;
@@ -113,7 +127,7 @@ export default class MountBackendForm extends Component {
 
   @task
   @waitFor
-  *mountBackend(event) {
+  *mountBackend(event: Event) {
     event.preventDefault();
     const mountModel = this.args.mountModel;
     const { type, path } = mountModel;
@@ -165,13 +179,13 @@ export default class MountBackendForm extends Component {
   }
 
   @action
-  onKeyUp(name, value) {
+  onKeyUp(name: string, value: string) {
     this.args.mountModel[name] = value;
     this.checkModelWarnings();
   }
 
   @action
-  setMountType(value) {
+  setMountType(value: string) {
     this.args.mountModel.type = value;
     this.typeChangeSideEffect(value);
     this.checkPathChange(value);

diff --git a/ui/app/components/tool-actions-form.js b/ui/app/components/tool-actions-form.js
@@ -32,12 +32,12 @@ export default Component.extend(DEFAULTS, {
   flashMessages: service(),
   store: service(),
   // putting these attrs here so they don't get reset when you click back
-  //random
+  // random
   bytes: 32,
-  //hash
+  // hash
   format: 'base64',
   algorithm: 'sha2-256',
-
+  data: '{\n}',
   tagName: '',
 
   didReceiveAttrs() {
@@ -139,15 +139,18 @@ export default Component.extend(DEFAULTS, {
       this.reset();
     },
 
-    updateTtl(ttl) {
-      set(this, 'wrapTTL', ttl);
+    onBack(properties) {
+      // only reset specific properties so user can reuse input data and repeat the action
+      if (this.isDestroyed || this.isDestroying) {
+        return;
+      }
+      properties.forEach((prop) => {
+        set(this, prop, DEFAULTS[prop]);
+      });
     },
 
-    codemirrorUpdated(val, hasErrors) {
-      setProperties(this, {
-        buttonDisabled: hasErrors,
-        data: val,
-      });
+    onChange(param, value) {
+      set(this, param, value);
     },
   },
 });
diff --git a/ui/app/components/tool-wrap.js b/ui/app/components/tool-wrap.js
@@ -12,45 +12,36 @@ import { tracked } from '@glimmer/tracking';
  * ToolWrap components are components that sys/wrapping/wrap functionality.  Most of the functionality is passed through as actions from the tool-actions-form and then called back with properties.
  *
  * @example
- * ```js
  * <ToolWrap
+ *  @errors={{@errors}}
+ *  @onBack={{action "onBack" (array "token")}}
+ *  @onChange={{action "onChange"}}
  *  @onClear={{action "onClear"}}
- *  @token={{token}}
- *  @selectedAction="wrap"
- *  @codemirrorUpdated={{action "codemirrorUpdated"}}
- *  @updateTtl={{action "updateTtl"}}
- *  @buttonDisabled={{buttonDisabled}}
- *  @errors={{errors}}/>
- * ```
- * @param onClear {Function} - parent action that is passed through. Must be passed as {{action "onClear"}}
- * @param token=null {String} - property passed from parent to child and then passed back up to parent
- * @param selectedAction="wrap" - passed in from parent.  This is the wrap action, others include hash, etc.
- * @param codemirrorUpdated {Function} - parent action that is passed through. Must be passed as {{action "codemirrorUpdated"}}.
- * @param updateTtl {Function} - parent action that is passed through. Must be passed as {{action "updateTtl"}}
- * @param buttonDisabled=false {Boolean} - false default and if there is an error on codemirror it turns to true.
- * @param error=null {Object} - errors passed from parent as default then from child back to parent.
+ *  @token={{@token}}
+ * />
+ *
+ * @param {object} errors=null - errors returned if wrap fails
+ * @param {function} onBack - callback that only clears specific values so the action can be repeated. Must be passed as `{{action "onBack"}}`
+ * @param {function} onChange - callback that fires when inputs change and passes value and param name back to the parent
+ * @param {function} onClear - callback that resets all of values to defaults. Must be passed as `{{action "onClear"}}`
+ * @param {string} token=null - returned after user clicks "Wrap data", if there is a token value it displays instead of the JsonEditor
  */
 
 export default class ToolWrap extends Component {
-  @tracked data = '{\n}';
   @tracked buttonDisabled = false;
 
-  @action
-  onClear() {
-    this.args.onClear();
-  }
   @action
   updateTtl(evt) {
     if (!evt) return;
     const ttl = evt.enabled ? `${evt.seconds}s` : '30m';
-    this.args.updateTtl(ttl);
+    this.args.onChange('wrapTTL', ttl);
   }
+
   @action
   codemirrorUpdated(val, codemirror) {
     codemirror.performLint();
     const hasErrors = codemirror?.state.lint.marked?.length > 0;
-    this.data = val;
     this.buttonDisabled = hasErrors;
-    this.args.codemirrorUpdated(val, hasErrors);
+    this.args.onChange('data', val);
   }
 }
diff --git a/...tes/vault/cluster/settings/auth/enable.js → ...tes/vault/cluster/settings/auth/enable.ts b/...tes/vault/cluster/settings/auth/enable.js → ...tes/vault/cluster/settings/auth/enable.ts
@@ -6,8 +6,13 @@
 import Route from '@ember/routing/route';
 import { service } from '@ember/service';
 
+import type { ModelFrom } from 'vault/vault/route';
+import type Store from '@ember-data/store';
+
+export type AuthEnableModel = ModelFrom<VaultClusterSettingsAuthEnableRoute>;
+
 export default class VaultClusterSettingsAuthEnableRoute extends Route {
-  @service store;
+  @service declare readonly store: Store;
 
   model() {
     const authMethod = this.store.createRecord('auth-method');

diff --git a/.../cluster/settings/mount-secret-backend.js → .../cluster/settings/mount-secret-backend.ts b/.../cluster/settings/mount-secret-backend.js → .../cluster/settings/mount-secret-backend.ts
@@ -6,8 +6,13 @@
 import Route from '@ember/routing/route';
 import { service } from '@ember/service';
 
+import type { ModelFrom } from 'vault/vault/route';
+import type Store from '@ember-data/store';
+
+export type MountSecretBackendModel = ModelFrom<VaultClusterSettingsMountSecretBackendRoute>;
+
 export default class VaultClusterSettingsMountSecretBackendRoute extends Route {
-  @service store;
+  @service declare readonly store: Store;
 
   model() {
     const secretEngine = this.store.createRecord('secret-engine');

diff --git a/ui/app/templates/components/tool-actions-form.hbs b/ui/app/templates/components/tool-actions-form.hbs
@@ -54,12 +54,11 @@
   {{else if (eq this.selectedAction "wrap")}}
     <ToolWrap
       @token={{this.token}}
-      @selectedAction={{this.selectedAction}}
+      @onBack={{action "onBack" (array "token")}}
       @onClear={{action "onClear"}}
-      @codemirrorUpdated={{action "codemirrorUpdated"}}
-      @updateTtl={{action "updateTtl"}}
-      @buttonDisabled={{this.buttonDisabled}}
+      @onChange={{action "onChange"}}
       @errors={{this.errors}}
+      @data={{this.data}}
     />
   {{else}}
     <EmptyState @title="Tool not available" />

diff --git a/ui/app/templates/components/tool-hash.hbs b/ui/app/templates/components/tool-hash.hbs
@@ -30,7 +30,7 @@
       />
     </div>
     <div class="control">
-      <Hds::Button @text="Back" @color="secondary" {{on "click" this.onClear}} data-test-tools-back={{true}} />
+      <Hds::Button @text="Back" @color="secondary" {{on "click" this.onClear}} data-test-button="Back" />
     </div>
   </div>
 {{else}}
@@ -80,7 +80,7 @@
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
     <div class="control">
-      <Hds::Button @text="Hash" type="submit" data-test-tools-submit="true" />
+      <Hds::Button @text="Hash" type="submit" data-test-tools-submit />
     </div>
   </div>
 {{/if}}
diff --git a/ui/app/templates/components/tool-lookup.hbs b/ui/app/templates/components/tool-lookup.hbs
@@ -13,12 +13,12 @@
 
 {{#if (or @creation_time @creation_ttl)}}
   <div class="box is-fullwidth is-sideless is-paddingless is-marginless">
-    <InfoTableRow @label="Creation path" @value={{@creation_path}} data-test-tools="token-lookup-row" />
-    <InfoTableRow @label="Creation time" @value={{@creation_time}} data-test-tools="token-lookup-row" />
-    <InfoTableRow @label="Creation TTL" @value={{@creation_ttl}} data-test-tools="token-lookup-row" />
+    <InfoTableRow @label="Creation path" @value={{@creation_path}} />
+    <InfoTableRow @label="Creation time" @value={{@creation_time}} />
+    <InfoTableRow @label="Creation TTL" @value={{@creation_ttl}} />
     {{#if @expirationDate}}
-      <InfoTableRow @label="Expiration date" @value={{@expirationDate}} data-test-tools="token-lookup-row" />
-      <InfoTableRow @label="Expires in" @value={{date-from-now @expirationDate}} data-test-tools="token-lookup-row" />
+      <InfoTableRow @label="Expiration date" @value={{@expirationDate}} />
+      <InfoTableRow @label="Expires in" @value={{date-from-now @expirationDate}} />
     {{/if}}
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
@@ -42,7 +42,7 @@
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
     <div class="control">
-      <Hds::Button @text="Lookup token" type="submit" data-test-tools-submit="true" />
+      <Hds::Button @text="Lookup token" type="submit" data-test-tools-submit />
     </div>
   </div>
 {{/if}}
diff --git a/ui/app/templates/components/tool-random.hbs b/ui/app/templates/components/tool-random.hbs
@@ -63,7 +63,7 @@
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
     <div class="control">
-      <Hds::Button @text="Generate" type="submit" data-test-tools-submit="true" />
+      <Hds::Button @text="Generate" type="submit" data-test-tools-submit />
     </div>
   </div>
 {{/if}}
diff --git a/ui/app/templates/components/tool-rewrap.hbs b/ui/app/templates/components/tool-rewrap.hbs
@@ -56,7 +56,7 @@
   </div>
   <div class="field is-grouped box is-fullwidth is-bottomless">
     <div class="control">
-      <Hds::Button @text="Rewrap token" type="submit" data-test-tools-submit="true" />
+      <Hds::Button @text="Rewrap token" type="submit" data-test-tools-submit />
     </div>
   </div>
 {{/if}}